DougsB4U

Hey Gringo, Completed the HiJackThis step. The virus scan revealed the following: C:\Users\Doug\Downloads\cbsidlm-cbsi5_3_0_93-Virtual_DJ_Studio-SEO-10168580.exe a variant of Win32/CNETInstaller.A application C:\Users\Doug\Downloads\cbsidlm-tr1_7-Karall-75681543.exe Win32/DownloadAdmin.D application C:\Users\Doug\Downloads\cbsidlm-tr1_7-PCDJ_Karaoki-75072918.exe Win32/DownloadAdmin.D application C:\Users\Doug\Downloads\DriverSweeper_3.2.0.exe Win32/OpenCandy application C:\Users\Doug\Downloads\PhotoPosPro_SetUp.exe Win32/Toolbar.Zugo application C:\Users\Doug\Downloads\Software\bootcd\UBCD4WinV350.exe Win32/PrcView application C:\Windows.old\Documents and Settings\Doug\Downloads\cbsidlm-cbsi5_3_0_93-Virtual_DJ_Studio-SEO-10168580.exe a variant of Win32/CNETInstaller.A application C:\Windows.old\Documents and Settings\Doug\Downloads\cbsidlm-tr1_7-Karall-75681543.exe Win32/DownloadAdmin.D application C:\Windows.old\Documents and Settings\Doug\Downloads\cbsidlm-tr1_7-PCDJ_Karaoki-75072918.exe Win32/DownloadAdmin.D application C:\Windows.old\Documents and Settings\Doug\Downloads\DriverSweeper_3.2.0.exe Win32/OpenCandy application C:\Windows.old\Documents and Settings\Doug\Downloads\PhotoPosPro_SetUp.exe Win32/Toolbar.Zugo application C:\Windows.old\Documents and Settings\Doug\Downloads\Software\bootcd\UBCD4WinV350.exe Win32/PrcView application D:\062303buhe\Documents and Settings\All Users\Start Menu\Programs\Disabled Startup Items\PowerReg SchedulerV2.exe Win32/PowerReg application D:\073108bu\download2\SetupPestPatrolHome.exe probably unknown NewHeur_PE virus D:\download\software\UBCD4WinV350.exe Win32/PrcView application D:\UBCD4Win\plugin\Cleanup Tools\SDFix\SDFix.exe Win32/PrcView application D:\UBCD4Win3\plugin\Cleanup Tools\SDFix\SDFix.exe Win32/PrcView application G:\073108bu\download\download2\SetupPestPatrolHome.exe probably unknown NewHeur_PE virus G:\Program Files\PestPatrol\PestPatrol.exe.0 probably unknown NewHeur_PE virus G:\Program Files\PestPatrol\PestPatrol.exe probably unknown NewHeur_PE virus G:\Program Files\PestPatrol\BACKUP\PestPatrol.exe probably unknown NewHeur_PE virus G:\download\SetupPestPatrolHome.exe probably unknown NewHeur_PE virus

Hey Gringo, Did what you instructed. All seems to be running well. Here are the logs: MBAM Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.04.07.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Doug :: OFFICE [administrator] Protection: Disabled 4/8/2013 8:06:36 PM mbam-log-2013-04-08 (20-06-36).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 269374 Time elapsed: 4 minute(s), 46 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) HiJackThis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:31:24 PM, on 4/8/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16470) Boot mode: Normal Running processes: C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe C:\Program Files (x86)\n52te\razerhid.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe C:\Program Files (x86)\ASUS\AASP\1.00.81\aaCenter.exe C:\Program files\360Amigo\360Amigo.exe C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\revouninstaller.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Doug\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8888;https=127.0.0.1:8888 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file) O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [Jomantha] "C:\Program Files (x86)\n52te\razerhid.exe" O4 - HKLM\..\Run: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [360Amigo] "C:\Program files\360Amigo\360Amigo.exe" -autorun O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe O4 - Startup: Dropbox.lnk = C:\Users\Doug\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE O4 - Global Startup: APC UPS Status.lnk = C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe O4 - Global Startup: Content Manager Assistant for PlayStation®.lnk = C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: MasterCook: Select Image - C:\Users\Doug\AppData\LocalLow\MasterCook Web Import\MCIEContext.hta O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: MasterCook Web Import Bar - {E6EF5071-7647-4E85-9785-87B6CF5CB561} - C:\Windows\SysWOW64\shdocvw.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} (RSClientPrint 2008 Class) - https://backoffice.liveviridian.com/Associate/Reserved.ReportViewerWebControl.axd?ReportSession=etu4rfagnkcx0zmlktszw255&ControlID=8455571ca11f4dffbb4847d0da48a968&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} - http://www.nero.com/doc/NeroVersionCheckerControl.cab O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} (Image Uploader Control) - http://blacklabimaging.lifepics.com/net/Uploader/LPUploader57.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: APC Data Service - Schneider Electric - C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe O23 - Service: APC UPS Service - Schneider Electric - C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe O23 - Service: Paragon APM service (apmwinsrv) - Unknown owner - C:\Program Files (x86)\Paragon Software\HFS+ for Windows 8.0\apmwinsrv.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: WebEx Remote Access Agent (atnthost) - Cisco WebEx LLC - C:\ProgramData\WebEx\WebEx\319\atnthost.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe O23 - Service: Creative ALchemy AL1 Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe (file missing) O23 - Service: Creative HOAL Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Seagate Drive Settings Service (FreeAgentGoFlex Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\516\g2aservice.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) I did not use HiJackThis to remove anything, as I did not see you instruct me to do so. Let me know if I need to do that.

Hey Gringo, All seems to be going well. Things are now operational. Here is the output from running the script via combofix: ComboFix 13-04-06.02 - Doug 04/07/2013 21:57:15.3.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.5506 [GMT -4:00] Running from: c:\users\Doug\Desktop\ComboFix.exe Command switches used :: c:\users\Doug\Desktop\CFScript.txt AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-03-08 to 2013-04-08 ))))))))))))))))))))))))))))))) . . 2013-04-08 02:16 . 2013-04-08 02:16 -------- d-----w- c:\users\Jack\AppData\Local\temp 2013-04-08 02:16 . 2013-04-08 02:16 -------- d-----w- c:\users\Guest\AppData\Local\temp 2013-04-08 02:16 . 2013-04-08 02:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-08 00:48 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91755BB0-B33B-47C4-B117-FABB495B5DBC}\mpengine.dll 2013-04-07 21:42 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-04-04 12:23 . 2013-04-04 12:23 -------- d-----w- c:\users\Doug\AppData\Local\Diagnostics 2013-03-29 22:33 . 2013-03-31 00:40 -------- d-----w- c:\users\Doug\AppData\Roaming\REAPER 2013-03-29 22:32 . 2013-03-29 22:32 -------- d-----w- c:\program files\REAPER (x64) 2013-03-26 12:25 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-22 13:13 . 2013-03-22 13:13 742400 ----a-w- c:\windows\SysWow64\rzdevicedll.dll 2013-03-21 02:31 . 2013-03-13 23:02 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-03-21 02:31 . 2013-03-13 23:02 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{655FEFDA-1D52-4DC3-BE9E-CF56E98F2FD5}\gapaengine.dll 2013-03-20 15:26 . 2013-03-20 15:26 -------- d-----w- c:\program files\Apowersoft 2013-03-20 08:45 . 2013-03-20 08:45 56832 ----a-w- c:\windows\SysWow64\rzdevinfo.dll 2013-03-20 08:45 . 2013-03-20 08:45 148480 ----a-w- c:\windows\SysWow64\rztouchdll.dll 2013-03-20 08:45 . 2013-03-20 08:45 245248 ----a-w- c:\windows\SysWow64\rzaudiodll.dll 2013-03-19 02:45 . 2013-03-19 02:45 -------- d-----w- c:\programdata\ATI 2013-03-19 02:45 . 2013-03-19 02:45 -------- d-----w- c:\program files (x86)\AMD AVT 2013-03-19 02:45 . 2013-03-19 02:45 -------- d-----w- c:\program files (x86)\AMD APP 2013-03-16 22:53 . 2013-03-17 01:47 -------- d-----w- c:\users\Doug\AppData\Roaming\SumatraPDF 2013-03-16 22:52 . 2013-03-16 22:52 -------- d-----w- c:\program files (x86)\SumatraPDF 2013-03-14 21:19 . 2013-03-14 21:19 78432 ----a-w- c:\windows\system32\atimpc64.dll 2013-03-14 21:19 . 2013-03-14 21:19 78432 ----a-w- c:\windows\system32\amdpcom64.dll 2013-03-14 21:19 . 2013-03-14 21:19 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll 2013-03-14 21:19 . 2013-03-14 21:19 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2013-03-14 21:19 . 2013-03-14 21:19 113464 ----a-w- c:\windows\system32\atiu9p64.dll 2013-03-14 21:19 . 2013-03-14 21:19 5034792 ----a-w- c:\windows\system32\atiumd6a.dll 2013-03-14 21:19 . 2013-03-14 21:19 6980480 ----a-w- c:\windows\system32\atiumd64.dll 2013-03-14 21:17 . 2013-03-14 21:17 11613184 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2013-03-14 21:06 . 2013-03-14 21:06 222720 ----a-w- c:\windows\system32\clinfo.exe 2013-03-14 21:05 . 2013-03-14 21:05 76288 ----a-w- c:\windows\system32\OpenVideo64.dll 2013-03-14 21:05 . 2013-03-14 21:05 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2013-03-14 21:05 . 2013-03-14 21:05 64000 ----a-w- c:\windows\system32\OVDecode64.dll 2013-03-14 21:05 . 2013-03-14 21:05 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2013-03-14 21:05 . 2013-03-14 21:05 29149696 ----a-w- c:\windows\system32\amdocl64.dll 2013-03-14 21:03 . 2013-03-14 21:03 23810048 ----a-w- c:\windows\SysWow64\amdocl.dll 2013-03-14 21:01 . 2013-03-14 21:01 54784 ----a-w- c:\windows\system32\OpenCL.dll 2013-03-14 21:01 . 2013-03-14 21:01 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll 2013-03-14 20:55 . 2013-03-14 20:55 5067264 ----a-w- c:\windows\system32\amdsc64.dll 2013-03-14 20:55 . 2013-03-14 20:55 4083200 ----a-w- c:\windows\SysWow64\amdsc.dll 2013-03-14 20:47 . 2013-03-14 20:47 24090112 ----a-w- c:\windows\system32\atio6axx.dll 2013-03-14 20:47 . 2013-03-14 20:47 77312 ----a-w- c:\windows\system32\coinst_12.10.17.dll 2013-03-14 20:44 . 2013-03-14 20:44 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2013-03-14 20:42 . 2013-03-14 20:42 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2013-03-14 20:42 . 2013-03-14 20:42 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2013-03-14 20:42 . 2013-03-14 20:42 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2013-03-14 20:42 . 2013-03-14 20:42 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2013-03-14 20:41 . 2013-03-14 20:41 16082944 ----a-w- c:\windows\system32\aticaldd64.dll 2013-03-14 20:37 . 2013-03-14 20:37 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll 2013-03-14 20:31 . 2013-03-14 20:31 19864064 ----a-w- c:\windows\SysWow64\atioglxx.dll 2013-03-14 20:21 . 2013-03-14 20:21 442368 ----a-w- c:\windows\system32\atidemgy.dll 2013-03-14 20:21 . 2013-03-14 20:21 561152 ----a-w- c:\windows\system32\atieclxx.exe 2013-03-14 20:20 . 2013-03-14 20:20 240640 ----a-w- c:\windows\system32\atiesrxx.exe 2013-03-14 20:19 . 2013-03-14 20:19 120320 ----a-w- c:\windows\system32\atitmm64.dll 2013-03-14 20:19 . 2013-03-14 20:19 25600 ----a-w- c:\windows\system32\atimuixx.dll 2013-03-14 20:19 . 2013-03-14 20:19 59392 ----a-w- c:\windows\system32\atiedu64.dll 2013-03-14 20:18 . 2013-03-14 20:18 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2013-03-14 19:56 . 2013-03-14 19:56 630272 ----a-w- c:\windows\system32\atiadlxx.dll 2013-03-14 19:56 . 2013-03-14 19:56 425984 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2013-03-14 19:56 . 2013-03-14 19:56 17920 ----a-w- c:\windows\system32\atig6pxx.dll 2013-03-14 19:56 . 2013-03-14 19:56 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2013-03-14 19:56 . 2013-03-14 19:56 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2013-03-14 19:56 . 2013-03-14 19:56 44032 ----a-w- c:\windows\system32\atig6txx.dll 2013-03-14 19:56 . 2013-03-14 19:56 34816 ----a-w- c:\windows\SysWow64\atigktxx.dll 2013-03-14 19:55 . 2013-03-14 19:55 576000 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2013-03-14 19:51 . 2013-03-14 19:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2013-03-14 02:40 . 2013-03-14 02:40 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-13 01:37 . 2013-03-13 01:37 -------- d-----w- c:\windows\ERUNT 2013-03-13 01:37 . 2013-03-13 01:37 -------- d-----w- C:\JRT 2013-03-12 17:09 . 2013-03-12 17:09 -------- d-----w- c:\program files (x86)\ERUNT 2013-03-12 16:07 . 2013-03-12 16:07 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2013-03-12 16:07 . 2013-03-12 16:08 -------- d-----w- c:\program files\Microsoft Security Client . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-04 11:28 . 2013-02-01 01:57 563328 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2013-04-02 10:34 . 2009-10-02 21:49 282744 ------w- c:\windows\system32\MpSigStub.exe 2013-03-19 01:54 . 2010-07-16 16:17 226832 ----a-w- c:\windows\SysWow64\ataskernel.exe 2013-03-14 21:19 . 2011-09-08 16:52 139696 ----a-w- c:\windows\system32\atiuxp64.dll 2013-03-14 21:19 . 2012-07-28 01:13 118584 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2013-03-14 21:19 . 2012-07-28 01:13 92304 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2013-03-14 21:19 . 2011-09-08 17:32 1150120 ----a-w- c:\windows\system32\aticfx64.dll 2013-03-14 21:19 . 2012-07-28 02:15 968864 ----a-w- c:\windows\SysWow64\aticfx32.dll 2013-03-14 21:19 . 2011-09-08 17:16 8271088 ----a-w- c:\windows\system32\atidxx64.dll 2013-03-14 21:19 . 2012-07-28 02:07 7232824 ----a-w- c:\windows\SysWow64\atidxx32.dll 2013-03-14 21:19 . 2012-07-28 01:32 4474984 ----a-w- c:\windows\SysWow64\atiumdva.dll 2013-03-14 21:19 . 2012-07-28 04:09 5940656 ----a-w- c:\windows\SysWow64\atiumdag.dll 2013-03-14 02:40 . 2011-07-15 12:54 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-13 01:24 . 2011-01-01 17:56 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-03-04 06:48 . 2013-03-04 06:48 22016 ----a-w- c:\windows\system32\drivers\rzendpt.sys 2013-03-04 06:48 . 2013-03-04 06:48 117248 ----a-w- c:\windows\system32\drivers\rzudd.sys 2013-02-22 09:13 . 2013-02-22 09:13 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll 2013-02-22 09:13 . 2013-02-22 09:13 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll 2013-02-12 05:45 . 2013-03-13 01:05 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 01:05 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-13 01:05 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 01:05 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-13 01:05 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 01:05 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-08 02:44 . 2012-03-22 11:52 175864 ---ha-w- c:\windows\SysWow64\BytescoutVideoMixerFilter.dll 2013-02-08 02:44 . 2012-03-22 11:52 261880 ---ha-w- c:\windows\SysWow64\BytescoutScreenCapturingFilter.dll 2013-02-08 02:44 . 2012-03-22 11:52 429816 ---ha-w- c:\windows\SysWow64\BytescoutScreenCapturing.dll 2013-02-08 02:44 . 2012-03-22 11:52 231672 ---ha-w- c:\windows\system32\BytescoutVideoMixerFilter.dll 2013-02-08 02:44 . 2012-03-22 11:52 584952 ---ha-w- c:\windows\system32\BytescoutScreenCapturing.dll 2013-02-08 02:44 . 2012-03-22 11:52 372984 ---ha-w- c:\windows\system32\BytescoutScreenCapturingFilter.dll 2013-02-08 00:28 . 2013-03-01 10:14 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA3B4D44-1E86-4BE5-B85D-D7409C76372B}\mpengine.dll 2013-01-20 19:59 . 2013-01-20 19:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-01-20 19:59 . 2013-01-20 19:59 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-01-15 10:11 . 2013-01-15 10:11 96768 ----a-w- c:\windows\system32\drivers\AtihdW76.sys 2013-01-15 10:11 . 2013-01-15 10:11 110080 ----a-w- c:\windows\system32\DelayAPO.