Jump to content

Window command processor problem


Recommended Posts

Hello,

I have been experiencing problems with persistent windows command processor pop ups. Having read a few very useful threads on the forum, I tried fixing the problem with both Malwarebytes and Combofix without much luck. Would really appreciate some help over this problem. Please find below two reports generated by DDS (in Safe mode). Thank you very much in advance!

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2

Run by oh-dell at 12:26:21 on 2013-01-14

Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8073.6751 [GMT 0:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Trend Micro Personal Firewall *Enabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\wajam.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

uRun: [LightShot] C:\Users\oh-dell\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [DesktopReminder2ByPolenter] "C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe" -silent

uRun: [slwYpxjn] C:\Users\oh-dell\AppData\Local\jwdoylwk\slwypxjn.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [OfficeScanNT Monitor] "c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\oh-dell\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\oh-dell\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\oh-dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\slwypxjn.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: DisableCAD = dword:1

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{F82C37F4-6194-4860-931B-E3BC6FF58EA2} : DHCPNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe

x64-Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe

x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"

x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\oh-dell\AppData\Roaming\Mozilla\Firefox\Profiles\6kdblg5s.default\

FF - prefs.js: browser.search.defaulturl - hxxp://fastestwebsearch.com/search?q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - blank

FF - prefs.js: keyword.URL - hxxp://fastestwebsearch.com/search?q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\oh-dell\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\oh-dell\AppData\Roaming\Mozilla\plugins\npatgpc.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2012-11-29 09:56; fmconverter@gmail.com; C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox

.

---- FIREFOX POLICIES ----

FF - user.js: capability.policy.policynames - allowclipboard

FF - user.js: capability.policy.allowclipboard.sites - hxxp://www.criasaude.com.br/qsPortal/Edit.asp?N=2447&RN=2447&EditType=6

FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess

FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110811

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 8adbeecd000000000000180373d10f6d

FF - user.js: extensions.BabylonToolbar_i.hardId - 8adbeecd000000000000180373d10f6d

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15421

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1710:24:32

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: extensions.funmoods_i.hmpg - true

FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg

FF - user.js: extensions.funmoods_i.dfltSrch - true

FF - user.js: extensions.funmoods_i.srchPrvdr - Search

FF - user.js: extensions.funmoods_i.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg

FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=adknlg&q=

FF - user.js: extensions.funmoods_i.id - 8adbeecd000000000000180373d10f6d

FF - user.js: extensions.funmoods_i.instlDay - 15434

FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1612:40:29

FF - user.js: extensions.funmoods_i.prtnrId - funmoods

FF - user.js: extensions.funmoods_i.prdct - funmoods

FF - user.js: extensions.funmoods_i.aflt - adknlg

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods_i.tlbrId - base

FF - user.js: extensions.funmoods_i.instlRef -

FF - user.js: extensions.funmoods_i.dfltLng -

FF - user.js: extensions.funmoods_i.excTlbr - false

FF - user.js: extensions.autoDisableScopes - 14//iBryte

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-10-14 55856]

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\System32\drivers\tmlwf.sys [2010-11-8 196688]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-14 13336]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2011-10-14 165032]

S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-23 212944]

S2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-9-26 375728]

S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]

S2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-11-22 72216]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S2 SSIWEB8.0.0Apache;SSIWEB8.0.0Apache;C:\Program Files (x86)\Sawtooth Software\SSI Web 8.0.0\LocalWeb\bin\httpd.exe [2012-2-28 20549]

S2 svcGenericHost;Trend Micro Client/Server Security Agent;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2011-4-7 50704]

S2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-3-24 310032]

S2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys [2011-3-24 42768]

S2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\System32\drivers\tmwfp.sys [2010-11-8 338000]

S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-14 2656536]

S2 WajamUpdater;WajamUpdater;C:\Program Files\Wajam\Updater\WajamUpdater.exe [2012-3-9 109064]

S2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-7-1 1600000]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]

S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-14 317440]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-9-5 234776]

S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]

S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmPfw.exe [2010-7-21 596032]

S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2010-7-21 917840]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-27 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-01-14 11:30:06 -------- d-sh--w- C:\$RECYCLE.BIN

2013-01-14 11:16:17 98816 ----a-w- C:\Windows\sed.exe

2013-01-14 11:16:17 256000 ----a-w- C:\Windows\PEV.exe

2013-01-14 11:16:17 208896 ----a-w- C:\Windows\MBR.exe

2013-01-14 10:15:19 -------- d-----w- C:\Users\oh-dell\AppData\Roaming\SUPERAntiSpyware.com

2013-01-11 21:08:54 2002432 ----a-w- C:\Windows\System32\msxml6.dll

2013-01-11 21:08:54 1882624 ----a-w- C:\Windows\System32\msxml3.dll

2013-01-11 21:08:53 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2013-01-11 21:08:53 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2013-01-11 21:08:52 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2013-01-11 21:08:52 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2013-01-11 21:08:50 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-01-11 21:04:10 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2013-01-11 21:03:59 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2013-01-11 20:57:36 3149824 ----a-w- C:\Windows\System32\win32k.sys