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-04-04 11:29 1722488 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-04-04 11:29 1722488 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-04-04 11:29 1722488 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328] "360Amigo"="c:\program files\360Amigo\360Amigo.exe" [2011-11-30 5328672] "EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-09-13 3341464] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "Jomantha"="c:\program files (x86)\n52te\razerhid.exe" [2007-12-12 163840] "QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-06 594432] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240] "Display"="c:\program files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe" [2011-08-24 284024] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2013-03-20 607592] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-14 642656] . c:\users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Doug\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336] ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2011-8-24 271736] Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2012-11-13 3359712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\setup\disabledrunkeys] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" . R2 atnthost;WebEx Remote Access Agent;c:\programdata\WebEx\WebEx\319\atnthost.exe [2013-03-19 21520] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [x] R3 Creative HOAL Licensing Service;Creative HOAL Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe [x] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616] R3 ffusb2audio;Focusrite USB 2.0 Audio Driver;c:\windows\system32\DRIVERS\ffusb2audio.sys [2011-09-22 59224] R3 Hfsplus;Hfsplus;c:\windows\system32\DRIVERS\hfsplus.sys [2012-04-04 201008] R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2007-05-11 1361952] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528] R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-08-14 24064] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-28 1255736] R4 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2009-03-06 20376] R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R4 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440] R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 apmwin;apmwin;c:\windows\system32\DRIVERS\apmwin.sys [2012-04-04 51504] S0 gpt_loader;GUID Partition table support driver;c:\windows\system32\DRIVERS\gpt_loader.sys [2012-04-04 61232] S0 mounthlp;Mounter helper driver for HFS+ volumes;c:\windows\system32\DRIVERS\mounthlp.sys [2012-04-04 46384] S1 AmgHips;AmgHips;c:\windows\System32\Drivers\AmgHips.sys [2011-11-30 31008] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2009-09-08 23464] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-03-14 240640] S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2011-08-24 21880] S2 apmwinsrv;Paragon APM service;c:\program files (x86)\Paragon Software\HFS+ for Windows 8.0\apmwinsrv.exe [2012-04-04 67376] S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2011-07-06 2304912] S2 FreeAgentGoFlex Service;Seagate Drive Settings Service;c:\program files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe [2011-02-10 91432] S2 HfsplusRec;HfsplusRec;c:\windows\system32\DRIVERS\hfsplusrec.sys [2012-04-04 16176] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008] S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-03-15 1871032] S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2010-12-24 29288] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2013-01-15 96768] S3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [2007-09-29 46464] S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-05-11 50208] S3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2007-05-11 3612704] S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys [2013-03-04 22016] S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [2013-03-04 117248] S3 SaiK0836;SaiK0836;c:\windows\system32\DRIVERS\SaiK0836.sys [2010-06-17 172040] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264] . . --- Other Services/Drivers In Memory --- . *Deregistered* - KL1 *Deregistered* - Vsdatant . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-14 02:40] . 2013-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 00:24] . 2013-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 00:24] . 2013-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3185252367-1272832353-3625531396-1000Core.job - c:\users\Doug\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-03 16:00] . 2013-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3185252367-1272832353-3625531396-1000UA.job - c:\users\Doug\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-03 16:00] . 2013-04-07 c:\windows\Tasks\SDMsgUpdate (TE).job - c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2011-05-09 17:29] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-04-04 11:29 2324600 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-04-04 11:29 2324600 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-04-04 11:29 2324600 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-07-29 310272] "SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-07-29 158208] "IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = <-loopback> uInternet Settings,ProxyServer = http=127.0.0.1:8888;https=127.0.0.1:8888 IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: MasterCook: Select Image - c:\users\Doug\AppData\LocalLow\MasterCook Web Import\MCIEContext.hta IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://backoffice.liveviridian.com/Associate/Reserved.ReportViewerWebControl.axd?ReportSession=etu4rfagnkcx0zmlktszw255&ControlID=8455571ca11f4dffbb4847d0da48a968&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab FF - ProfilePath - c:\users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z178&ocid=zdhp&install_date=20111229 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) WebBrowser-{3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3185252367-1272832353-3625531396-1000\Software\SecuROM\License information*] "datasecu"=hex:46,63,3b,45,73,19,11,40,8d,ee,e9,7e,00,34,d8,d2,d0,29,ec,b3,0b, 78,e2,e3,2b,a3,ad,de,60,66,d7,19,4e,94,b8,65,6e,d4,ae,d9,2c,a8,54,ee,43,25,\ "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" "Key"="ActionsPane3" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-07 22:35:17 ComboFix-quarantined-files.txt 2013-04-08 02:35 ComboFix2.txt 2013-04-07 21:37 . Pre-Run: 42,282,856,448 bytes free Post-Run: 42,205,618,176 bytes free . - - End Of File - - 1C18FE3DCA10F82CDB4185525B711C92

Hey Gringo, OK, ran combofix. Computer is back on line now and seems to be operating normally. Here are the logs: ComboFix 13-04-06.02 - Doug 04/07/2013 17:03:37.2.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.5622 [GMT -4:00] Running from: c:\users\Doug\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Doug\AppData\Local\Microsoft\bass.dll c:\users\Doug\AppData\Local\Microsoft\bass_fx.dll c:\users\Doug\AppData\Local\Microsoft\bass_vst.dll c:\users\Doug\AppData\Local\Microsoft\basscd.dll c:\users\Doug\AppData\Local\Microsoft\bassenc.dll c:\users\Doug\AppData\Local\Microsoft\bassflac.dll c:\users\Doug\AppData\Local\Microsoft\bassmidi.dll c:\users\Doug\AppData\Local\Microsoft\bassmix.dll c:\users\Doug\AppData\Local\Microsoft\basswma.dll c:\users\Doug\AppData\Local\Microsoft\engine_vx.dll . . ((((((((((((((((((((((((( Files Created from 2013-03-07 to 2013-04-07 ))))))))))))))))))))))))))))))) . . 2013-04-07 21:21 . 2013-04-07 21:21 -------- d-----w- c:\users\Jack\AppData\Local\temp 2013-04-07 21:21 . 2013-04-07 21:21 -------- d-----w- c:\users\Guest\AppData\Local\temp 2013-04-07 21:21 . 2013-04-07 21:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-07 12:30 . 2013-04-07 17:59 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8FE6F95-4A91-4AEF-84F9-E12E432182D9}\offreg.dll 2013-04-07 05:55 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8FE6F95-4A91-4AEF-84F9-E12E432182D9}\mpengine.dll 2013-04-07 01:27 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-04-04 12:23 . 2013-04-04 12:23 -------- d-----w- c:\users\Doug\AppData\Local\Diagnostics 2013-03-29 22:33 . 2013-03-31 00:40 -------- d-----w- c:\users\Doug\AppData\Roaming\REAPER 2013-03-29 22:32 . 2013-03-29 22:32 -------- d-----w- c:\program files\REAPER (x64) 2013-03-27 04:20 . 2013-02-22 13:59 116800 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VSTO\vstoee.dll 2013-03-26 12:25 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-22 13:13 . 2013-03-22 13:13 742400 ----a-w- c:\windows\SysWow64\rzdevicedll.dll 2013-03-21 02:31 . 2013-03-13 23:02 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-03-21 02:31 . 2013-03-13 23:02 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{655FEFDA-1D52-4DC3-BE9E-CF56E98F2FD5}\gapaengine.dll 2013-03-20 15:26 . 2013-03-20 15:26 -------- d-----w- c:\program files\Apowersoft 2013-03-20 08:45 . 2013-03-20 08:45 56832 ----a-w- c:\windows\SysWow64\rzdevinfo.dll 2013-03-20 08:45 . 2013-03-20 08:45 148480 ----a-w- c:\windows\SysWow64\rztouchdll.dll 2013-03-20 08:45 . 2013-03-20 08:45 245248 ----a-w- c:\windows\SysWow64\rzaudiodll.dll 2013-03-19 02:45 . 2013-03-19 02:45 -------- d-----w- c:\programdata\ATI 2013-03-19 02:45 . 2013-03-19 02:45 -------- d-----w- c:\program files (x86)\AMD AVT 2013-03-19 02:45 . 2013-03-19 02:45 -------- d-----w- c:\program files (x86)\AMD APP 2013-03-16 22:53 . 2013-03-17 01:47 -------- d-----w- c:\users\Doug\AppData\Roaming\SumatraPDF 2013-03-16 22:52 . 2013-03-16 22:52 -------- d-----w- c:\program files (x86)\SumatraPDF 2013-03-14 21:19 . 2013-03-14 21:19 78432 ----a-w- c:\windows\system32\atimpc64.dll 2013-03-14 21:19 . 2013-03-14 21:19 78432 ----a-w- c:\windows\system32\amdpcom64.dll 2013-03-14 21:19 . 2013-03-14 21:19 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll 2013-03-14 21:19 . 2013-03-14 21:19 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2013-03-14 21:19 . 2013-03-14 21:19 113464 ----a-w- c:\windows\system32\atiu9p64.dll 2013-03-14 21:19 . 2013-03-14 21:19 5034792 ----a-w- c:\windows\system32\atiumd6a.dll 2013-03-14 21:19 . 2013-03-14 21:19 6980480 ----a-w- c:\windows\system32\atiumd64.dll 2013-03-14 21:17 . 2013-03-14 21:17 11613184 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2013-03-14 21:06 . 2013-03-14 21:06 222720 ----a-w- c:\windows\system32\clinfo.exe 2013-03-14 21:05 . 2013-03-14 21:05 76288 ----a-w- c:\windows\system32\OpenVideo64.dll 2013-03-14 21:05 . 2013-03-14 21:05 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2013-03-14 21:05 . 2013-03-14 21:05 64000 ----a-w- c:\windows\system32\OVDecode64.dll 2013-03-14 21:05 . 2013-03-14 21:05 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2013-03-14 21:05 . 2013-03-14 21:05 29149696 ----a-w- c:\windows\system32\amdocl64.dll 2013-03-14 21:03 . 2013-03-14 21:03 23810048 ----a-w- c:\windows\SysWow64\amdocl.dll 2013-03-14 21:01 . 2013-03-14 21:01 54784 ----a-w- c:\windows\system32\OpenCL.dll 2013-03-14 21:01 . 2013-03-14 21:01 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll 2013-03-14 20:55 . 2013-03-14 20:55 5067264 ----a-w- c:\windows\system32\amdsc64.dll 2013-03-14 20:55 . 2013-03-14 20:55 4083200 ----a-w- c:\windows\SysWow64\amdsc.dll 2013-03-14 20:47 . 2013-03-14 20:47 24090112 ----a-w- c:\windows\system32\atio6axx.dll 2013-03-14 20:47 . 2013-03-14 20:47 77312 ----a-w- c:\windows\system32\coinst_12.10.17.dll 2013-03-14 20:44 . 2013-03-14 20:44 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2013-03-14 20:42 . 2013-03-14 20:42 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2013-03-14 20:42 . 2013-03-14 20:42 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2013-03-14 20:42 . 2013-03-14 20:42 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2013-03-14 20:42 . 2013-03-14 20:42 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2013-03-14 20:41 . 2013-03-14 20:41 16082944 ----a-w- c:\windows\system32\aticaldd64.dll 2013-03-14 20:37 . 2013-03-14 20:37 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll 2013-03-14 20:31 . 2013-03-14 20:31 19864064 ----a-w- c:\windows\SysWow64\atioglxx.dll 2013-03-14 20:21 . 2013-03-14 20:21 442368 ----a-w- c:\windows\system32\atidemgy.dll 2013-03-14 20:21 . 2013-03-14 20:21 561152 ----a-w- c:\windows\system32\atieclxx.exe 2013-03-14 20:20 . 2013-03-14 20:20 240640 ----a-w- c:\windows\system32\atiesrxx.exe 2013-03-14 20:19 . 2013-03-14 20:19 120320 ----a-w- c:\windows\system32\atitmm64.dll 2013-03-14 20:19 . 2013-03-14 20:19 25600 ----a-w- c:\windows\system32\atimuixx.dll 2013-03-14 20:19 . 2013-03-14 20:19 59392 ----a-w- c:\windows\system32\atiedu64.dll 2013-03-14 20:18 . 2013-03-14 20:18 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2013-03-14 19:56 . 2013-03-14 19:56 630272 ----a-w- c:\windows\system32\atiadlxx.dll 2013-03-14 19:56 . 2013-03-14 19:56 425984 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2013-03-14 19:56 . 2013-03-14 19:56 17920 ----a-w- c:\windows\system32\atig6pxx.dll 2013-03-14 19:56 . 2013-03-14 19:56 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2013-03-14 19:56 . 2013-03-14 19:56 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2013-03-14 19:56 . 2013-03-14 19:56 44032 ----a-w- c:\windows\system32\atig6txx.dll 2013-03-14 19:56 . 2013-03-14 19:56 34816 ----a-w- c:\windows\SysWow64\atigktxx.dll 2013-03-14 19:55 . 2013-03-14 19:55 576000 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2013-03-14 19:51 . 2013-03-14 19:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2013-03-14 02:40 . 2013-03-14 02:40 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-13 01:37 . 2013-03-13 01:37 -------- d-----w- c:\windows\ERUNT 2013-03-13 01:37 . 2013-03-13 01:37 -------- d-----w- C:\JRT 2013-03-12 17:09 . 2013-03-12 17:09 -------- d-----w- c:\program files (x86)\ERUNT 2013-03-12 16:07 . 2013-03-12 16:07 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2013-03-12 16:07 . 2013-03-12 16:08 -------- d-----w- c:\program files\Microsoft Security Client . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-04 11:28 . 2013-02-01 01:57 563328 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2013-04-02 10:34 . 2009-10-02 21:49 282744 ------w- c:\windows\system32\MpSigStub.exe 2013-03-19 01:54 . 2010-07-16 16:17 226832 ----a-w- c:\windows\SysWow64\ataskernel.exe 2013-03-14 21:19 . 2011-09-08 16:52 139696 ----a-w- c:\windows\system32\atiuxp64.dll 2013-03-14 21:19 . 2012-07-28 01:13 118584 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2013-03-14 21:19 . 2012-07-28 01:13 92304 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2013-03-14 21:19 . 2011-09-08 17:32 1150120 ----a-w- c:\windows\system32\aticfx64.dll 2013-03-14 21:19 . 2012-07-28 02:15 968864 ----a-w- c:\windows\SysWow64\aticfx32.dll 2013-03-14 21:19 . 2011-09-08 17:16 8271088 ----a-w- c:\windows\system32\atidxx64.dll 2013-03-14 21:19 . 2012-07-28 02:07 7232824 ----a-w- c:\windows\SysWow64\atidxx32.dll 2013-03-14 21:19 . 2012-07-28 01:32 4474984 ----a-w- c:\windows\SysWow64\atiumdva.dll 2013-03-14 21:19 . 2012-07-28 04:09 5940656 ----a-w- c:\windows\SysWow64\atiumdag.dll 2013-03-14 02:40 . 2011-07-15 12:54 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-13 01:24 . 2011-01-01 17:56 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-03-04 06:48 . 2013-03-04 06:48 22016 ----a-w- c:\windows\system32\drivers\rzendpt.sys 2013-03-04 06:48 . 2013-03-04 06:48 117248 ----a-w- c:\windows\system32\drivers\rzudd.sys 2013-02-22 13:59 . 2013-02-22 13:59 829264 ----a-w- c:\windows\system32\msvcr100.dll 2013-02-22 13:59 . 2013-02-22 13:59 608080 ----a-w- c:\windows\system32\msvcp100.dll 2013-02-22 09:13 . 2013-02-22 09:13 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll 2013-02-22 09:13 . 2013-02-22 09:13 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll 2013-02-12 05:45 . 2013-03-13 01:05 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 01:05 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-13 01:05 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 01:05 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-13 01:05 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 01:05 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-08 02:44 . 2012-03-22 11:52 175864 ---ha-w- c:\windows\SysWow64\BytescoutVideoMixerFilter.dll 2013-02-08 02:44 . 2012-03-22 11:52 261880 ---ha-w- c:\windows\SysWow64\BytescoutScreenCapturingFilter.dll 2013-02-08 02:44 . 2012-03-22 11:52 429816 ---ha-w- c:\windows\SysWow64\BytescoutScreenCapturing.dll 2013-02-08 02:44 . 2012-03-22 11:52 231672 ---ha-w- c:\windows\system32\BytescoutVideoMixerFilter.dll 2013-02-08 02:44 . 2012-03-22 11:52 584952 ---ha-w- c:\windows\system32\BytescoutScreenCapturing.dll 2013-02-08 02:44 . 2012-03-22 11:52 372984 ---ha-w- c:\windows\system32\BytescoutScreenCapturingFilter.dll 2013-02-08 00:28 . 2013-03-01 10:14 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA3B4D44-1E86-4BE5-B85D-D7409C76372B}\mpengine.dll 2013-01-20 19:59 . 2013-01-20 19:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-01-20 19:59 . 2013-01-20 19:59 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-01-15 10:11 . 2013-01-15 10:11 96768 ----a-w- c:\windows\system32\drivers\AtihdW76.sys 2013-01-15 10:11 . 2013-01-15 10:11 110080 ----a-w- c:\windows\system32\DelayAPO.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-04-04 11:29 1722488 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-04-04 11:29 1722488 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-04-04 11:29 1722488 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328] "360Amigo"="c:\program files\360Amigo\360Amigo.exe" [2011-11-30 5328672] "EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-09-13 3341464] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "Jomantha"="c:\program files (x86)\n52te\razerhid.exe" [2007-12-12 163840] "QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-06 594432] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240] "Display"="c:\program files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe" [2011-08-24 284024] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2013-03-20 607592] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-14 642656] . c:\users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Doug\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336] ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2011-8-24 271736] Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2012-11-13 3359712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\setup\disabledrunkeys] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" . R2 atnthost;WebEx Remote Access Agent;c:\programdata\WebEx\WebEx\319\atnthost.exe [2013-03-19 21520] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [x] R3 Creative HOAL Licensing Service;Creative HOAL Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe [x] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616] R3 ffusb2audio;Focusrite USB 2.0 Audio Driver;c:\windows\system32\DRIVERS\ffusb2audio.sys [2011-09-22 59224] R3 Hfsplus;Hfsplus;c:\windows\system32\DRIVERS\hfsplus.sys [2012-04-04 201008] R3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [2007-09-29 46464] R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2007-05-11 1361952] R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-05-11 50208] R3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2007-05-11 3612704] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360] R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 SaiK0836;SaiK0836;c:\windows\system32\DRIVERS\SaiK0836.sys [2010-06-17 172040] R3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-08-14 24064] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-28 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] R4 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2009-03-06 20376] R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R4 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440] R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 apmwin;apmwin;c:\windows\system32\DRIVERS\apmwin.sys [2012-04-04 51504] S0 gpt_loader;GUID Partition table support driver;c:\windows\system32\DRIVERS\gpt_loader.sys [2012-04-04 61232] S0 mounthlp;Mounter helper driver for HFS+ volumes;c:\windows\system32\DRIVERS\mounthlp.sys [2012-04-04 46384] S1 AmgHips;AmgHips;c:\windows\System32\Drivers\AmgHips.sys [2011-11-30 31008] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2009-09-08 23464] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-03-14 240640] S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2011-08-24 21880] S2 apmwinsrv;Paragon APM service;c:\program files (x86)\Paragon Software\HFS+ for Windows 8.0\apmwinsrv.exe [2012-04-04 67376] S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2011-07-06 2304912] S2 FreeAgentGoFlex Service;Seagate Drive Settings Service;c:\program files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe [2011-02-10 91432] S2 HfsplusRec;HfsplusRec;c:\windows\system32\DRIVERS\hfsplusrec.sys [2012-04-04 16176] S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-03-15 1871032] S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2010-12-24 29288] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2013-01-15 96768] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys [2013-03-04 22016] S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [2013-03-04 117248] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264] . . --- Other Services/Drivers In Memory --- . *Deregistered* - KL1 *Deregistered* - Vsdatant . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-14 02:40] . 2013-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 00:24] . 2013-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 00:24] . 2013-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3185252367-1272832353-3625531396-1000Core.job - c:\users\Doug\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-03 16:00] . 2013-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3185252367-1272832353-3625531396-1000UA.job - c:\users\Doug\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-03 16:00] . 2013-04-07 c:\windows\Tasks\SDMsgUpdate (TE).job - c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2011-05-09 17:29] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-04-04 11:29 2324600 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-04-04 11:29 2324600 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-04-04 11:29 2324600 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-07-29 310272] "SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-07-29 158208] "IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = <-loopback> uInternet Settings,ProxyServer = http=127.0.0.1:8888;https=127.0.0.1:8888 IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: MasterCook: Select Image - c:\users\Doug\AppData\LocalLow\MasterCook Web Import\MCIEContext.hta IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://backoffice.liveviridian.com/Associate/Reserved.ReportViewerWebControl.axd?ReportSession=etu4rfagnkcx0zmlktszw255&ControlID=8455571ca11f4dffbb4847d0da48a968&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab FF - ProfilePath - c:\users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z178&ocid=zdhp&install_date=20111229 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) Wow6432Node-HKLM-Run-Raagtx - c:\programdata\WebEx\WebEx\319\raagtx.exe WebBrowser-{3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3185252367-1272832353-3625531396-1000\Software\SecuROM\License information*] "datasecu"=hex:46,63,3b,45,73,19,11,40,8d,ee,e9,7e,00,34,d8,d2,d0,29,ec,b3,0b, 78,e2,e3,2b,a3,ad,de,60,66,d7,19,4e,94,b8,65,6e,d4,ae,d9,2c,a8,54,ee,43,25,\ "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" "Key"="ActionsPane3" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-07 17:37:24 ComboFix-quarantined-files.txt 2013-04-07 21:37 . Pre-Run: 42,349,748,224 bytes free Post-Run: 42,623,610,880 bytes free . - - End Of File - - 0E6DEE569C7BF8F70F5B79BBF04E75E9

Hey Gringo, PS. MS Security Essentials Keeps popping up with an alert for "RemoteAccess:Win32/TightVNC" and when I try to have it removed, it shows an error in MS Sec Essentials. Thanks. Doug

Hey Gringo, Thanks in advance for all of your help! FYI, that I have not internet connectivity from the infected PC due to the virus I have. Working from a laptop to provide you the details here. Here are the logs from the 3 programs you asked me to run: Sec Check: Results of screen317's Security Check version 0.99.62 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Out of date HijackThis installed! Malwarebytes Anti-Malware version 1.70.0.1100 HijackThis 2.0.2 Mozilla Firefox 19.0.2 Firefox out of Date! Google Chrome 25.0.1364.172 Google Chrome 26.0.1410.43 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Seagate DriveSettings Sync SeagateDriveSettingsService.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` ---------------------------------------------------------------------- AdAware: # AdwCleaner v2.200 - Logfile created 04/07/2013 at 08:17:47 # Updated 02/04/2013 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : Doug - OFFICE # Boot Mode : Normal # Running from : C:\Users\Doug\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16470 [OK] Registry is clean. -\\ Mozilla Firefox v19.0.2 (en-US) File : C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\prefs.js [OK] File is clean. File : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\4z5zdc3b.default\prefs.js [OK] File is clean. -\\ Google Chrome v26.0.1410.43 File : C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [33455 octets] - [12/03/2013 13:14:51] AdwCleaner[R2].txt - [2342 octets] - [07/04/2013 08:16:56] AdwCleaner[s1].txt - [33795 octets] - [12/03/2013 20:52:32] AdwCleaner[s2].txt - [2311 octets] - [07/04/2013 08:17:47] ########## EOF - C:\AdwCleaner[s2].txt - [2371 octets] ########## --------------------------------------- AdAware: RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Doug [Admin rights] Mode : Remove -- Date : 04/07/2013 08:32:22 | ARK || FAK || MBR | ¤¤¤ Bad processes : 3 ¤¤¤ [sUSP PATH] atnthost.exe -- C:\ProgramData\WebEx\WebEx\319\atnthost.exe [7] -> KILLED [TermProc] [sUSP PATH] raagtapp.exe -- C:\ProgramData\WebEx\WebEx\319\raagtapp.exe [7] -> KILLED [TermProc] [sUSP PATH] rapanel.exe -- C:\ProgramData\WebEx\WebEx\319\rapanel.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 7 ¤¤¤ [RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : Raagtx (C:\ProgramData\WebEx\WebEx\319\raagtx.exe) [x] -> DELETED [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:8888;hxxps=127.0.0.1:8888) -> NOT REMOVED, USE PROXYFIX [PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NOT REMOVED, USE PROXYFIX [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Extern Hives: ¤¤¤ -> D:\Documents and Settings\Admin\NTUSER.DAT -> D:\Documents and Settings\All Users\NTUSER.DAT -> D:\Documents and Settings\Chuck\NTUSER.DAT -> D:\Documents and Settings\Default User\NTUSER.DAT -> D:\Documents and Settings\Guest\NTUSER.DAT -> D:\Documents and Settings\Jack\NTUSER.DAT -> D:\Documents and Settings\Kayla\NTUSER.DAT ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000AACS-00ZUB0 ATA Device +++++ --- User --- [MBR] 25fa57c908a4c1694443993f6b5aeadb [bSP] 463382accf8021881acc9074f0119ecc : Empty MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: Maxtor 6 Y160P0 SCSI Disk Device +++++ --- User --- [MBR] c529b8f3b9eb62aa9204993501bef13a [bSP] 678773cd8b953f2944434ede1bc558d9 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 131069 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive2: WDC WD80 0BB-00BS SCSI Disk Device +++++ --- User --- [MBR] 7abdda59174bb09fe18e8b631807b7ea [bSP] 0547ea5b19154764850b4367bc802266 : Windows XP MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive3: Multiple Card Reader USB Device +++++ --- User --- [MBR] 8a4a3f84a9eda68451f8bdccda84c484 [bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code Partition table: 0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 7576 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[2]_D_04072013_02d0832.txt >> RKreport[1]_S_04072013_02d0829.txt ; RKreport[2]_D_04072013_02d0832.txt

Hey Folks, Was infected with a Trojan about a month ago and you kind folks helped me clear it up. Well, looks like I am infected again. Here are the DDS log files. Any help you can lend would be appreciated. Thanks. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16470 Run by Doug at 19:03:23 on 2013-04-06 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.6018 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe C:\Program Files (x86)\Paragon Software\HFS+ for Windows 8.0\apmwinsrv.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\ProgramData\WebEx\WebEx\319\atnthost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\ProgramData\WebEx\WebEx\319\RAAGTAPP.EXE C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\PROGRA~2\COMMON~1\X10\Common\X10nets.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Windows\system32\taskhost.exe C:\PROGRA~3\WebEx\WebEx\319\RaPanel.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe C:\Program Files (x86)\ASUS\AASP\1.00.81\aaCenter.exe C:\Program Files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe C:\Program files\360Amigo\360Amigo.exe C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe C:\Program Files\Saitek\SD6\Software\ProfilerU.exe C:\Program Files\Saitek\SD6\Software\SaiMfd.exe C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe C:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe C:\Program Files (x86)\n52te\razerhid.exe C:\Users\Doug\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\n52te\razertra.exe C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uProxyServer = hxxp=127.0.0.1:8888;https=127.0.0.1:8888 uProxyOverride = <-loopback> BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned> BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EB: MasterCook Bar: {C92041C1-6D22-4069-BA0E-66246AA752B0} - C:\Windows\SysWOW64\shdocvw.dll uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [360Amigo] "C:\Program files\360Amigo\360Amigo.exe" -autorun uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe mRun: [Jomantha] "C:\Program Files (x86)\n52te\razerhid.exe" mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun StartupFolder: C:\Users\Doug\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Doug\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Doug\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONTEN~1.LNK - C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: MasterCook: Select Image - C:\Users\Doug\AppData\LocalLow\MasterCook Web Import\MCIEContext.hta IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll IE: {E6EF5071-7647-4E85-9785-87B6CF5CB561} - {C92041C1-6D22-4069-BA0E-66246AA752B0} DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://backoffice.liveviridian.com/Associate/Reserved.ReportViewerWebControl.axd?ReportSession=etu4rfagnkcx0zmlktszw255&ControlID=8455571ca11f4dffbb4847d0da48a968&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} - hxxp://www.nero.com/doc/NeroVersionCheckerControl.cab DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://blacklabimaging.lifepics.com/net/Uploader/LPUploader57.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab TCP: NameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{8DE6B9AB-10BB-4FF1-8395-3F7752C45687} : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{C7135B2E-AC51-45DA-841C-4000DE37A853} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe x64-Run: [saiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe x64-Run: [intelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [soundMax] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned> x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\516\G2AWinLogon_x64.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z178&ocid=zdhp&install_date=20111229 FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\npspwrap.dll FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll FF - plugin: C:\Users\Doug\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Users\Doug\AppData\Roaming\Mozilla\plugins\npatgpc.dll . ============= SERVICES / DRIVERS =============== . R0 apmwin;apmwin;C:\Windows\System32\drivers\apmwin.sys [2012-7-6 51504] R0 gpt_loader;GUID Partition table support driver;C:\Windows\System32\drivers\gpt_loader.sys [2012-7-6 61232] R0 mounthlp;Mounter helper driver for HFS+ volumes;C:\Windows\System32\drivers\mounthlp.sys [2012-7-6 46384] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R1 AmgHips;AmgHips;C:\Windows\System32\drivers\AmgHips.sys [2011-11-30 31008] R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\elrawdsk.sys [2009-5-23 23464] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-14 240640] R2 APC Data Service;APC Data Service;C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2011-8-24 21880] R2 apmwinsrv;Paragon APM service;C:\Program Files (x86)\Paragon Software\HFS+ for Windows 8.0\apmwinsrv.exe [2012-4-4 67376] R2 atnthost;WebEx Remote Access Agent;C:\ProgramData\WebEx\WebEx\319\atnthost.exe [2010-7-16 21520] R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2011-7-6 2304912] R2 FreeAgentGoFlex Service;Seagate Drive Settings Service;C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe [2011-2-10 91432] R2 HfsplusRec;HfsplusRec;C:\Windows\System32\drivers\hfsplusrec.sys [2012-7-6 16176] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-24 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-24 682344] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008] R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-1-31 1871032] R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [2012-3-22 29288] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-1-15 96768] R3 ffusb2audio;Focusrite USB 2.0 Audio Driver;C:\Windows\System32\drivers\ffusb2audio.sys [2012-12-22 59224] R3 JmtFltr;n52te;C:\Windows\System32\drivers\JmtFltr.sys [2008-10-17 46464] R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-5-11 50208] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-3-11 24176] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2013-3-4 22016] R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2013-3-4 117248] R3 SaiK0836;SaiK0836;C:\Windows\System32\drivers\SaiK0836.sys [2010-6-17 172040] R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;"C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe" --> C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [?] S3 Creative HOAL Licensing Service;Creative HOAL Licensing Service;"C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe" --> C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe [?] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-21 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 Hfsplus;Hfsplus;C:\Windows\System32\drivers\hfsplus.sys [2012-7-6 201008] S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2007-5-11 1361952] S3 LVUVC64;Logitech QuickCam Pro 5000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2007-5-11 3612704] S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-14 19456] S3 skfiltv;skfiltv;C:\Windows\System32\drivers\skfiltv.sys [2008-9-12 24064] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-14 57856] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-28 1255736] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [?] S4 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2009-5-17 20376] S4 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560] S4 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440] S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-04-06 03:05:37 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C5AA95F2-1430-4F0D-8E08-C7E5590C71DF}\offreg.dll 2013-04-06 01:27:20 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C5AA95F2-1430-4F0D-8E08-C7E5590C71DF}\mpengine.dll 2013-04-06 01:15:27 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-04-04 12:23:43 -------- d-----w- C:\Users\Doug\AppData\Local\Diagnostics 2013-03-29 22:33:05 -------- d-----w- C:\Users\Doug\AppData\Roaming\REAPER 2013-03-29 22:32:39 -------- d-----w- C:\Program Files\REAPER (x64) 2013-03-27 04:20:04 116800 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee.dll 2013-03-26 12:25:40 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys 2013-03-22 13:13:52 742400 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll 2013-03-21 02:31:08 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-03-21 02:31:06 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{655FEFDA-1D52-4DC3-BE9E-CF56E98F2FD5}\gapaengine.dll 2013-03-20 15:26:15 -------- d-----w- C:\Program Files\Apowersoft 2013-03-20 08:45:28 56832 ----a-w- C:\Windows\SysWow64\rzdevinfo.dll 2013-03-20 08:45:28 148480 ----a-w- C:\Windows\SysWow64\rztouchdll.dll 2013-03-20 08:45:20 245248 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll 2013-03-19 02:45:10 -------- d-----w- C:\Program Files (x86)\AMD AVT 2013-03-19 02:45:03 -------- d-----w- C:\Program Files (x86)\AMD APP 2013-03-16 22:53:01 -------- d-----w- C:\Users\Doug\AppData\Roaming\SumatraPDF 2013-03-16 22:52:57 -------- d-----w- C:\Program Files (x86)\SumatraPDF 2013-03-14 21:19:30 78432 ----a-w- C:\Windows\System32\atimpc64.dll 2013-03-14 21:19:30 78432 ----a-w- C:\Windows\System32\amdpcom64.dll 2013-03-14 21:19:30 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2013-03-14 21:19:30 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2013-03-14 21:19:24 113464 ----a-w- C:\Windows\System32\atiu9p64.dll 2013-03-14 21:19:02 5034792 ----a-w- C:\Windows\System32\atiumd6a.dll 2013-03-14 21:19:00 6980480 ----a-w- C:\Windows\System32\atiumd64.dll 2013-03-14 21:17:16 11613184 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2013-03-14 21:06:10 222720 ----a-w- C:\Windows\System32\clinfo.exe 2013-03-14 21:05:50 76288 ----a-w- C:\Windows\System32\OpenVideo64.dll 2013-03-14 21:05:46 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2013-03-14 21:05:42 64000 ----a-w- C:\Windows\System32\OVDecode64.dll 2013-03-14 21:05:38 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2013-03-14 21:05:28 29149696 ----a-w- C:\Windows\System32\amdocl64.dll 2013-03-14 21:03:32 23810048 ----a-w- C:\Windows\SysWow64\amdocl.dll 2013-03-14 21:01:46 54784 ----a-w- C:\Windows\System32\OpenCL.dll 2013-03-14 21:01:42 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2013-03-14 20:55:26 5067264 ----a-w- C:\Windows\System32\amdsc64.dll 2013-03-14 20:55:22 4083200 ----a-w- C:\Windows\SysWow64\amdsc.dll 2013-03-14 20:47:54 24090112 ----a-w- C:\Windows\System32\atio6axx.dll 2013-03-14 20:47:08 77312 ----a-w- C:\Windows\System32\coinst_12.10.17.dll 2013-03-14 20:44:30 163840 ----a-w- C:\Windows\System32\atiapfxx.exe 2013-03-14 20:42:10 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2013-03-14 20:42:08 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2013-03-14 20:42:02 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2013-03-14 20:42:02 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2013-03-14 20:41:50 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll 2013-03-14 20:37:36 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2013-03-14 20:31:50 19864064 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2013-03-14 20:21:40 442368 ----a-w- C:\Windows\System32\atidemgy.dll 2013-03-14 20:21:30 561152 ----a-w- C:\Windows\System32\atieclxx.exe 2013-03-14 20:20:42 240640 ----a-w- C:\Windows\System32\atiesrxx.exe 2013-03-14 20:19:22 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2013-03-14 20:19:08 25600 ----a-w- C:\Windows\System32\atimuixx.dll 2013-03-14 20:19:04 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2013-03-14 20:18:58 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2013-03-14 19:56:46 630272 ----a-w- C:\Windows\System32\atiadlxx.dll 2013-03-14 19:56:36 425984 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2013-03-14 19:56:20 17920 ----a-w- C:\Windows\System32\atig6pxx.dll 2013-03-14 19:56:18 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2013-03-14 19:56:18 14848 ----a-w- C:\Windows\System32\atiglpxx.dll 2013-03-14 19:56:14 44032 ----a-w- C:\Windows\System32\atig6txx.dll 2013-03-14 19:56:06 34816 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2013-03-14 19:55:58 576000 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2013-03-14 19:51:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2013-03-14 16:24:05 -------- d-sh--w- C:\$RECYCLE.BIN 2013-03-14 02:40:13 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-03-13 01:37:55 -------- d-----w- C:\Windows\ERUNT 2013-03-13 01:37:42 -------- d-----w- C:\JRT 2013-03-12 16:07:58 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2013-03-12 16:07:49 -------- d-----w- C:\Program Files\Microsoft Security Client . ==================== Find3M ==================== . 2013-04-02 10:34:28 282744 ------w- C:\Windows\System32\MpSigStub.exe 2013-03-19 01:54:44 226832 ----a-w- C:\Windows\SysWow64\ataskernel.exe 2013-03-14 21:19:26 139696 ----a-w- C:\Windows\System32\atiuxp64.dll 2013-03-14 21:19:24 118584 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2013-03-14 21:19:22 92304 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2013-03-14 21:19:22 1150120 ----a-w- C:\Windows\System32\aticfx64.dll 2013-03-14 21:19:20 968864 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2013-03-14 21:19:18 8271088 ----a-w- C:\Windows\System32\atidxx64.dll 2013-03-14 21:19:14 7232824 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2013-03-14 21:19:10 4474984 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2013-03-14 21:19:06 5940656 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2013-03-14 02:40:12 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-04 06:48:30 22016 ----a-w- C:\Windows\System32\drivers\rzendpt.sys 2013-03-04 06:48:30 117248 ----a-w- C:\Windows\System32\drivers\rzudd.sys 2013-02-22 13:59:12 829264 ----a-w- C:\Windows\System32\msvcr100.dll 2013-02-22 13:59:12 608080 ----a-w- C:\Windows\System32\msvcp100.dll 2013-02-22 09:13:58 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll 2013-02-22 09:13:58 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll 2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-02-08 02:44:08 175864 ---ha-w- C:\Windows\SysWow64\BytescoutVideoMixerFilter.dll 2013-02-08 02:44:06 429816 ---ha-w- C:\Windows\SysWow64\BytescoutScreenCapturing.dll 2013-02-08 02:44:06 261880 ---ha-w- C:\Windows\SysWow64\BytescoutScreenCapturingFilter.dll 2013-02-08 02:44:06 231672 ---ha-w- C:\Windows\System32\BytescoutVideoMixerFilter.dll 2013-02-08 02:44:04 584952 ---ha-w- C:\Windows\System32\BytescoutScreenCapturing.dll 2013-02-08 02:44:04 372984 ---ha-w- C:\Windows\System32\BytescoutScreenCapturingFilter.dll 2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-01-20 19:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2013-01-20 19:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2013-01-15 10:11:26 96768 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys 2013-01-15 10:11:12 110080 ----a-w- C:\Windows\System32\DelayAPO.dll . ============= FINISH: 19:04:18.09 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 11/27/2010 8:16:25 AM System Uptime: 4/5/2013 9:14:25 PM (22 hours ago) . Motherboard: ASUSTeK Computer INC. | | P5E3 Deluxe Processor: Intel® Core2 Duo CPU E8400 @ 3.00GHz | LGA775 | 2997/333mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 466 GiB total, 40.242 GiB free. D: is FIXED (NTFS) - 128 GiB total, 28.132 GiB free. E: is Removable F: is CDROM () G: is FIXED (FAT32) - 75 GiB total, 33.945 GiB free. H: is FIXED (NTFS) - 2794 GiB total, 2490.501 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: 802.11n Network Adapter Device ID: USB\VID_0B05&PID_1742\1.0 Manufacturer: ASUSTeK Computer Inc. Name: 802.11n Network Adapter PNP Device ID: USB\VID_0B05&PID_1742\1.0 Service: netr28ux . Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318} Description: Standard PS/2 Keyboard Device ID: ACPI\PNP0303\4&23F9C1E3&0 Manufacturer: (Standard keyboards) Name: Standard PS/2 Keyboard PNP Device ID: ACPI\PNP0303\4&23F9C1E3&0 Service: i8042prt . Class GUID: Description: Perfection610 Device ID: USB\VID_04B8&PID_0103\7&1F75A293&0&3 Manufacturer: Name: Perfection610 PNP Device ID: USB\VID_04B8&PID_0103\7&1F75A293&0&3 Service: . ==== System Restore Points =================== . RP404: 4/3/2013 8:52:44 PM - Windows Update RP405: 4/4/2013 8:27:50 AM - Restore Operation RP406: 4/4/2013 8:50:16 AM - Windows Update RP407: 4/5/2013 8:52:51 PM - Restore Operation . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 360Amigo System Speedup PRO 3ivx MPEG-4 5.0.3 (remove only) 64 Bit HP CIO Components Installer Ableton Live 8 Acrobat.com ActiveHome Pro Adobe AIR Adobe Download Manager Adobe Flash Player 11 ActiveX Adobe Photoshop Lightroom 3.6 64-bit Adobe Photoshop Lightroom 4.3 64-bit AI Direct Link AI Suite Altitude AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Media Foundation Decoders AnswerWorks 5.0 English Runtime Apple Application Support Apple Mobile Device Support Apple Software Update Aria ASIO4ALL ASUSUpdate Audio Terminator 1.00 Authorizer 2.0.1 Authorizer Ignition Key Support Avery Wizard 3.1 Bass Station 1.9 Battlefield 3™ Battlefield: Bad Company 2 Battlelog Web Plugins Bing Bar Bing Rewards Client Installer Bonjour BufferChm Bullzip PDF Printer 7.1.0.1159 Call of Duty 4: Modern Warfare Call of Duty® 4 - Modern Warfare Call of Duty® 4 - Modern Warfare 1.6 Patch Call of Duty® 4 - Modern Warfare 1.7 Patch Call of Duty: Black Ops Call of Duty: Black Ops - Multiplayer Call of Duty: Black Ops II Call of Duty: Black Ops II - Multiplayer Call of Duty: Black Ops II - Zombies Call of Duty: Modern Warfare 2 - Multiplayer Call of Duty: Modern Warfare 3 Call of Duty: Modern Warfare 3 - Multiplayer Call of Duty: World at War CANON iMAGE GATEWAY MyCamera Download Plugin CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon MOV Decoder Canon MOV Encoder Canon MovieEdit Task for ZoomBrowser EX Canon Utilities Digital Photo Professional 3.10 Canon Utilities EOS Sample Music Canon Utilities EOS Utility Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX Canon Utilities Movie Uploader for YouTube Canon Utilities PhotoStitch Canon Utilities Picture Style Editor Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Cisco Connect Cisco Network Magic Cisco WebEx Meetings Click'N Design 3D (V5) (Help File Patch Applied) ClubWPT Collab Content Manager Assistant for PlayStation® Copy Coupon Companion Creative ALchemy (X-Fi Edition) Creative Audio Control Panel Creative MediaSource 5 Creative Software AutoUpdate Creative System Information Creative USB Headsets CustomerResearchQFolder D3DX10 Dell Driver Download Manager Destination Component DeviceDiscovery DeviceManagementQFolder Digital Combat Simulator: A-10C Warthog DJ_AIO_03_F2200_ProductContext DJ_AIO_03_F2200_Software DJ_AIO_03_F2200_Software_Min Driver Sweeper version 3.2.0 Dropbox EaseUS Data Recovery Wizard Free Edition 5.6.1 EasyBits GO eFax Messenger ERUNT 1.1j ESN Sonar eSupportQFolder Express Burn Express Gate Updater Express Rip Eye-Fi Center 3.4 F2200 F2200_Help File Scavenger 4.0 (en) FL Studio 8 FlipShare Focusrite USB 2.0 Audio Driver 2.2 Google Chrome Google Toolbar for Internet Explorer Google Update Helper GoToAssist 8.0.0.516 GPBaseService GPL Ghostscript Lite 8.70 HDView for Internet Explorer HijackThis 2.0.2 Host OpenAL Host OpenAL (ADI) HP Customer Participation Program 10.0 HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3 HP Imaging Device Functions 10.0 HP Photosmart Essential 2.5 HP Smart Web Printing HP Solution Center 10.0 HP Update HPProductAssistant HPSSupply iCloud IL Download Manager iTunes JMB36X Raid Configurer Junk Mail filter update KarAll version 1.25.0(2) Karaoke for DirectX (remove only) Karaoki KRocks6-User-27032011 V6 Left 4 Dead Left 4 Dead 2 LightScribe System Software 1.10.13.1 Line 6 Uninstaller Live 7.0.18 Live 8.0.9 Logitech Harmony Remote Software 7 Malwarebytes Anti-Malware version 1.70.0.1100 MarketResearch Marvell Miniport Driver MasterCook 11 Medal of Honor Multiplayer Medal of Honor Single Player MediaWidget 6.0 Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Default Manager Microsoft Mouse and Keyboard Center Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office Excel Viewer 2003 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Live Add-in 1.5 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2013 - en-us Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Store Download Manager Microsoft UI Engine Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MiniTool Power Data Recovery mIRC MixPad MobileMe Control Panel Mozilla Firefox 19.0.2 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) mytvpal TV revolution player 5.6.0 preview n52te Editor NCH Toolbox Nero 7 Essentials neroxml Netflix Movie Viewer Network Magic NVIDIA PhysX Office 15 Click-to-Run Extensibility Component Office 15 Click-to-Run Licensing Component Office 15 Click-to-Run Localization Component Origin PandoraRecovery (Remove Only) Paragon HFS+ for Windows™ 9.0 PC Wizard 2008.1.871 Photo Pos Pro PoiZone Power Audio Recorder Pro 1.70 PowerChute Personal Edition 3.0.0.1 Print Server Driver PSSWCORE Punch! Home and Landscape Design Suite PunkBuster Services Pure Networks Platform QuickTime Razer Synapse 2.0 Realtek 8169 8168 8101E 8102E Ethernet Driver REAPER (x64) Reason Essentials 1.5.2 Reason Essentials Ignition Key Support Remote Control USB Driver Roblox Safari Saffire 2.7 Scan Seagate Drive Settings Installer Search Toolbar SeaTools for Windows Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Shop for HP Supplies Sibelius Scorch Plugin Skype Toolbars Skype™ 5.10 Smart Technology Programming Software 7.0.2.7 SmartDraw VP SmartWebPrintingOC SolutionCenter Sondle File Recovery Assist SoundMAX SPORE™ Status Steam SumatraPDF Switch Sound File Converter System Requirements Lab Team Fortress 2 Toolbox Toxic Biohazard TrayApp UnloadSupport Unreal Tournament 3 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VC 9.0 Runtime Video Download Capture V4.1.0 Video Download Capture V4.3.6 VideoToolkit01 Virtual Dj Studio 6.0 VirtualLab Client 6.0.24 WavePad Sound Editor WebEx Productivity Tools WebEx Support Manager for Internet Explorer WebReg Windows 7 Upgrade Advisor Windows Driver Package - Focusrite USB 2.0 Audio Driver (09/22/2011 2.2.0.0) Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 4/6/2013 1:39:25 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=RemoteAccess:Win32/TightVNC&threatid=13052 Name: RemoteAccess:Win32/TightVNC ID: 13052 Severity: Medium Category: Remote Control Software Path: containerfile:_C:\Users\Doug\Downloads\Software\bootcd\UBCD4WinV350.exe;containerfile:_D:\download\software\UBCD4WinV350.exe;file:_C:\Users\Doug\Downloads\Software\bootcd\UBCD4WinV350.exe->(inno#006031);file:_C:\Users\Doug\Downloads\Software\bootcd\UBCD4WinV350.exe->(inno#006035);file:_D:\download\software\UBCD4WinV350.exe->(inno#006031);file:_D:\download\software\UBCD4WinV350.exe->(inno#006035) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: Office\Doug Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.147.1189.0, AS: 1.147.1189.0, NIS: 18.160.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0 4/5/2013 9:55:12 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=RemoteAccess:Win32/TightVNC&threatid=13052 Name: RemoteAccess:Win32/TightVNC ID: 13052 Severity: Medium Category: Remote Control Software Path: containerfile:_C:\Users\Doug\Downloads\Software\bootcd\UBCD4WinV350.exe;containerfile:_D:\download\software\UBCD4WinV350.exe;file:_C:\Users\Doug\Downloads\Software\bootcd\UBCD4WinV350.exe->(inno#006031);file:_C:\Users\Doug\Downloads\Software\bootcd\UBCD4WinV350.exe->(inno#006035);file:_D:\download\software\UBCD4WinV350.exe->(inno#006031);file:_D:\download\software\UBCD4WinV350.exe->(inno#006035) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: Office\Doug Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.147.1189.0, AS: 1.147.1189.0, NIS: 18.160.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0 4/5/2013 9:21:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 4/5/2013 9:19:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect. 4/5/2013 9:17:22 PM, Error: Service Control Manager [7022] - The Internet Connection Sharing (ICS) service hung on starting. 4/5/2013 9:17:19 PM, Error: Service Control Manager [7022] - The Pure Networks Platform Service service hung on starting. 4/5/2013 9:17:12 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting. 4/5/2013 9:17:12 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR4. 4/5/2013 9:15:27 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0 4/5/2013 5:16:10 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=RemoteAccess:Win32/TightVNC&threatid=13052 Name: RemoteAccess:Win32/TightVNC ID: 13052 Severity: Medium Category: Remote Control Software Path: containerfile:_C:\Users\Doug\Downloads\Software\bootcd\UBCD4WinV350.exe;containerfile:_D:\download\software\UBCD4WinV350.exe;file:_C:\Users\Doug\Downloads\Software\bootcd\UBCD4WinV350.exe->(inno#006031);file:_C:\Users\Doug\Downloads\Software\bootcd\UBCD4WinV350.exe->(inno#006035);file:_D:\download\software\UBCD4WinV350.exe->(inno#006031);file:_D:\download\software\UBCD4WinV350.exe->(inno#006035) Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: Office\Doug Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.147.1140.0, AS: 1.147.1140.0, NIS: 18.160.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0 4/5/2013 5:16:05 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=RemoteAccess:Win32/TightVNC&threatid=13052 Name: RemoteAccess:Win32/TightVNC ID: 13052 Severity: Medium Category: Remote Control Software Path: containerfile:_C:\Users\Doug\Downloads\Software\bootcd\UBCD4WinV350.exe;containerfile:_D:\download\software\UBCD4WinV350.exe;file:_C:\Users\Doug\Downloads\Software\bootcd\UBCD4WinV350.exe->(inno#006031);file:_C:\Users\Doug\Downloads\Software\bootcd\UBCD4WinV350.exe->(inno#006035);file:_D:\download\software\UBCD4WinV350.exe->(inno#006031);file:_D:\download\software\UBCD4WinV350.exe->(inno#006035) Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: Office\Doug Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.147.1140.0, AS: 1.147.1140.0, NIS: 18.160.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0 4/5/2013 11:17:43 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=RemoteAccess:Win32/TightVNC&threatid=13052 Name: RemoteAccess:Win32/TightVNC ID: 13052 Severity: Medium Category: Remote Control Software Path: containerfile:_C:\Users\Doug\Downloads\Software\bootcd\UBCD4WinV350.exe;containerfile:_D:\download\software\UBCD4WinV350.exe;file:_C:\Users\Doug\Downloads\Software\bootcd\UBCD4WinV350.exe->(inno#006031);file:_C:\Users\Doug\Downloads\Software\bootcd\UBCD4WinV350.exe->(inno#006035);file:_D:\download\software\UBCD4WinV350.exe->(inno#006031);file:_D:\download\software\UBCD4WinV350.exe->(inno#006035) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: Office\Doug Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.147.1189.0, AS: 1.147.1189.0, NIS: 18.160.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0 4/5/2013 11:17:38 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=RemoteAccess:Win32/TightVNC&threatid=13052 Name: RemoteAccess:Win32/TightVNC ID: 13052 Severity: Medium Category: Remote Control Software Path: containerfile:_C:\Users\Doug\Downloads\Software\bootcd\UBCD4WinV350.exe;containerfile:_D:\download\software\UBCD4WinV350.exe;file:_C:\Users\Doug\Downloads\Software\bootcd\UBCD4WinV350.exe->(inno#006031);file:_C:\Users\Doug\Downloads\Software\bootcd\UBCD4WinV350.exe->(inno#006035);file:_D:\download\software\UBCD4WinV350.exe->(inno#006031);file:_D:\download\software\UBCD4WinV350.exe->(inno#006035) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: Office\Doug Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.147.1189.0, AS: 1.147.1189.0, NIS: 18.160.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0 4/4/2013 8:38:46 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0 . ==== End Of File ===========================