2013-01-11 20:55:52 -------- d-----w- C:\Users\oh-dell\AppData\Local\MFAData

2013-01-11 20:55:52 -------- d-----w- C:\Users\oh-dell\AppData\Local\Avg2013

2013-01-11 20:55:52 -------- d-----w- C:\ProgramData\MFAData

2013-01-11 20:51:01 -------- d-----w- C:\Users\oh-dell\AppData\Local\jwdoylwk

2013-01-11 17:33:05 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E6C07491-D59E-4AC5-AA6E-ABEC12DF3A13}\mpengine.dll

2013-01-11 16:53:26 -------- d-----w- C:\Users\oh-dell\AppData\Roaming\Malwarebytes

2013-01-11 16:53:14 -------- d-----w- C:\ProgramData\Malwarebytes

2013-01-11 16:10:50 800768 ----a-w- C:\Windows\System32\usp10.dll

2013-01-11 16:10:50 626688 ----a-w- C:\Windows\SysWow64\usp10.dll

2013-01-11 16:10:34 68608 ----a-w- C:\Windows\System32\taskhost.exe

2013-01-11 15:55:15 750592 ----a-w- C:\Windows\System32\win32spl.dll

2013-01-11 15:54:39 44544 ----a-w- C:\Windows\SysWow64\pegibbfc.rs

2013-01-11 15:52:43 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-01-11 14:56:11 99700 --s---w- C:\Users\oh-dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\slwypxjn.exe

2013-01-02 18:01:43 46080 ----a-w- C:\Windows\System32\atmlib.dll

2013-01-02 18:01:43 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2013-01-02 18:01:42 367616 ----a-w- C:\Windows\System32\atmfd.dll

2013-01-02 18:01:42 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2013-01-02 09:40:58 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-01-02 09:40:58 -------- d-----w- C:\Program Files\iTunes

2013-01-02 09:40:58 -------- d-----w- C:\Program Files\iPod

2012-12-18 14:28:14 186584 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2013-01-10 11:25:22 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-10 11:25:22 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-14 09:25:02 88008 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll

2012-11-14 09:25:01 83880 ----a-w- C:\Windows\System32\LMIinit.dll

2012-11-14 09:25:01 35240 ----a-w- C:\Windows\System32\LMIport.dll

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-01-25 12:30:12 15405540 ----a-w- C:\Program Files (x86)\Praat.exe

.

============= FINISH: 12:27:06.61 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 24/10/2011 11:10:30

System Uptime: 14/01/2013 12:22:47 (0 hours ago)

.

Motherboard: Dell Inc. | | 0D6H9T

Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz | CPU 1 | 3392/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 453 GiB total, 359.724 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP144: 08/01/2013 09:31:34 - Windows Update

RP145: 10/01/2013 09:31:12 - Windows Update

RP146: 10/01/2013 18:06:05 - Windows Update

RP147: 11/01/2013 15:53:39 - Restore Operation

RP148: 11/01/2013 16:06:44 - Windows Update

RP149: 11/01/2013 20:51:58 - Windows Update

RP150: 11/01/2013 20:59:02 - Installed AVG 2013

RP151: 11/01/2013 21:06:23 - Windows Update

RP152: 14/01/2013 09:36:22 - Windows Update

.

==== Installed Programs ======================

.

Actual RAR Repair v.3.0

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.5)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AsfTools 3.1 (remove only)

Babylon toolbar on IE

BioAPI Framework

Bonjour

Callnote Premium version 2.0.8.0

Cisco WebEx Meeting Center for Firefox or Chrome

Cisco WebEx Meetings

Custom

CyberLink PowerDVD 9.5

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Backup and Recovery Manager

Dell Data Protection | Access

Dell Data Protection | Access | Drivers

Dell Data Protection | Access | Middleware

Dell Edoc Viewer

DellAccess

Desktop-Reminder 2

DirectX 9 Runtime

Dropbox

EMBASSY Security Center

Express Zip

Freemake Video Converter version 3.1.2

Gemalto

Google Chrome

Google Drive

Google Update Helper

Handbrake 0.9.4

IBM SPSS Statistics 19

Intel® Control Center

Intel® Identity Protection Technology 1.1.2.0

Intel® Management Engine Components

Intel® Network Connections 15.7.176.1

Intel® Processor Graphics

Intel® Rapid Storage Technology

iTunes

IZArc 4.1.6

Java 7 Update 9

Java Auto Updater

Java™ 6 Update 27 (64-bit)

JavaFX 2.1.1

Junk Mail filter update

Just Learn Morse Code

Last.fm 1.5.4.27091

lightshot-3.2.0.0

LogMeIn

McAfee Security Scan Plus

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft IntelliType Pro 8.2

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Business 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 18.0 (x86 en-GB)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NoteTab Light 6 (Remove only)

NTRU TCG Software Stack

Object Fix Zip

PC-CCID

PDFill PDF Editor with FREE Writer and FREE Tools

PhotoShowExpress

Preboot Manager

Private Information Manager

RAR Repair Free 1.0

RBVirtualFolder64Inst

Realtek High Definition Audio Driver

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Roxio File Backup

Sawtooth Software CBC/HB 5.2.8

Sawtooth Software Latent Class

Sawtooth Software MaxDiff Designer 2.0.2

Sawtooth Software SMRT Demo

Sawtooth Software SSI Web 7.0.26

Sawtooth Software SSI Web 8.0.0

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Simpo PDF to Word 3.4.2.0

Skype Click to Call

Skype™ 6.0

Sonic CinePlayer Decoder Pack

SPBA 5.9

Sublime Text 2.0.1

Trend Micro Client/Server Security Agent

Trusted Drive Manager

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Upek Touchchip Fingerprint Reader

Visual Studio 2010 x64 Redistributables

VLC media player 2.0.0

Wajam

Wave Infrastructure Installer

Wave Support Software Installer

Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

14/01/2013 12:23:38, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

14/01/2013 12:23:38, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

14/01/2013 12:23:36, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

14/01/2013 12:23:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

14/01/2013 12:23:27, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

14/01/2013 12:23:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TdmService with arguments "" in order to run the server: {2F723A84-FD6F-4C32-9477-391FA6EA0BB6}

14/01/2013 12:23:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

14/01/2013 12:23:19, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr tmtdi Wanarpv6

14/01/2013 12:23:13, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.

14/01/2013 11:28:43, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

14/01/2013 11:28:04, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

14/01/2013 11:19:10, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

14/01/2013 11:19:10, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

14/01/2013 11:16:19, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

14/01/2013 11:13:02, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SASDIFSV SASKUTIL spldr tmtdi Wanarpv6

14/01/2013 10:09:29, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.

14/01/2013 10:09:28, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243

14/01/2013 10:09:28, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.

14/01/2013 09:45:36, Error: volmgr [46] - Crash dump initialization failed!

11/01/2013 21:00:20, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

11/01/2013 17:16:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

11/01/2013 16:21:54, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.141.3676.0).

08/01/2013 18:08:22, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.

07/01/2013 15:15:29, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello Xierong and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please do not run ComboFix without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Step 1

Please uninstall these applications:

Babylon toolbar on IE

Wajam

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log

Link to post
Share on other sites

Hi Maniac,

Thank you for your prompt reply.

Babylon toolbar on IE - Uninstalled

Wajam - Uninstalled

Please find below logs files requested. The quick scan by Malwarebytes did not locate any malicious item. Please advise further steps. Many thanks!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.4.2 (01.08.2013:1)

OS: Windows 7 Professional x64

Ran by oh-dell on 14/01/2013 at 13:01:13.26

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-295251904-2555945974-1429892940-1000\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-295251904-2555945974-1429892940-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\abouturls\\Tabs

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\esrv.babylonesrvc

Successfully deleted: [Registry Key] hkey_classes_root\esrv.babylonesrvc.1

Successfully deleted: [Registry Key] hkey_local_machine\software\babylon

Successfully deleted: [Registry Key] hkey_current_user\software\conduit

Successfully deleted: [Registry Key] hkey_local_machine\software\conduit

Successfully deleted: [Registry Key] hkey_local_machine\software\funmoods

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\i want this

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\wajam.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\b

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bbylnapp.appcore

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bbylnapp.appcore.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\escort.escrtbtn.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{291bccc1-6890-484a-89d3-318c928dac1b}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{95b7759c-8c7f-4bf1-b163-73684a933233}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{97f2ff5b-260c-4ccf-834a-2dda4e29e39e}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{b8276a94-891d-453c-9ff3-715c042a2575}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{e627dc4b-8c04-4234-a2d4-1d634ee01c41}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{e627dc4b-8c04-4234-a2d4-1d634ee01c41}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ffb9adcb-8c79-4c29-81d3-74d46a93d370}

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt

Successfully deleted: [File] C:\eula.1031.txt

Successfully deleted: [File] C:\eula.1033.txt

Successfully deleted: [File] C:\eula.1036.txt

Successfully deleted: [File] C:\eula.1040.txt

Successfully deleted: [File] C:\eula.1041.txt

Successfully deleted: [File] C:\eula.1042.txt

Successfully deleted: [File] C:\eula.2052.txt

Successfully deleted: [File] C:\install.res.1028.dll

Successfully deleted: [File] C:\install.res.1031.dll

Successfully deleted: [File] C:\install.res.1033.dll

Successfully deleted: [File] C:\install.res.1036.dll

Successfully deleted: [File] C:\install.res.1040.dll

Successfully deleted: [File] C:\install.res.1041.dll

Successfully deleted: [File] C:\install.res.1042.dll

Successfully deleted: [File] C:\install.res.2052.dll

Successfully deleted: [File] C:\install.res.3082.dll

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"