Thanks for all the help Maurice. Deeply appreciated.

Hey Maurice, Things are running faster. Here is the log file from the Combofix: ComboFix 13-03-12.02 - Doug 03/13/2013 10:49:09.1.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.4869 [GMT -4:00] Running from: c:\users\Doug\Downloads\ComboFix.exe AV: ZoneAlarm Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730} FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Doug\GoToAssistDownloadHelper.exe c:\users\Doug\ResourceReader.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_OxFWLF . . ((((((((((((((((((((((((( Files Created from 2013-02-13 to 2013-03-13 ))))))))))))))))))))))))))))))) . . 2013-03-13 11:29 . 2013-02-07 20:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44AE827F-313A-48FF-9495-1299C2D89F78}\mpengine.dll 2013-03-13 01:37 . 2013-03-13 01:37 -------- d-----w- c:\windows\ERUNT 2013-03-13 01:37 . 2013-03-13 01:37 -------- d-----w- C:\JRT 2013-03-12 17:09 . 2013-03-12 17:09 -------- d-----w- c:\program files (x86)\ERUNT 2013-03-12 16:07 . 2013-03-12 16:07 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2013-03-12 16:07 . 2013-03-12 16:08 -------- d-----w- c:\program files\Microsoft Security Client 2013-03-01 10:14 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA3B4D44-1E86-4BE5-B85D-D7409C76372B}\mpengine.dll 2013-02-25 16:30 . 2013-02-25 16:30 150600 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 2013-02-25 16:30 . 2013-02-25 16:30 1274456 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\pidgenx.dll 2013-02-22 09:13 . 2013-02-22 09:13 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll 2013-02-22 09:13 . 2013-02-22 09:13 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll 2013-02-14 01:45 . 2013-02-14 01:45 -------- d-----w- c:\programdata\ATI 2013-02-13 14:54 . 2013-02-13 14:54 -------- d-----w- c:\program files (x86)\AMD AVT 2013-02-13 14:54 . 2013-02-13 14:54 -------- d-----w- c:\program files (x86)\AMD APP 2013-02-13 08:06 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 08:06 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 02:39 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-13 02:39 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-02-13 02:39 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-02-13 02:39 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-02-13 02:39 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-02-13 02:39 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-02-13 02:39 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-02-13 02:39 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-02-13 02:39 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-02-13 02:39 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-02-13 02:39 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-13 02:39 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-13 01:24 . 2011-01-01 17:56 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-03-13 01:11 . 2013-02-01 01:57 563312 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2013-02-12 05:45 . 2013-03-13 01:05 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 01:05 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-13 01:05 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 01:05 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-13 01:05 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 01:05 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-01-30 10:53 . 2009-10-02 21:49 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-20 19:59 . 2013-01-20 19:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-01-20 19:59 . 2013-01-20 19:59 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-01-04 04:43 . 2013-02-13 02:39 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-12-19 20:50 . 2012-07-28 04:09 5630200 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-12-19 20:48 . 2012-12-19 20:48 11278336 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-12-19 20:45 . 2012-12-19 20:45 222720 ----a-w- c:\windows\system32\clinfo.exe 2012-12-19 20:44 . 2012-12-19 20:44 76288 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-12-19 20:44 . 2012-12-19 20:44 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-12-19 20:44 . 2012-12-19 20:44 64000 ----a-w- c:\windows\system32\OVDecode64.dll 2012-12-19 20:44 . 2012-12-19 20:44 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-12-19 20:44 . 2012-12-19 20:44 34518016 ----a-w- c:\windows\system32\amdocl64.dll 2012-12-19 20:38 . 2012-12-19 20:38 28732928 ----a-w- c:\windows\SysWow64\amdocl.dll 2012-12-19 20:34 . 2012-12-19 20:34 54784 ----a-w- c:\windows\system32\OpenCL.dll 2012-12-19 20:34 . 2012-12-19 20:34 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-12-19 20:29 . 2012-12-19 20:29 23461376 ----a-w- c:\windows\system32\atio6axx.dll 2012-12-19 20:22 . 2012-12-19 20:22 70144 ----a-w- c:\windows\system32\coinst_9.012.dll 2012-12-19 20:19 . 2012-12-19 20:19 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2012-12-19 20:18 . 2012-12-19 20:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-12-19 20:18 . 2012-12-19 20:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-12-19 20:17 . 2012-12-19 20:17 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-12-19 20:17 . 2012-12-19 20:17 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-12-19 20:17 . 2012-12-19 20:17 16082944 ----a-w- c:\windows\system32\aticaldd64.dll 2012-12-19 20:13 . 2012-12-19 20:13 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-12-19 20:12 . 2012-12-19 20:12 18982400 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-12-19 20:09 . 2012-07-28 02:15 960512 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-12-19 20:08 . 2011-09-08 17:32 1151488 ----a-w- c:\windows\system32\aticfx64.dll 2012-12-19 20:06 . 2012-07-28 02:07 6681088 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-12-19 19:59 . 2012-07-28 01:41 5087744 ----a-w- c:\windows\system32\atiumd6a.dll 2012-12-19 19:57 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll 2012-12-19 19:56 . 2012-12-19 19:56 550912 ----a-w- c:\windows\system32\atieclxx.exe 2012-12-19 19:56 . 2012-12-19 19:56 240640 ----a-w- c:\windows\system32\atiesrxx.exe 2012-12-19 19:54 . 2012-12-19 19:54 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-12-19 19:54 . 2012-12-19 19:54 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-12-19 19:54 . 2012-12-19 19:54 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-12-19 19:54 . 2012-12-19 19:54 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-12-19 19:49 . 2011-09-08 17:16 7370752 ----a-w- c:\windows\system32\atidxx64.dll 2012-12-19 19:44 . 2012-07-28 01:32 4162048 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-12-19 19:44 . 2012-07-28 01:25 6786560 ----a-w- c:\windows\system32\atiumd64.dll 2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\atimpc64.dll 2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\amdpcom64.dll 2012-12-19 19:33 . 2012-07-28 01:15 619008 ----a-w- c:\windows\system32\atiadlxx.dll 2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2012-12-19 19:33 . 2012-12-19 19:33 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-12-19 19:33 . 2012-12-19 19:33 17920 ----a-w- c:\windows\system32\atig6pxx.dll 2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-12-19 19:33 . 2012-12-19 19:33 41984 ----a-w- c:\windows\system32\atig6txx.dll 2012-12-19 19:33 . 2012-12-19 19:33 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-12-19 19:32 . 2012-12-19 19:32 552960 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-12-19 19:31 . 2011-09-08 16:52 130048 ----a-w- c:\windows\system32\atiuxp64.dll 2012-12-19 19:31 . 2012-07-28 01:13 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-12-19 19:31 . 2012-07-28 01:13 104448 ----a-w- c:\windows\system32\atiu9p64.dll 2012-12-19 19:30 . 2012-07-28 01:13 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-12-19 19:30 . 2012-12-19 19:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-12-16 17:11 . 2012-12-21 08:01 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-21 08:01 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-21 08:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-21 08:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-14 21:49 . 2010-03-12 02:24 24176 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-03-13 01:12 1722976 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-03-13 01:12 1722976 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-03-13 01:12 1722976 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328] "360Amigo"="c:\program files\360Amigo\360Amigo.exe" [2011-11-30 5328672] "EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-09-13 3341464] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "Jomantha"="c:\program files (x86)\n52te\razerhid.exe" [2007-12-12 163840] "QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-06 594432] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240] "Display"="c:\program files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe" [2011-08-24 284024] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-12-11 338864] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808] . c:\users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Doug\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272] ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2011-8-24 271736] Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2012-11-13 3359712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\setup\disabledrunkeys] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [x] R3 Creative HOAL Licensing Service;Creative HOAL Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe [x] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616] R3 ffusb2audio;Focusrite USB 2.0 Audio Driver;c:\windows\system32\DRIVERS\ffusb2audio.sys [2011-09-22 59224] R3 Hfsplus;Hfsplus;c:\windows\system32\DRIVERS\hfsplus.sys [2012-04-04 201008] R3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [2007-09-29 46464] R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2007-05-11 1361952] R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-05-11 50208] R3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2007-05-11 3612704] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360] R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 SaiK0836;SaiK0836;c:\windows\system32\DRIVERS\SaiK0836.sys [2010-06-17 172040] R3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-08-14 24064] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-28 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] R4 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2009-03-06 20376] R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R4 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440] R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 apmwin;apmwin;c:\windows\system32\DRIVERS\apmwin.sys [2012-04-04 51504] S0 gpt_loader;GUID Partition table support driver;c:\windows\system32\DRIVERS\gpt_loader.sys [2012-04-04 61232] S0 mounthlp;Mounter helper driver for HFS+ volumes;c:\windows\system32\DRIVERS\mounthlp.sys [2012-04-04 46384] S1 AmgHips;AmgHips;c:\windows\System32\Drivers\AmgHips.sys [2011-11-30 31008] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2009-09-08 23464] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640] S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2011-08-24 21880] S2 apmwinsrv;Paragon APM service;c:\program files (x86)\Paragon Software\HFS+ for Windows 8.0\apmwinsrv.exe [2012-04-04 67376] S2 atnthost;WebEx Remote Access Agent;c:\programdata\WebEx\WebEx\319\atnthost.exe [2012-11-18 21072] S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2011-07-06 2304912] S2 FreeAgentGoFlex Service;Seagate Drive Settings Service;c:\program files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe [2011-02-10 91432] S2 HfsplusRec;HfsplusRec;c:\windows\system32\DRIVERS\hfsplusrec.sys [2012-04-04 16176] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-02-25 1861288] S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2010-12-24 29288] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys [2012-11-07 22016] S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [2012-11-07 113664] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *Deregistered* - KL1 *Deregistered* - Vsdatant . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 00:24] . 2013-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 00:24] . 2013-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3185252367-1272832353-3625531396-1000Core.job - c:\users\Doug\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-03 16:00] . 2013-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3185252367-1272832353-3625531396-1000UA.job - c:\users\Doug\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-03 16:00] . 2013-03-13 c:\windows\Tasks\SDMsgUpdate (TE).job - c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2011-05-09 17:29] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-03-13 01:12 2325624 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-03-13 01:12 2325624 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-03-13 01:12 2325624 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-07-29 310272] "SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-07-29 158208] "IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: MasterCook: Select Image - c:\users\Doug\AppData\LocalLow\MasterCook Web Import\MCIEContext.hta IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://backoffice.liveviridian.com/Associate/Reserved.ReportViewerWebControl.axd?ReportSession=etu4rfagnkcx0zmlktszw255&ControlID=8455571ca11f4dffbb4847d0da48a968&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab FF - ProfilePath - c:\users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z178&ocid=zdhp&install_date=20111229 FF - ExtSQL: 2013-02-02 15:31; crossriderapp4493@crossrider.com; c:\users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\extensions\crossriderapp4493@crossrider.com . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) Wow6432Node-HKLM-Run-Raagtx - c:\programdata\WebEx\WebEx\319\raagtx.exe WebBrowser-{3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3185252367-1272832353-3625531396-1000\Software\SecuROM\License information*] "datasecu"=hex:46,63,3b,45,73,19,11,40,8d,ee,e9,7e,00,34,d8,d2,d0,29,ec,b3,0b, 78,e2,e3,2b,a3,ad,de,60,66,d7,19,4e,94,b8,65,6e,d4,ae,d9,2c,a8,54,ee,43,25,\ "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" "Key"="ActionsPane3" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\APC\PowerChute Personal Edition\mainserv.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\progra~2\COMMON~1\X10\Common\X10nets.exe c:\progra~3\WebEx\WebEx\319\RaPanel.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe c:\program files (x86)\ASUS\AASP\1.00.81\aaCenter.exe c:\program files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe c:\program files (x86)\ASUS\AI Direct Link\AsShare.exe c:\program files\Microsoft Office 15\Root\Office15\MsoSync.exe . ************************************************************************** . Completion time: 2013-03-13 11:30:03 - machine was rebooted ComboFix-quarantined-files.txt 2013-03-13 15:29 . Pre-Run: 62,097,162,240 bytes free Post-Run: 61,408,722,944 bytes free . - - End Of File - - 3CC2B5592CD436C2A70D6B4459BD7C76

Last Step: MBAM Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.12.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Doug :: OFFICE [administrator] Protection: Enabled 3/12/2013 10:06:30 PM mbam-log-2013-03-12 (22-06-30).txt Scan type: Full scan (C:\|D:\|G:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 1052682 Time elapsed: 2 hour(s), 55 minute(s), 46 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Behaviour looks stable, although start up times are longer for some reason. Waiting for your next instructions.