Successfully deleted: [Folder] "C:\Users\oh-dell\AppData\Roaming\babylon"

Successfully deleted: [Folder] "C:\Users\oh-dell\appdata\local\babylon"

Successfully deleted: [Folder] "C:\Users\oh-dell\appdata\locallow\babylontoolbar"

Successfully deleted: [Folder] "C:\Program Files (x86)\wajam"

Successfully deleted: [Folder] "C:\Users\oh-dell\appdata\local\google\chrome\user data\default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0"

Successfully deleted: [Folder] "C:\ProgramData\ask"

~~~ FireFox

Successfully deleted: [File] C:\user.js

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"

Successfully deleted: [File] C:\Users\oh-dell\AppData\Roaming\mozilla\firefox\profiles\6kdblg5s.default\user.js

Successfully deleted: [File] C:\Users\oh-dell\AppData\Roaming\mozilla\firefox\profiles\6kdblg5s.default\searchplugins\funmoods.xml

Successfully deleted the following from C:\Users\oh-dell\AppData\Roaming\mozilla\firefox\profiles\6kdblg5s.default\prefs.js

user_pref("browser.search.defaultengine", "Ask.com");

user_pref("browser.search.defaultenginename", "Ask.com");

user_pref("browser.search.defaulturl", "http://fastestwebsearch.com/search?q={searchTerms}");

user_pref("browser.search.order.1", "Ask.com");

user_pref("browser.search.selectedEngine", "Ask.com");

user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

user_pref("extensions.BabylonToolbar_i.babExt", "");

user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110811");

user_pref("extensions.BabylonToolbar_i.hardId", "8adbeecd000000000000180373d10f6d");

user_pref("extensions.BabylonToolbar_i.id", "8adbeecd000000000000180373d10f6d");

user_pref("extensions.BabylonToolbar_i.instlDay", "15421");

user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");

user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1710:24:32");

user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

user_pref("extensions.crossriderapp2258@crossrider.com.install-event-fired", true);

user_pref("extensions.foxlingo.addit.defaultAddons", "{ \"software\": {\"20\": {\"id\": \"20\",\"title\": \"Babylon\",\"type\": \"EXE\",\"url\": \"https://www.addonfox.com/par

user_pref("extensions.funmoods.SimilarSitesStorage-pid2", "869f7eb3edf9ff0d");

user_pref("extensions.funmoods.admin", false);

user_pref("extensions.funmoods.aflt", "adknlg");

user_pref("extensions.funmoods.brwsrsrc", "ietlbr");

user_pref("extensions.funmoods.cntry", "GB");

user_pref("extensions.funmoods.dfltLng", "EN");

user_pref("extensions.funmoods.dfltSrch", true);

user_pref("extensions.funmoods.dfltlng", "en");

user_pref("extensions.funmoods.dfltsrch", true);

user_pref("extensions.funmoods.excTlbr", false);

user_pref("extensions.funmoods.hdrMd5", "643BC671D136EFE67888DD292438A02F");

user_pref("extensions.funmoods.hmpg", true);

user_pref("extensions.funmoods.hrdid", "0");

user_pref("extensions.funmoods.id", "8adbeecd000000000000180373d10f6d");

user_pref("extensions.funmoods.instlDay", "15434");

user_pref("extensions.funmoods.instlRef", "");

user_pref("extensions.funmoods.instlday", "15434");

user_pref("extensions.funmoods.instlref", "");

user_pref("extensions.funmoods.isDcmntCmplt", false);

user_pref("extensions.funmoods.keywordurl", "");

user_pref("extensions.funmoods.lastVrsnTs", "1.5.11.1612:40:29");

user_pref("extensions.funmoods.newTab", true);

user_pref("extensions.funmoods.newTabUrl", "http://start.funmoods.com/?f=2&a=adknlg");

user_pref("extensions.funmoods.newtab", true);

user_pref("extensions.funmoods.newtaburl", "http://start.funmoods.com/?f=2&a=adknlg");

user_pref("extensions.funmoods.noFFXTlbr", false);

user_pref("extensions.funmoods.prdct", "funmoods");

user_pref("extensions.funmoods.prtnrId", "funmoods");

user_pref("extensions.funmoods.prtnrid", "funmoods");

user_pref("extensions.funmoods.sg", "none");

user_pref("extensions.funmoods.smplGrp", "none");

user_pref("extensions.funmoods.smplgrp", "none");

user_pref("extensions.funmoods.srch", "");

user_pref("extensions.funmoods.srchPrvdr", "Search");

user_pref("extensions.funmoods.srchprvdr", "Search");

user_pref("extensions.funmoods.tlbrId", "base");

user_pref("extensions.funmoods.tlbrSrchUrl", "http://start.funmoods.com/results.php?f=3&a=adknlg&q=");

user_pref("extensions.funmoods.tlbrid", "base");

user_pref("extensions.funmoods.tlbrsrchurl", "http://start.funmoods.com/results.php?f=3&a=adknlg&q=");

user_pref("extensions.funmoods.vrsn", "1.5.11.16");

user_pref("extensions.funmoods.vrsnTs", "1.5.11.1612:40:29");

user_pref("extensions.funmoods.vrsni", "1.5.11.16");

user_pref("extensions.funmoods.vrsnts", "1.5.11.1612:40:29");

user_pref("extensions.funmoods_i.aflt", "adknlg");

user_pref("extensions.funmoods_i.dfltLng", "");

user_pref("extensions.funmoods_i.dfltSrch", true);

user_pref("extensions.funmoods_i.dnsErr", true);

user_pref("extensions.funmoods_i.excTlbr", false);

user_pref("extensions.funmoods_i.hmpg", true);

user_pref("extensions.funmoods_i.hmpgUrl", "http://start.funmoods.com/?f=1&a=adknlg");

user_pref("extensions.funmoods_i.id", "8adbeecd000000000000180373d10f6d");

user_pref("extensions.funmoods_i.instlDay", "15434");

user_pref("extensions.funmoods_i.instlRef", "");

user_pref("extensions.funmoods_i.newTab", true);

user_pref("extensions.funmoods_i.newTabUrl", "http://start.funmoods.com/?f=2&a=adknlg");

user_pref("extensions.funmoods_i.prdct", "funmoods");

user_pref("extensions.funmoods_i.prtnrId", "funmoods");