Step 3 Logs: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.7.1 (03.12.2013:1) OS: Windows 7 Ultimate x64 Ran by Doug on Tue 03/12/2013 at 21:38:01.54 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88} Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88} ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old" Successfully deleted: [File] C:\Users\Doug\AppData\Roaming\mozilla\firefox\profiles\z81p876x.default\searchplugins\bing-zugo.xml Successfully deleted the following from C:\Users\Doug\AppData\Roaming\mozilla\firefox\profiles\z81p876x.default\prefs.js user_pref("extensions.crossrider.bic", "13c9e2e9bc2a1b729e444423d18b7a86"); ~~~ Chrome Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\pbkdpahkifcigckmhiafindmaflfifgm ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 03/12/2013 at 21:45:36.67 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OK, here we go. Step One and Two logs: Step One - ADW Cleaner Log # AdwCleaner v2.114 - Logfile created 03/12/2013 at 20:52:32 # Updated 05/03/2013 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : Doug - OFFICE # Boot Mode : Normal # Running from : C:\Users\Doug\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Users\Doug\AppData\Local\Temp\Uninstall.exe Folder Deleted : C:\Program Files (x86)\Coupon Companion Folder Deleted : C:\Program Files (x86)\Search Toolbar Folder Deleted : C:\Users\Doug\AppData\Local\Coupon Companion Folder Deleted : C:\Users\Doug\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\ConduitCommon Folder Deleted : C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\CT3015261 Folder Deleted : C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\extensions\{3ce45c4f-bfff-4988-9a3c-a75c1f491319} Folder Deleted : C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\extensions\crossriderapp4493@crossrider.com Folder Deleted : C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\extensions\staged Folder Deleted : C:\Users\Jack\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\4z5zdc3b.default\extensions\crossriderapp4493@crossrider.com ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\InstalledBrowserExtensions Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441193} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441193} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457} Key Deleted : HKCU\Software\Zugo Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1 Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3015261 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444493} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011441193} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022442293} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055445593} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066446693} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441193} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441193} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445593} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16464 [OK] Registry is clean. -\\ Mozilla Firefox v19.0 (en-US) File : C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\prefs.js Deleted : user_pref("CT3015261..clientLogIsEnabled", false); Deleted : user_pref("CT3015261..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT3015261..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT3015261.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT3015261.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT3015261.AppTrackingLastCheckTime", "Sun Jun 24 2012 00:03:18 GMT-0400 (Eastern Daylight[...] Deleted : user_pref("CT3015261.BrowserCompStateIsOpen_129958911685785597", true); Deleted : user_pref("CT3015261.CTID", "CT3015261"); Deleted : user_pref("CT3015261.CurrentServerDate", "2-3-2013"); Deleted : user_pref("CT3015261.DialogsAlignMode", "LTR"); Deleted : user_pref("CT3015261.DialogsGetterLastCheckTime", "Sun Mar 10 2013 13:43:20 GMT-0400 (Eastern Daylig[...] Deleted : user_pref("CT3015261.DownloadReferralCookieData", ""); Deleted : user_pref("CT3015261.EMailNotifierPollDate", "Tue Mar 12 2013 11:53:16 GMT-0400 (Eastern Daylight Ti[...] Deleted : user_pref("CT3015261.EnableSearchHistory", false); Deleted : user_pref("CT3015261.EnableSearchSuggest", false); Deleted : user_pref("CT3015261.FirstServerDate", "11-8-2011"); Deleted : user_pref("CT3015261.FirstTime", true); Deleted : user_pref("CT3015261.FirstTimeFF3", true); Deleted : user_pref("CT3015261.FixPageNotFoundErrors", true); Deleted : user_pref("CT3015261.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT3015261.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT3015261.HasUserGlobalKeys", true); Deleted : user_pref("CT3015261.HomePageProtectorEnabled", false); Deleted : user_pref("CT3015261.Initialize", true); Deleted : user_pref("CT3015261.InitializeCommonPrefs", true); Deleted : user_pref("CT3015261.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT3015261.InstallationId", "CT3015261_ZoneAlarm_Security_Suite.exe"); Deleted : user_pref("CT3015261.InstallationType", "ConduitIntegration"); Deleted : user_pref("CT3015261.InstalledDate", "Wed Aug 10 2011 22:13:50 GMT-0400 (Eastern Daylight Time)"); Deleted : user_pref("CT3015261.IsAlertDBUpdated", true); Deleted : user_pref("CT3015261.IsGrouping", false); Deleted : user_pref("CT3015261.IsInitSetupIni", true); Deleted : user_pref("CT3015261.IsMulticommunity", false); Deleted : user_pref("CT3015261.IsOpenThankYouPage", false); Deleted : user_pref("CT3015261.IsOpenUninstallPage", false); Deleted : user_pref("CT3015261.LanguagePackLastCheckTime", "Tue Mar 12 2013 11:53:16 GMT-0400 (Eastern Dayligh[...] Deleted : user_pref("CT3015261.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT3015261.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT3015261.LastLogin_3.10.0.1", "Thu May 10 2012 11:07:52 GMT-0400 (Eastern Daylight Time)[...] Deleted : user_pref("CT3015261.LastLogin_3.12.2.3", "Mon Jun 11 2012 12:15:38 GMT-0400 (Eastern Daylight Time)[...] Deleted : user_pref("CT3015261.LastLogin_3.13.0.6", "Tue Aug 07 2012 15:54:41 GMT-0400 (Eastern Daylight Time)[...] Deleted : user_pref("CT3015261.LastLogin_3.14.1.0", "Fri Sep 28 2012 06:27:31 GMT-0400 (Eastern Daylight Time)[...] Deleted : user_pref("CT3015261.LastLogin_3.15.1.0", "Tue Mar 12 2013 11:53:16 GMT-0400 (Eastern Daylight Time)[...] Deleted : user_pref("CT3015261.LastLogin_3.5.1.1", "Tue Aug 16 2011 09:15:11 GMT-0400 (Eastern Daylight Time)"[...] Deleted : user_pref("CT3015261.LastLogin_3.6.0.10", "Mon Oct 03 2011 05:59:25 GMT-0400 (Eastern Daylight Time)[...] Deleted : user_pref("CT3015261.LastLogin_3.7.0.6", "Sun Nov 13 2011 13:42:36 GMT-0500 (Eastern Standard Time)"[...] Deleted : user_pref("CT3015261.LastLogin_3.8.0.8", "Thu Dec 15 2011 08:10:25 GMT-0500 (Eastern Standard Time)"[...] Deleted : user_pref("CT3015261.LastLogin_3.8.1.0", "Mon Jan 16 2012 18:39:28 GMT-0500 (Eastern Standard Time)"[...] Deleted : user_pref("CT3015261.LastLogin_3.9.0.3", "Sat Mar 10 2012 08:03:25 GMT-0500 (Eastern Standard Time)"[...] Deleted : user_pref("CT3015261.LatestVersion", "3.18.0.7"); Deleted : user_pref("CT3015261.Locale", "en"); Deleted : user_pref("CT3015261.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT3015261.MCDetectTooltipShow", false); Deleted : user_pref("CT3015261.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT3015261.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT3015261.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT3015261.OriginalFirstVersion", "3.5.1.1"); Deleted : user_pref("CT3015261.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties"); Deleted : user_pref("CT3015261.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT3015261.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT301[...] Deleted : user_pref("CT3015261.SearchInNewTabEnabled", true); Deleted : user_pref("CT3015261.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT3015261.SearchInNewTabLastCheckTime", "Tue Mar 12 2013 11:53:16 GMT-0400 (Eastern Dayli[...] Deleted : user_pref("CT3015261.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT3015261.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...] Deleted : user_pref("CT3015261.SearchProtectorEnabled", false); Deleted : user_pref("CT3015261.SearchProtectorToolbarDisabled", false); Deleted : user_pref("CT3015261.ServiceMapLastCheckTime", "Tue Mar 12 2013 11:53:16 GMT-0400 (Eastern Daylight [...] Deleted : user_pref("CT3015261.SettingsLastCheckTime", "Tue Mar 12 2013 11:53:16 GMT-0400 (Eastern Daylight Ti[...] Deleted : user_pref("CT3015261.SettingsLastUpdate", "1362211242"); Deleted : user_pref("CT3015261.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT3015261.ThirdPartyComponentsLastCheck", "Thu Feb 28 2013 18:22:05 GMT-0500 (Eastern Sta[...] Deleted : user_pref("CT3015261.ThirdPartyComponentsLastUpdate", "1331805997"); Deleted : user_pref("CT3015261.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT3015261.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3015261"); Deleted : user_pref("CT3015261.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT3015261.UserID", "UN29103747223576673"); Deleted : user_pref("CT3015261.ValidationData_Toolbar", 2); Deleted : user_pref("CT3015261.alertChannelId", "1406927"); Deleted : user_pref("CT3015261.approveUntrustedApps", false); Deleted : user_pref("CT3015261.backendstorage.extensions.alexa.lastshowprivacy", "31333539373732303436363936")[...] Deleted : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...] Deleted : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...] Deleted : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...] Deleted : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...] Deleted : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...] Deleted : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...] Deleted : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...] Deleted : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...] Deleted : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...] Deleted : user_pref("CT3015261.components.129506578327572375", false); Deleted : user_pref("CT3015261.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT3015261.globalFirstTimeInfoLastCheckTime", "Mon Mar 11 2013 08:57:35 GMT-0400 (Eastern [...] Deleted : user_pref("CT3015261.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT3015261.initDone", true); Deleted : user_pref("CT3015261.isAppTrackingManagerOn", false); Deleted : user_pref("CT3015261.myStuffEnabled", true); Deleted : user_pref("CT3015261.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT3015261.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT3015261.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT3015261.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT3015261.oldAppsList", "129506578324945315,129506578325335957,111,129506578326068408,129[...] Deleted : user_pref("CT3015261.revertSettingsEnabled", false); Deleted : user_pref("CT3015261.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT3015261.searchProtectorEnableByLogin", true); Deleted : user_pref("CT3015261.testingCtid", ""); Deleted : user_pref("CT3015261.toolbarAppMetaDataLastCheckTime", "Tue Mar 12 2013 11:53:16 GMT-0400 (Eastern D[...] Deleted : user_pref("CT3015261.toolbarContextMenuLastCheckTime", "Thu Feb 28 2013 18:22:08 GMT-0500 (Eastern S[...] Deleted : user_pref("CT3015261.usagesFlag", 2); Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3015261/CT3015261[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1406927/1402585/US", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3015261", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3015261",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3015261&octid=[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/61/301/CT3015261/Images/6340849608501725[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"ef6[...] Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Doug\\AppData\\Roaming\\Mozilla\\Fi[...] Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", ""); Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3015261"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3015261"); Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3015261"); Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Jan 25 2012 10:15:36 GMT-0500 (Eas[...] Deleted : user_pref("CommunityToolbar.globalUserId", "7e3c7ae0-607a-40d5-90f4-9d902fa8dad7"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3015261"); Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Mar 10 2013 13:43:2[...] Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60); Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Mar 11 2013 08:57:31 GMT-040[...] Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.locale", ""); Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 0); Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Mar 12 2013 11:53:16 GMT-0400 (E[...] Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", ""); Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.notifications.userId", "7057cd71-1cdb-4d27-b7ed-cf0161cd8546"); Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationThankYouPage", true); Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationTime", 1359837071); Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.searchUserConifrmation", false[...] Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setHomepage", false); Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setNewTab", false); Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setSearch", false); Deleted : user_pref("extensions.crossriderapp4493.4493.active", true); Deleted : user_pref("extensions.crossriderapp4493.4493.addressbar", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.addressbarenhanced", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundjs", "\n\n//\n"); Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundver", 37); Deleted : user_pref("extensions.crossriderapp4493.4493.can_run_bg_code", true); Deleted : user_pref("extensions.crossriderapp4493.4493.certdomaininstaller", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.changeprevious", false); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1359837071"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.value", "1359837071"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:00:[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_bu1.value", "1360549318"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.value", "1363103595"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 0[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.value", "%221361906535%22"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.value", "%221%22"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.value", "%7B%22source_id%2[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 0[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.value", "%221359648585%22"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.value", "%2214019%22"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.value", "1359863575343"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.value", "%221322%22"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.value", "%2214019%22"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.value", "1359863536709"); Deleted : user_pref("extensions.crossriderapp4493.4493.description", "Coupon Companion"); Deleted : user_pref("extensions.crossriderapp4493.4493.domain", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.enablesearch", false); Deleted : user_pref("extensions.crossriderapp4493.4493.fbremoteurl", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.group", 0); Deleted : user_pref("extensions.crossriderapp4493.4493.homepage", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.iframe", false); Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...] Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.value", "%7B%22installe[...] Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...] Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.value", "83"); Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.expiration", "Fri Feb [...] Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.value", "0"); Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...] Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.value", "%7B%7D"); Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...] Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.value", "%7B%7D"); Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.expiration", "Fri[...] Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.value", "%7B%22re[...] Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...] Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...] Deleted : user_pref("extensions.crossriderapp4493.4493.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...] Deleted : user_pref("extensions.crossriderapp4493.4493.manifesturl", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.name", "Coupon Companion"); Deleted : user_pref("extensions.crossriderapp4493.4493.newtab", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.opensearch", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.name", "base"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.ver", 4); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.name", "GPL Plugin (Loader)"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.ver", 15); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.code", "var a=appAPI.db.getList([...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.name", "GPL Background (BG)"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.ver", 34); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.code", "(function(a){a.selectedText=f[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.name", "CrossriderAppUtils"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.ver", 2); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.name", "CrossriderUtils"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.ver", 2); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.code", "if((typeof isBackground===\"u[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.name", "FFAppAPIWrapper"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.ver", 5); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.code", "if(typeof window!==\"undefine[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.name", "jQuery"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.ver", 3); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.name", "debug"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.ver", 3); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.name", "resources"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.ver", 2); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.code", "var CrossriderInitializerPlug[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.name", "initializer"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.ver", 2); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jq[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.name", "jquery_1_7_1"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.ver", 3); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.code", "(function(){appAPI.ready=func[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.name", "resources_background"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.ver", 1); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPT[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.name", "appApiMessage"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.ver", 1); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.code", "if(appAPI.