user_pref("extensions.funmoods_i.smplGrp", "none");

user_pref("extensions.funmoods_i.srchPrvdr", "Search");

user_pref("extensions.funmoods_i.tlbrId", "base");

user_pref("extensions.funmoods_i.tlbrSrchUrl", "http://start.funmoods.com/results.php?f=3&a=adknlg&q=");

user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");

user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.1612:40:29");

user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");

user_pref("keyword.URL", "http://fastestwebsearch.com/search?q=");

Emptied folder: C:\Users\oh-dell\AppData\Roaming\mozilla\firefox\profiles\6kdblg5s.default\minidumps [38 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 14/01/2013 at 13:02:41.35

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.14.03

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

oh-dell :: OH-DELL-PC [administrator]

14/01/2013 13:05:51

mbam-log-2013-01-14 (13-05-51).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 213584

Time elapsed: 1 minute(s), 59 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2

Run by oh-dell at 13:09:22 on 2013-01-14

Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8073.7160 [GMT 0:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Trend Micro Personal Firewall *Enabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\ctfmon.exe

C:\Windows\explorer.exe

c:\program files\windows defender\MpCmdRun.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

uRun: [LightShot] C:\Users\oh-dell\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [DesktopReminder2ByPolenter] "C:\Program Files (x86)\Desktop-Reminder 2\DesktopReminder2.exe" -silent

uRun: [slwYpxjn] C:\Users\oh-dell\AppData\Local\jwdoylwk\slwypxjn.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [OfficeScanNT Monitor] "c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\Users\oh-dell\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\oh-dell\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\oh-dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\slwypxjn.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: DisableCAD = dword:1

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{F82C37F4-6194-4860-931B-E3BC6FF58EA2} : DHCPNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe

x64-Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe

x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"

x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\oh-dell\AppData\Roaming\Mozilla\Firefox\Profiles\6kdblg5s.default\

FF - prefs.js: browser.startup.homepage - blank

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\oh-dell\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\oh-dell\AppData\Roaming\Mozilla\plugins\npatgpc.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2012-11-29 09:56; fmconverter@gmail.com; C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-10-14 55856]

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\System32\drivers\tmlwf.sys [2010-11-8 196688]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-14 13336]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2011-10-14 165032]

S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-23 212944]

S2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-9-26 375728]

S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]

S2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-11-22 72216]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S2 SSIWEB8.0.0Apache;SSIWEB8.0.0Apache;C:\Program Files (x86)\Sawtooth Software\SSI Web 8.0.0\LocalWeb\bin\httpd.exe [2012-2-28 20549]

S2 svcGenericHost;Trend Micro Client/Server Security Agent;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2011-4-7 50704]

S2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-3-24 310032]

S2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys [2011-3-24 42768]

S2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\System32\drivers\tmwfp.sys [2010-11-8 338000]

S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-14 2656536]

S2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-7-1 1600000]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]

S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-14 317440]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-9-5 234776]

S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]

S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmPfw.exe [2010-7-21 596032]

S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2010-7-21 917840]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-27 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-01-14 13:07:31 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E6C07491-D59E-4AC5-AA6E-ABEC12DF3A13}\offreg.dll

2013-01-14 13:05:05 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-01-14 13:05:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-01-14 13:01:11 -------- d-----w- C:\Windows\ERUNT

2013-01-14 13:01:05 -------- d-----w- C:\JRT

2013-01-14 11:30:06 -------- d-sh--w- C:\$RECYCLE.BIN

2013-01-14 11:16:17 98816 ----a-w- C:\Windows\sed.exe

2013-01-14 11:16:17 256000 ----a-w- C:\Windows\PEV.exe

2013-01-14 11:16:17 208896 ----a-w- C:\Windows\MBR.exe

2013-01-14 10:15:19 -------- d-----w- C:\Users\oh-dell\AppData\Roaming\SUPERAntiSpyware.com

2013-01-11 21:08:54 2002432 ----a-w- C:\Windows\System32\msxml6.dll

2013-01-11 21:08:54 1882624 ----a-w- C:\Windows\System32\msxml3.dll

2013-01-11 21:08:53 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2013-01-11 21:08:53 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2013-01-11 21:08:52 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2013-01-11 21:08:52 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2013-01-11 21:08:50 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-01-11 21:04:10 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2013-01-11 21:03:59 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2013-01-11 20:57:36 3149824 ----a-w- C:\Windows\System32\win32k.sys

2013-01-11 20:55:52 -------- d-----w- C:\Users\oh-dell\AppData\Local\MFAData

2013-01-11 20:55:52 -------- d-----w- C:\Users\oh-dell\AppData\Local\Avg2013

2013-01-11 20:55:52 -------- d-----w- C:\ProgramData\MFAData

2013-01-11 20:51:01 -------- d-----w- C:\Users\oh-dell\AppData\Local\jwdoylwk

2013-01-11 17:33:05 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E6C07491-D59E-4AC5-AA6E-ABEC12DF3A13}\mpengine.dll

2013-01-11 16:53:26 -------- d-----w- C:\Users\oh-dell\AppData\Roaming\Malwarebytes

2013-01-11 16:53:14 -------- d-----w- C:\ProgramData\Malwarebytes

2013-01-11 16:10:50 800768 ----a-w- C:\Windows\System32\usp10.dll

2013-01-11 16:10:50 626688 ----a-w- C:\Windows\SysWow64\usp10.dll

2013-01-11 16:10:34 68608 ----a-w- C:\Windows\System32\taskhost.exe

2013-01-11 15:55:15 750592 ----a-w- C:\Windows\System32\win32spl.dll

2013-01-11 15:54:39 44544 ----a-w- C:\Windows\SysWow64\pegibbfc.rs

2013-01-11 15:52:43 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-01-11 14:56:11 99700 --s---w- C:\Users\oh-dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\slwypxjn.exe

2013-01-02 18:01:43 46080 ----a-w- C:\Windows\System32\atmlib.dll

2013-01-02 18:01:43 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2013-01-02 18:01:42 367616 ----a-w- C:\Windows\System32\atmfd.dll

2013-01-02 18:01:42 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2013-01-02 09:40:58 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-01-02 09:40:58 -------- d-----w- C:\Program Files\iTunes

2013-01-02 09:40:58 -------- d-----w- C:\Program Files\iPod

2012-12-18 14:28:14 186584 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2013-01-10 11:25:22 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-10 11:25:22 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-14 09:25:02 88008 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll

2012-11-14 09:25:01 83880 ----a-w- C:\Windows\System32\LMIinit.dll

2012-11-14 09:25:01 35240 ----a-w- C:\Windows\System32\LMIport.dll

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-01-25 12:30:12 15405540 ----a-w- C:\Program Files (x86)\Praat.exe

.

============= FINISH: 13:09:26.02 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 24/10/2011 11:10:30

System Uptime: 14/01/2013 12:22:47 (1 hours ago)

.

Motherboard: Dell Inc. | | 0D6H9T

Processor: Intel® Core i7-2600 CPU @ 3.40GHz | CPU 1 | 3392/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 453 GiB total, 359.657 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP144: 08/01/2013 09:31:34 - Windows Update

RP145: 10/01/2013 09:31:12 - Windows Update

RP146: 10/01/2013 18:06:05 - Windows Update

RP147: 11/01/2013 15:53:39 - Restore Operation

RP148: 11/01/2013 16:06:44 - Windows Update

RP149: 11/01/2013 20:51:58 - Windows Update

RP150: 11/01/2013 20:59:02 - Installed AVG 2013

RP151: 11/01/2013 21:06:23 - Windows Update

RP152: 14/01/2013 09:36:22 - Windows Update

.

==== Installed Programs ======================

.

Actual RAR Repair v.3.0

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.5)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AsfTools 3.1 (remove only)

BioAPI Framework

Bonjour

Callnote Premium version 2.0.8.0

Cisco WebEx Meeting Center for Firefox or Chrome

Cisco WebEx Meetings

Custom

CyberLink PowerDVD 9.5

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Backup and Recovery Manager

Dell Data Protection | Access

Dell Data Protection | Access | Drivers

Dell Data Protection | Access | Middleware

Dell Edoc Viewer

DellAccess

Desktop-Reminder 2

DirectX 9 Runtime

Dropbox

EMBASSY Security Center

Express Zip

Freemake Video Converter version 3.1.2

Gemalto

Google Chrome

Google Drive

Google Update Helper

Handbrake 0.9.4

IBM SPSS Statistics 19

Intel® Control Center

Intel® Identity Protection Technology 1.1.2.0

Intel® Management Engine Components

Intel® Network Connections 15.7.176.1

Intel® Processor Graphics

Intel® Rapid Storage Technology

iTunes

IZArc 4.1.6

Java 7 Update 9

Java Auto Updater

Java 6 Update 27 (64-bit)

JavaFX 2.1.1

Junk Mail filter update

Just Learn Morse Code

Last.fm 1.5.4.27091

lightshot-3.2.0.0

LogMeIn

Malwarebytes Anti-Malware version 1.70.0.1100

McAfee Security Scan Plus

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft IntelliType Pro 8.2

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Business 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 18.0 (x86 en-GB)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NoteTab Light 6 (Remove only)

NTRU TCG Software Stack

Object Fix Zip

PC-CCID

PDFill PDF Editor with FREE Writer and FREE Tools

PhotoShowExpress

Preboot Manager

Private Information Manager

RAR Repair Free 1.0

RBVirtualFolder64Inst

Realtek High Definition Audio Driver

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Roxio File Backup

Sawtooth Software CBC/HB 5.2.8