__should_activate_v[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.name", "appApiValidation"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.ver", 1); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.code", "if(typeof jQuery!==\"undefine[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.name", "CrossriderInfo"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.ver", 2); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015"[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72"); Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...] Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsversion", 59); Deleted : user_pref("extensions.crossriderapp4493.4493.publisher", "215 Apps"); Deleted : user_pref("extensions.crossriderapp4493.4493.searchstatus", 0); Deleted : user_pref("extensions.crossriderapp4493.4493.setnewtab", false); Deleted : user_pref("extensions.crossriderapp4493.4493.settingsurl", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.thankyou", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.updateinterval", 360); Deleted : user_pref("extensions.crossriderapp4493.4493.ver", 83); Deleted : user_pref("extensions.crossriderapp4493.adsOldValue", -1); Deleted : user_pref("extensions.crossriderapp4493.apps", "4493"); Deleted : user_pref("extensions.crossriderapp4493.bic", "13c9e2e9bc2a1b729e444423d18b7a86"); Deleted : user_pref("extensions.crossriderapp4493.cid", 4493); Deleted : user_pref("extensions.crossriderapp4493.firstrun", false); Deleted : user_pref("extensions.crossriderapp4493.hadappinstalled", true); Deleted : user_pref("extensions.crossriderapp4493.installationdate", 1359863520); Deleted : user_pref("extensions.crossriderapp4493.lastcheck", 22716778); Deleted : user_pref("extensions.crossriderapp4493.lastcheckitem", 22716778); Deleted : user_pref("extensions.crossriderapp4493.modetype", "production"); Deleted : user_pref("extensions.crossriderapp4493.reportInstall", true); Deleted : user_pref("extensions.crossriderapp4493.updating", true); Deleted : user_pref("extensions.enabledAddons", "%7B3ce45c4f-bfff-4988-9a3c-a75c1f491319%7D:3.15.1.0,crossride[...] Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3015261&SearchSource=2&q=[...] File : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\4z5zdc3b.default\prefs.js Deleted : user_pref("extensions.crossriderapp4493.adsOldValue", -1); -\\ Google Chrome v25.0.1364.97 File : C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [33455 octets] - [12/03/2013 13:14:51] AdwCleaner[s1].txt - [33680 octets] - [12/03/2013 20:52:32] ########## EOF - C:\AdwCleaner[s1].txt - [33741 octets] ########## Step 2 - Rogue Killer RogueKiller V8.5.2 [Mar 9 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Doug [Admin rights] Mode : Remove -- Date : 03/12/2013 21:17:27 | ARK || FAK || MBR | ¤¤¤ Bad processes : 4 ¤¤¤ [sUSP PATH] atnthost.exe -- C:\ProgramData\WebEx\WebEx\319\atnthost.exe [7] -> KILLED [TermProc] [sUSP PATH] raagtapp.exe -- C:\ProgramData\WebEx\WebEx\319\raagtapp.exe [7] -> KILLED [TermProc] [sUSP PATH] rapanel.exe -- C:\ProgramData\WebEx\WebEx\319\rapanel.exe [7] -> KILLED [TermProc] [Microsoft][HJNAME] notepad.exe -- C:\Windows\System32\notepad.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 8 ¤¤¤ [RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : Raagtx (C:\ProgramData\WebEx\WebEx\319\raagtx.exe) [x] -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$bb8a10ffe11655d0551cca486a22d89b\n.) [x] -> REPLACED (C:\Windows\system32\wbem\fastprox.dll) [RUN][HJNAME] [ON_D:Chuck]HKCU[...]\Run : ctfmon.exe (C:\WINDOWS\system32\ctfmon.exe) [7] -> DELETED [RUN][HJNAME] [ON_D:Guest]HKCU[...]\Run : ctfmon.exe (C:\WINDOWS\system32\ctfmon.exe) [7] -> DELETED [RUN][HJNAME] [ON_D:Jack]HKCU[...]\Run : ctfmon.exe (C:\WINDOWS\system32\ctfmon.exe) [7] -> DELETED [RUN][HJNAME] [ON_D:Kayla]HKCU[...]\Run : ctfmon.exe (C:\WINDOWS\system32\ctfmon.exe) [7] -> DELETED ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$bb8a10ffe11655d0551cca486a22d89b\@ [-] --> REMOVED [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3185252367-1272832353-3625531396-1000\$bb8a10ffe11655d0551cca486a22d89b\@ [-] --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$bb8a10ffe11655d0551cca486a22d89b\U --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3185252367-1272832353-3625531396-1000\$bb8a10ffe11655d0551cca486a22d89b\U --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$bb8a10ffe11655d0551cca486a22d89b\L --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3185252367-1272832353-3625531396-1000\$bb8a10ffe11655d0551cca486a22d89b\L --> REMOVED ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Extern Hives: ¤¤¤ -> D:\Documents and Settings\Admin\NTUSER.DAT -> D:\Documents and Settings\All Users\NTUSER.DAT -> D:\Documents and Settings\Chuck\NTUSER.DAT -> D:\Documents and Settings\Default User\NTUSER.DAT -> D:\Documents and Settings\Guest\NTUSER.DAT -> D:\Documents and Settings\Jack\NTUSER.DAT -> D:\Documents and Settings\Kayla\NTUSER.DAT ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000AACS-00ZUB0 ATA Device +++++ --- User --- [MBR] 25fa57c908a4c1694443993f6b5aeadb [bSP] 463382accf8021881acc9074f0119ecc : MBR Code unknown Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: Maxtor 6 Y160P0 SCSI Disk Device +++++ --- User --- [MBR] c529b8f3b9eb62aa9204993501bef13a [bSP] 678773cd8b953f2944434ede1bc558d9 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 131069 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive2: WDC WD80 0BB-00BS SCSI Disk Device +++++ --- User --- [MBR] 7abdda59174bb09fe18e8b631807b7ea [bSP] 0547ea5b19154764850b4367bc802266 : Windows XP MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[3]_D_03122013_02d2117.txt >> RKreport[1]_S_03122013_02d1430.txt ; RKreport[2]_S_03122013_02d2114.txt ; RKreport[3]_D_03122013_02d2117.txt

Given the balance between a complete reformat and programs that I don't have install software for, I will repair this and look to uninstall any financial related software onto a clean new system. Once cleaned up, I will keep my gaming and media/music/ect on this PC. Can that be done safely?

Wow.......sounds like major trouble. Unplugged the computer from the network. Given the PC has been down since the initial scans showed it found issues in the original logs, can we isolate that this happened on the 4th of March? Also, can we safely remove the issue? I am not sure if I got that impression from your last email.

Thanks Maurice. AdwCleaner Log: # AdwCleaner v2.114 - Logfile created 03/12/2013 at 13:14:51 # Updated 05/03/2013 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : Doug - OFFICE # Boot Mode : Normal # Running from : C:\Users\Doug\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\Users\Doug\AppData\Local\Temp\Uninstall.exe Folder Found : C:\Program Files (x86)\Coupon Companion Folder Found : C:\Program Files (x86)\Search Toolbar Folder Found : C:\Users\Doug\AppData\Local\Coupon Companion Folder Found : C:\Users\Doug\AppData\LocalLow\Conduit Folder Found : C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\ConduitCommon Folder Found : C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\CT3015261 Folder Found : C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\extensions\{3ce45c4f-bfff-4988-9a3c-a75c1f491319} Folder Found : C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\extensions\crossriderapp4493@crossrider.com Folder Found : C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\extensions\crossriderapp4493@crossrider.com Folder Found : C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\extensions\staged Folder Found : C:\Users\Jack\AppData\LocalLow\Conduit Folder Found : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\4z5zdc3b.default\extensions\crossriderapp4493@crossrider.com Folder Found : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\4z5zdc3b.default\extensions\crossriderapp4493@crossrider.com ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Crossrider Key Found : HKCU\Software\AppDataLow\Software\Toolbar Key Found : HKCU\Software\Cr_Installer Key Found : HKCU\Software\InstalledBrowserExtensions Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441193} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441193} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457} Key Found : HKCU\Software\Zugo Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1 Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3015261 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444493} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011441193} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022442293} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055445593} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066446693} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441193} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441193} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277} Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445593} Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693} Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA} Key Found : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7} Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Key Found : HKU\S-1-5-21-3185252367-1272832353-3625531396-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16464 [OK] Registry is clean. -\\ Mozilla Firefox v19.0 (en-US) File : C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\prefs.js Found : user_pref("CT3015261..clientLogIsEnabled", false); Found : user_pref("CT3015261..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT3015261..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT3015261.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Found : user_pref("CT3015261.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT3015261.AppTrackingLastCheckTime", "Sun Jun 24 2012 00:03:18 GMT-0400 (Eastern Daylight[...] Found : user_pref("CT3015261.BrowserCompStateIsOpen_129958911685785597", true); Found : user_pref("CT3015261.CTID", "CT3015261"); Found : user_pref("CT3015261.CurrentServerDate", "2-3-2013"); Found : user_pref("CT3015261.DialogsAlignMode", "LTR"); Found : user_pref("CT3015261.DialogsGetterLastCheckTime", "Sun Mar 10 2013 13:43:20 GMT-0400 (Eastern Daylig[...] Found : user_pref("CT3015261.DownloadReferralCookieData", ""); Found : user_pref("CT3015261.EMailNotifierPollDate", "Tue Mar 12 2013 11:53:16 GMT-0400 (Eastern Daylight Ti[...] Found : user_pref("CT3015261.EnableSearchHistory", false); Found : user_pref("CT3015261.EnableSearchSuggest", false); Found : user_pref("CT3015261.FirstServerDate", "11-8-2011"); Found : user_pref("CT3015261.FirstTime", true); Found : user_pref("CT3015261.FirstTimeFF3", true); Found : user_pref("CT3015261.FixPageNotFoundErrors", true); Found : user_pref("CT3015261.GroupingServerCheckInterval", 1440); Found : user_pref("CT3015261.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT3015261.HasUserGlobalKeys", true); Found : user_pref("CT3015261.HomePageProtectorEnabled", false); Found : user_pref("CT3015261.Initialize", true); Found : user_pref("CT3015261.InitializeCommonPrefs", true); Found : user_pref("CT3015261.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT3015261.InstallationId", "CT3015261_ZoneAlarm_Security_Suite.exe"); Found : user_pref("CT3015261.InstallationType", "ConduitIntegration"); Found : user_pref("CT3015261.InstalledDate", "Wed Aug 10 2011 22:13:50 GMT-0400 (Eastern Daylight Time)"); Found : user_pref("CT3015261.IsAlertDBUpdated", true); Found : user_pref("CT3015261.IsGrouping", false); Found : user_pref("CT3015261.IsInitSetupIni", true); Found : user_pref("CT3015261.IsMulticommunity", false); Found : user_pref("CT3015261.IsOpenThankYouPage", false); Found : user_pref("CT3015261.IsOpenUninstallPage", false); Found : user_pref("CT3015261.LanguagePackLastCheckTime", "Tue Mar 12 2013 11:53:16 GMT-0400 (Eastern Dayligh[...] Found : user_pref("CT3015261.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT3015261.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT3015261.LastLogin_3.10.0.1", "Thu May 10 2012 11:07:52 GMT-0400 (Eastern Daylight Time)[...] Found : user_pref("CT3015261.LastLogin_3.12.2.3", "Mon Jun 11 2012 12:15:38 GMT-0400 (Eastern Daylight Time)[...] Found : user_pref("CT3015261.LastLogin_3.13.0.6", "Tue Aug 07 2012 15:54:41 GMT-0400 (Eastern Daylight Time)[...] Found : user_pref("CT3015261.LastLogin_3.14.1.0", "Fri Sep 28 2012 06:27:31 GMT-0400 (Eastern Daylight Time)[...] Found : user_pref("CT3015261.LastLogin_3.15.1.0", "Tue Mar 12 2013 11:53:16 GMT-0400 (Eastern Daylight Time)[...] Found : user_pref("CT3015261.LastLogin_3.5.1.1", "Tue Aug 16 2011 09:15:11 GMT-0400 (Eastern Daylight Time)"[...] Found : user_pref("CT3015261.LastLogin_3.6.0.10", "Mon Oct 03 2011 05:59:25 GMT-0400 (Eastern Daylight Time)[...] Found : user_pref("CT3015261.LastLogin_3.7.0.6", "Sun Nov 13 2011 13:42:36 GMT-0500 (Eastern Standard Time)"[...] Found : user_pref("CT3015261.LastLogin_3.8.0.8", "Thu Dec 15 2011 08:10:25 GMT-0500 (Eastern Standard Time)"[...] Found : user_pref("CT3015261.LastLogin_3.8.1.0", "Mon Jan 16 2012 18:39:28 GMT-0500 (Eastern Standard Time)"[...] Found : user_pref("CT3015261.LastLogin_3.9.0.3", "Sat Mar 10 2012 08:03:25 GMT-0500 (Eastern Standard Time)"[...] Found : user_pref("CT3015261.LatestVersion", "3.18.0.7"); Found : user_pref("CT3015261.Locale", "en"); Found : user_pref("CT3015261.MCDetectTooltipHeight", "83"); Found : user_pref("CT3015261.MCDetectTooltipShow", false); Found : user_pref("CT3015261.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT3015261.MCDetectTooltipWidth", "295"); Found : user_pref("CT3015261.MyStuffEnabledAtInstallation", true); Found : user_pref("CT3015261.OriginalFirstVersion", "3.5.1.1"); Found : user_pref("CT3015261.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties"); Found : user_pref("CT3015261.SearchFromAddressBarIsInit", true); Found : user_pref("CT3015261.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT301[...] Found : user_pref("CT3015261.SearchInNewTabEnabled", true); Found : user_pref("CT3015261.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT3015261.SearchInNewTabLastCheckTime", "Tue Mar 12 2013 11:53:16 GMT-0400 (Eastern Dayli[...] Found : user_pref("CT3015261.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT3015261.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...] Found : user_pref("CT3015261.SearchProtectorEnabled", false); Found : user_pref("CT3015261.SearchProtectorToolbarDisabled", false); Found : user_pref("CT3015261.ServiceMapLastCheckTime", "Tue Mar 12 2013 11:53:16 GMT-0400 (Eastern Daylight [...] Found : user_pref("CT3015261.SettingsLastCheckTime", "Tue Mar 12 2013 11:53:16 GMT-0400 (Eastern Daylight Ti[...] Found : user_pref("CT3015261.SettingsLastUpdate", "1362211242"); Found : user_pref("CT3015261.ThirdPartyComponentsInterval", 504); Found : user_pref("CT3015261.ThirdPartyComponentsLastCheck", "Thu Feb 28 2013 18:22:05 GMT-0500 (Eastern Sta[...] Found : user_pref("CT3015261.ThirdPartyComponentsLastUpdate", "1331805997"); Found : user_pref("CT3015261.ToolbarShrinkedFromSetup", false); Found : user_pref("CT3015261.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3015261"); Found : user_pref("CT3015261.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT3015261.UserID", "UN29103747223576673"); Found : user_pref("CT3015261.ValidationData_Toolbar", 2); Found : user_pref("CT3015261.alertChannelId", "1406927"); Found : user_pref("CT3015261.approveUntrustedApps", false); Found : user_pref("CT3015261.backendstorage.extensions.alexa.lastshowprivacy", "31333539373732303436363936")[...] Found : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...] Found : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...] Found : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...] Found : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...] Found : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...] Found : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...] Found : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...] Found : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...] Found : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...] Found : user_pref("CT3015261.components.129506578327572375", false); Found : user_pref("CT3015261.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT3015261.globalFirstTimeInfoLastCheckTime", "Mon Mar 11 2013 08:57:35 GMT-0400 (Eastern [...] Found : user_pref("CT3015261.homepageProtectorEnableByLogin", true); Found : user_pref("CT3015261.initDone", true); Found : user_pref("CT3015261.isAppTrackingManagerOn", false); Found : user_pref("CT3015261.myStuffEnabled", true); Found : user_pref("CT3015261.myStuffPublihserMinWidth", 400); Found : user_pref("CT3015261.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT3015261.myStuffServiceIntervalMM", 1440); Found : user_pref("CT3015261.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT3015261.oldAppsList", "129506578324945315,129506578325335957,111,129506578326068408,129[...] Found : user_pref("CT3015261.revertSettingsEnabled", false); Found : user_pref("CT3015261.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT3015261.searchProtectorEnableByLogin", true); Found : user_pref("CT3015261.testingCtid", ""); Found : user_pref("CT3015261.toolbarAppMetaDataLastCheckTime", "Tue Mar 12 2013 11:53:16 GMT-0400 (Eastern D[...] Found : user_pref("CT3015261.toolbarContextMenuLastCheckTime", "Thu Feb 28 2013 18:22:08 GMT-0500 (Eastern S[...] Found : user_pref("CT3015261.usagesFlag", 2); Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3015261/CT3015261[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1406927/1402585/US", "\"0\"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3015261", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3015261",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3015261&octid=[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/61/301/CT3015261/Images/6340849608501725[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"ef6[...] Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Doug\\AppData\\Roaming\\Mozilla\\Fi[...] Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0"); Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", ""); Found : user_pref("CommunityToolbar.ToolbarsList", "CT3015261"); Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3015261"); Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3015261"); Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Jan 25 2012 10:15:36 GMT-0500 (Eas[...] Found : user_pref("CommunityToolbar.globalUserId", "7e3c7ae0-607a-40d5-90f4-9d902fa8dad7"); Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3015261"); Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Mar 10 2013 13:43:2[...] Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60); Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Mar 11 2013 08:57:31 GMT-040[...] Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.notifications.locale", ""); Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 0); Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Mar 12 2013 11:53:16 GMT-0400 (E[...] Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", ""); Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.notifications.userId", "7057cd71-1cdb-4d27-b7ed-cf0161cd8546"); Found : user_pref("extensions.crossriderapp4493.4493.InstallationThankYouPage", true); Found : user_pref("extensions.crossriderapp4493.4493.InstallationTime", 1359837071); Found : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.searchUserConifrmation", false[...] Found : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setHomepage", false); Found : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setNewTab", false); Found : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setSearch", false); Found : user_pref("extensions.crossriderapp4493.4493.active", true); Found : user_pref("extensions.crossriderapp4493.4493.addressbar", ""); Found : user_pref("extensions.crossriderapp4493.4493.addressbarenhanced", ""); Found : user_pref("extensions.crossriderapp4493.4493.backgroundjs", "\n\n//\n"); Found : user_pref("extensions.crossriderapp4493.4493.backgroundver", 37); Found : user_pref("extensions.crossriderapp4493.4493.can_run_bg_code", true); Found : user_pref("extensions.crossriderapp4493.4493.certdomaininstaller", ""); Found : user_pref("extensions.crossriderapp4493.4493.changeprevious", false); Found : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...] Found : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1359837071"); Found : user_pref("extensions.crossriderapp4493.4493.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...] Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...] Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.value", "1359837071"); Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:00:[...] Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_bu1.value", "1360549318"); Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...] Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.value", "1363103595"); Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 0[...] Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.value", "%221361906535%22"); Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...] Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.value", "%221%22"); Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...] Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.value", "%7B%22source_id%2[...] Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 0[...] Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.value", "%221359648585%22"); Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...] Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.value", "%2214019%22"); Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...] Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.value", "1359863575343"); Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...] Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.value", "%221322%22"); Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...] Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.value", "%2214019%22"); Found : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...] Found : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.value", "1359863536709"); Found : user_pref("extensions.crossriderapp4493.4493.description", "Coupon Companion"); Found : user_pref("extensions.crossriderapp4493.4493.domain", ""); Found : user_pref("extensions.crossriderapp4493.4493.enablesearch", false); Found : user_pref("extensions.crossriderapp4493.4493.fbremoteurl", ""); Found : user_pref("extensions.crossriderapp4493.4493.group", 0); Found : user_pref("extensions.crossriderapp4493.4493.homepage", ""); Found : user_pref("extensions.crossriderapp4493.4493.iframe", false); Found : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...] Found : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.value", "%7B%22installe[...] Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...] Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.value", "83"); Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.expiration", "Fri Feb [...] Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.value", "0"); Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...] Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.value", "%7B%7D"); Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...] Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.value", "%7B%7D"); Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.expiration", "Fri[...] Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.value", "%7B%22re[...] Found : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...] Found : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...] Found : user_pref("extensions.crossriderapp4493.4493.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...] Found : user_pref("extensions.crossriderapp4493.4493.manifesturl", ""); Found : user_pref("extensions.crossriderapp4493.4493.name", "Coupon Companion"); Found : user_pref("extensions.crossriderapp4493.4493.newtab", ""); Found : user_pref("extensions.crossriderapp4493.4493.opensearch", ""); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...] Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.name", "base"); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.ver", 4); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...] Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.name", "GPL Plugin (Loader)"); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.ver", 15); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.code", "var a=appAPI.db.getList([...] Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.name", "GPL Background (BG)"); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.ver", 34); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.code", "(function(a){a.selectedText=f[...] Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.name", "CrossriderAppUtils"); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.ver", 2); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...] Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.name", "CrossriderUtils"); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.ver", 2); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.code", "if((typeof isBackground===\"u[...] Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.name", "FFAppAPIWrapper"); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.ver", 5); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.code", "if(typeof window!==\"undefine[...] Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.name", "jQuery"); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.ver", 3); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...] Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.name", "debug"); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.ver", 3); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...] Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.name", "resources"); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.ver", 2); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.code", "var CrossriderInitializerPlug[...] Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.name", "initializer"); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.ver", 2); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jq[...] Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.name", "jquery_1_7_1"); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.ver", 3); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.code", "(function(){appAPI.ready=func[...] Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.name", "resources_background"); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.ver", 1); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPT[...] Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.name", "appApiMessage"); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.ver", 1); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.code", "if(appAPI.__should_activate_v[...] Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.name", "appApiValidation"); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.ver", 1); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.code", "if(typeof jQuery!==\"undefine[...] Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.name", "CrossriderInfo"); Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.ver", 2); Found : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015"[...] Found : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,[...] Found : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72"); Found : user_pref("extensions.crossriderapp4493.4493.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...] Found : user_pref("extensions.crossriderapp4493.4493.pluginsversion", 59); Found : user_pref("extensions.crossriderapp4493.4493.publisher", "215 Apps"); Found : user_pref("extensions.crossriderapp4493.4493.searchstatus", 0); Found : user_pref("extensions.crossriderapp4493.4493.setnewtab", false); Found : user_pref("extensions.crossriderapp4493.4493.settingsurl", ""); Found : user_pref("extensions.crossriderapp4493.4493.thankyou", ""); Found : user_pref("extensions.crossriderapp4493.4493.updateinterval", 360); Found : user_pref("extensions.crossriderapp4493.4493.ver", 83); Found : user_pref("extensions.crossriderapp4493.adsOldValue", -1); Found : user_pref("extensions.crossriderapp4493.apps", "4493"); Found : user_pref("extensions.crossriderapp4493.bic", "13c9e2e9bc2a1b729e444423d18b7a86"); Found : user_pref("extensions.crossriderapp4493.cid", 4493); Found : user_pref("extensions.crossriderapp4493.firstrun", false); Found : user_pref("extensions.crossriderapp4493.hadappinstalled", true); Found : user_pref("extensions.crossriderapp4493.installationdate", 1359863520); Found : user_pref("extensions.crossriderapp4493.lastcheck", 22716778); Found : user_pref("extensions.crossriderapp4493.lastcheckitem", 22716778); Found : user_pref("extensions.crossriderapp4493.modetype", "production"); Found : user_pref("extensions.crossriderapp4493.reportInstall", true); Found : user_pref("extensions.crossriderapp4493.updating", true); Found : user_pref("extensions.enabledAddons", "%7B3ce45c4f-bfff-4988-9a3c-a75c1f491319%7D:3.15.1.0,crossride[...] Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3015261&SearchSource=2&q=[...] File : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\4z5zdc3b.default\prefs.js Found : user_pref("extensions.crossriderapp4493.adsOldValue", -1); -\\ Google Chrome v25.0.1364.97 File : C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [33340 octets] - [12/03/2013 13:14:51] ########## EOF - C:\AdwCleaner[R1].txt - [33401 octets] ########## TDS Killer: 14:25:30.0412 6732 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 14:25:30.0413 6732 WinUsb - ok 14:25:30.0466 6732 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 14:25:30.0471 6732 Wlansvc - ok 14:25:30.0601 6732 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 14:25:30.0602 6732 wlcrasvc - ok 14:25:30.0732 6732 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 14:25:30.0741 6732 wlidsvc - ok 14:25:30.0778 6732 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 14:25:30.0778 6732 WmiAcpi - ok 14:25:30.0821 6732 [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 14:25:30.0822 6732 wmiApSrv - ok 14:25:30.0856 6732 WMPNetworkSvc - ok 14:25:30.0868 6732 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 14:25:30.0870 6732 WPCSvc - ok 14:25:30.0905 6732 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 14:25:30.0907 6732 WPDBusEnum - ok 14:25:31.0050 6732 WPFFontCache_v0400 - ok 14:25:31.0058 6732 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 14:25:31.0058 6732 ws2ifsl - ok 14:25:31.0060 6732 WSearch - ok 14:25:31.0137 6732 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 14:25:31.0148 6732 wuauserv - ok 14:25:31.0192 6732 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 14:25:31.0193 6732 WudfPf - ok 14:25:31.0245 6732 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 14:25:31.0246 6732 WUDFRd - ok 14:25:31.0280 6732 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 14:25:31.0282 6732 wudfsvc - ok 14:25:31.0322 6732 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 14:25:31.0325 6732 WwanSvc - ok 14:25:31.0417 6732 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~2\COMMON~1\X10\Common\X10nets.exe 14:25:31.0418 6732 x10nets - ok 14:25:31.0464 6732 [ A4B2A8751A8F96134BE6063B8A759116 ] XUIF C:\Windows\system32\Drivers\x10ufx2.sys 14:25:31.0465 6732 XUIF - ok 14:25:31.0523 6732 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys 14:25:31.0525 6732 yukonw7 - ok 14:25:31.0537 6732 ================ Scan global =============================== 14:25:31.0566 6732 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 14:25:31.0598 6732 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 14:25:31.0605 6732 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 14:25:31.0648 6732 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 14:25:31.0694 6732 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 14:25:31.0697 6732 [Global] - ok 14:25:31.0697 6732 ================ Scan MBR ================================== 14:25:31.0699 6732 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1 14:25:31.0857 6732 \Device\Harddisk1\DR1 - ok 14:25:31.0859 6732 [ 7A94F4AB18D032050B74319E6245786F ] \Device\Harddisk2\DR2 14:25:31.0862 6732 \Device\Harddisk2\DR2 - ok 14:25:31.0873 6732 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0 14:25:31.0876 6732 \Device\Harddisk0\DR0 - ok 14:25:31.0879 6732 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3 14:25:31.0882 6732 \Device\Harddisk3\DR3 - ok 14:25:31.0886 6732 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk4\DR4 14:25:31.0892 6732 \Device\Harddisk4\DR4 - ok 14:25:31.0902 6732 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk5\DR5 14:25:31.0913 6732 \Device\Harddisk5\DR5 - ok 14:25:31.0913 6732 ================ Scan VBR ================================== 14:25:31.0915 6732 [ 23CF7D0CE8FC71F96A098AF9864797F2 ] \Device\Harddisk1\DR1\Partition1 14:25:31.0916 6732 \Device\Harddisk1\DR1\Partition1 - ok 14:25:31.0917 6732 [ 4263DE27E40459E85CFB1E086BAF5459 ] \Device\Harddisk2\DR2\Partition1 14:25:31.0918 6732 \Device\Harddisk2\DR2\Partition1 - ok 14:25:31.0931 6732 [ 43588491E0F30094D42ECB794A8A77A5 ] \Device\Harddisk0\DR0\Partition1 14:25:31.0933 6732 \Device\Harddisk0\DR0\Partition1 - ok 14:25:31.0934 6732 [ 2A90819FD9F51ACF6AAD10E734A5C4B7 ] \Device\Harddisk3\DR3\Partition1 14:25:31.0935 6732 \Device\Harddisk3\DR3\Partition1 - ok 14:25:31.0938 6732 [ 345FF1C32A03DBED0C3DE54F5FEAAF77 ] \Device\Harddisk3\DR3\Partition2 14:25:31.0939 6732 \Device\Harddisk3\DR3\Partition2 - ok 14:25:31.0942 6732 [ C86464E30A702047DA22C48DDA5DC3E5 ] \Device\Harddisk4\DR4\Partition1 14:25:31.0943 6732 \Device\Harddisk4\DR4\Partition1 - ok 14:25:31.0946 6732 [ 56A94F02C80039E90636552A3370E776 ] \Device\Harddisk5\DR5\Partition1 14:25:31.0948 6732 \Device\Harddisk5\DR5\Partition1 - ok 14:25:31.0948 6732 ============================================================ 14:25:31.0948 6732 Scan finished 14:25:31.0948 6732 ============================================================ 14:25:31.0953 6456 Detected object count: 0 14:25:31.0953 6456 Actual detected object count: 0 Rogue Killer: RogueKiller V8.5.2 [Mar 9 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Doug [Admin rights] Mode : Scan -- Date : 03/12/2013 14:30:31 | ARK || FAK || MBR | ¤¤¤ Bad processes : 6 ¤¤¤ [sUSP PATH] atnthost.exe -- C:\ProgramData\WebEx\WebEx\319\atnthost.exe [7] -> KILLED [TermProc] [sUSP PATH] raagtapp.exe -- C:\ProgramData\WebEx\WebEx\319\raagtapp.exe [7] -> KILLED [TermProc] [sUSP PATH] rapanel.exe -- C:\ProgramData\WebEx\WebEx\319\rapanel.exe [7] -> KILLED [TermProc] [Microsoft][HJNAME] notepad.exe -- C:\Windows\SysWOW64\notepad.exe [7] -> KILLED [TermProc] [Microsoft][HJNAME] notepad.exe -- C:\Windows\System32\notepad.exe [7] -> KILLED [TermProc] [sUSP PATH] tdsskiller.exe -- C:\Users\Doug\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TV5R3SU9\tdsskiller.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 9 ¤¤¤ [RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : Raagtx (C:\ProgramData\WebEx\WebEx\319\raagtx.exe) [x] -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$bb8a10ffe11655d0551cca486a22d89b\n.) [x] -> FOUND [HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$bb8a10ffe11655d0551cca486a22d89b\n.) [x] -> FOUND [RUN][HJNAME] [ON_D:Chuck]HKCU[...]\Run : ctfmon.exe (C:\WINDOWS\system32\ctfmon.exe) [7] -> FOUND [RUN][HJNAME] [ON_D:Guest]HKCU[...]\Run : ctfmon.exe (C:\WINDOWS\system32\ctfmon.exe) [7] -> FOUND [RUN][HJNAME] [ON_D:Jack]HKCU[...]\Run : ctfmon.exe (C:\WINDOWS\system32\ctfmon.exe) [7] -> FOUND [RUN][HJNAME] [ON_D:Kayla]HKCU[...]\Run : ctfmon.exe (C:\WINDOWS\system32\ctfmon.exe) [7] -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$bb8a10ffe11655d0551cca486a22d89b\@ [-] --> FOUND [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3185252367-1272832353-3625531396-1000\$bb8a10ffe11655d0551cca486a22d89b\@ [-] --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$bb8a10ffe11655d0551cca486a22d89b\U --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3185252367-1272832353-3625531396-1000\$bb8a10ffe11655d0551cca486a22d89b\U --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$bb8a10ffe11655d0551cca486a22d89b\L --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3185252367-1272832353-3625531396-1000\$bb8a10ffe11655d0551cca486a22d89b\L --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Extern Hives: ¤¤¤ -> D:\Documents and Settings\Admin\NTUSER.DAT -> D:\Documents and Settings\All Users\NTUSER.DAT -> D:\Documents and Settings\Chuck\NTUSER.DAT -> D:\Documents and Settings\Default User\NTUSER.DAT -> D:\Documents and Settings\Guest\NTUSER.DAT -> D:\Documents and Settings\Jack\NTUSER.DAT -> D:\Documents and Settings\Kayla\NTUSER.DAT ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000AACS-00ZUB0 ATA Device +++++ --- User --- [MBR] 25fa57c908a4c1694443993f6b5aeadb [bSP] 463382accf8021881acc9074f0119ecc : MBR Code unknown Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: Maxtor 6 Y160P0 SCSI Disk Device +++++ --- User --- [MBR] c529b8f3b9eb62aa9204993501bef13a [bSP] 678773cd8b953f2944434ede1bc558d9 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 131069 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive2: WDC WD80 0BB-00BS SCSI Disk Device +++++ --- User --- [MBR] 7abdda59174bb09fe18e8b631807b7ea [bSP] 0547ea5b19154764850b4367bc802266 : Windows XP MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1]_S_03122013_02d1430.txt >> RKreport[1]_S_03122013_02d1430.txt Waiting for your next instructions.