Sawtooth Software Latent Class

Sawtooth Software MaxDiff Designer 2.0.2

Sawtooth Software SMRT Demo

Sawtooth Software SSI Web 7.0.26

Sawtooth Software SSI Web 8.0.0

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Simpo PDF to Word 3.4.2.0

Skype Click to Call

Skype™ 6.0

Sonic CinePlayer Decoder Pack

SPBA 5.9

Sublime Text 2.0.1

Trend Micro Client/Server Security Agent

Trusted Drive Manager

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Upek Touchchip Fingerprint Reader

Visual Studio 2010 x64 Redistributables

VLC media player 2.0.0

Wave Infrastructure Installer

Wave Support Software Installer

Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

14/01/2013 13:09:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TdmService with arguments "" in order to run the server: {2F723A84-FD6F-4C32-9477-391FA6EA0BB6}

.

==== End Of File ===========================

Link to post
Share on other sites

Please find log file for running Malwarebytes in Normal mode below:

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.14.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

oh-dell :: OH-DELL-PC [administrator]

14/01/2013 13:27:17

mbam-log-2013-01-14 (13-27-17).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 215081

Time elapsed: 2 minute(s), 22 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Thank you!

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Please find combofix log below. I am afraid the problem persists. :(

ComboFix 13-01-14.01 - oh-dell 14/01/2013 14:09:03.3.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8073.6047 [GMT 0:00]

Running from: c:\users\oh-dell\Downloads\ComboFix.exe

FW: Trend Micro Personal Firewall *Enabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\oh-dell\AppData\Local\jwdoylwk\slwypxjn.exe

c:\users\oh-dell\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\_ctypes.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\_elementtree.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\_hashlib.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\_socket.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\_ssl.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\pyexpat.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\pysqlite2._sqlite.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\python26.dll

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\pythoncom26.dll

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\PyWinTypes26.dll

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\select.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\unicodedata.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\win32api.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\win32com.shell.shell.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\win32crypt.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\win32event.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\win32file.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\win32inet.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\win32pdh.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\win32process.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\win32profile.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\win32security.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\win32ts.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\windows._cacheinvalidation.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\wx._controls_.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\wx._core_.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\wx._gdi_.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\wx._html2.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\wx._misc_.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\wx._windows_.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\wx._wizard.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\wxbase293u_net_vc.dll

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\wxbase293u_vc.dll

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\wxmsw293u_adv_vc.dll

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\wxmsw293u_core_vc.dll

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\wxmsw293u_html_vc.dll

c:\users\oh-dell\AppData\Local\Temp\_MEI44722\wxmsw293u_webview_vc.dll

c:\users\oh-dell\AppData\Local\trjuiweh.log

.

.

((((((((((((((((((((((((( Files Created from 2012-12-14 to 2013-01-14 )))))))))))))))))))))))))))))))

.

.

2013-01-14 14:12 . 2013-01-14 14:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-14 13:05 . 2013-01-14 13:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-01-14 13:05 . 2012-12-14 16:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-14 13:01 . 2013-01-14 13:01 -------- d-----w- c:\windows\ERUNT

2013-01-14 13:01 . 2013-01-14 13:21 -------- d-----w- C:\JRT

2013-01-14 10:15 . 2013-01-14 10:15 -------- d-----w- c:\users\oh-dell\AppData\Roaming\SUPERAntiSpyware.com

2013-01-11 21:08 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll

2013-01-11 21:08 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll

2013-01-11 21:08 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll

2013-01-11 21:08 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2013-01-11 21:08 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-11 21:08 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll

2013-01-11 21:08 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2013-01-11 21:04 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll

2013-01-11 21:03 . 2012-11-30 05:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-01-11 20:57 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2013-01-11 20:55 . 2013-01-11 20:56 -------- d-----w- c:\programdata\MFAData

2013-01-11 20:55 . 2013-01-11 20:55 -------- d-----w- c:\users\oh-dell\AppData\Local\MFAData

2013-01-11 20:55 . 2013-01-11 20:55 -------- d-----w- c:\users\oh-dell\AppData\Local\Avg2013

2013-01-11 20:51 . 2013-01-14 14:12 -------- d-----w- c:\users\oh-dell\AppData\Local\jwdoylwk

2013-01-11 17:33 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6C07491-D59E-4AC5-AA6E-ABEC12DF3A13}\mpengine.dll

2013-01-11 16:53 . 2013-01-11 16:53 -------- d-----w- c:\users\oh-dell\AppData\Roaming\Malwarebytes

2013-01-11 16:53 . 2013-01-11 16:53 -------- d-----w- c:\programdata\Malwarebytes

2013-01-11 16:10 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll

2013-01-11 16:10 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll

2013-01-11 16:10 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe

2013-01-11 15:55 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll

2013-01-11 15:54 . 2012-12-07 10:46 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs

2013-01-11 15:52 . 2012-11-30 02:44 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-01-11 14:56 . 2013-01-11 14:56 99700 --s---w- c:\users\oh-dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\slwypxjn.exe

2013-01-02 18:01 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2013-01-02 18:01 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2013-01-02 18:01 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2013-01-02 18:01 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2013-01-02 09:40 . 2013-01-02 09:41 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-01-02 09:40 . 2013-01-02 09:41 -------- d-----w- c:\program files\iTunes

2013-01-02 09:40 . 2013-01-02 09:40 -------- d-----w- c:\program files\iPod

2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-10 11:25 . 2012-04-03 08:20 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-01-10 11:25 . 2011-10-14 10:04 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-10 09:40 . 2012-04-03 16:40 67599240 ----a-w- c:\windows\system32\MRT.exe

2012-11-30 04:45 . 2013-01-11 21:04 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-11-14 09:25 . 2011-11-22 15:44 88008 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-11-14 09:25 . 2011-11-22 15:44 35240 ----a-w- c:\windows\system32\LMIport.dll

2012-11-14 09:25 . 2011-11-22 15:44 83880 ----a-w- c:\windows\system32\LMIinit.dll

2012-11-14 07:06 . 2012-12-13 19:23 17811968 ----a-w- c:\windows\system32\mshtml.dll

2012-11-14 06:32 . 2012-12-13 19:23 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-11-14 06:11 . 2012-12-13 19:23 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 06:04 . 2012-12-13 19:23 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-11-14 06:04 . 2012-12-13 19:23 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 06:02 . 2012-12-13 19:23 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 06:02 . 2012-12-13 19:23 237056 ----a-w- c:\windows\system32\url.dll

2012-11-14 05:59 . 2012-12-13 19:23 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-11-14 05:58 . 2012-12-13 19:23 816640 ----a-w- c:\windows\system32\jscript.dll

2012-11-14 05:57 . 2012-12-13 19:23 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 05:57 . 2012-12-13 19:23 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 05:55 . 2012-12-13 19:23 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-11-14 05:55 . 2012-12-13 19:23 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-11-14 05:53 . 2012-12-13 19:23 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-11-14 05:52 . 2012-12-13 19:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-14 05:46 . 2012-12-13 19:23 248320 ----a-w- c:\windows\system32\ieui.dll

2012-11-14 02:09 . 2012-12-13 19:23 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-11-14 01:58 . 2012-12-13 19:23 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57 . 2012-12-13 19:23 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-11-14 01:49 . 2012-12-13 19:23 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48 . 2012-12-13 19:23 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-11-14 01:44 . 2012-12-13 19:23 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-11-09 05:45 . 2012-12-13 09:56 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-09 04:42 . 2012-12-13 09:56 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-11-02 05:59 . 2012-12-13 09:56 478208 ----a-w- c:\windows\system32\dpnet.dll

2012-11-02 05:11 . 2012-12-13 09:56 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

2012-01-25 12:30 . 2012-01-12 22:51 15405540 ----a-w- c:\program files (x86)\Praat.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\oh-dell\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\oh-dell\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\oh-dell\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-11-08 16070136]

"LightShot"="c:\users\oh-dell\AppData\Local\Skillbrains\lightshot\LightShot.exe" [2012-02-02 220160]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"DesktopReminder2ByPolenter"="c:\program files (x86)\Desktop-Reminder 2\DesktopReminder2.exe" [2012-11-01 2745312]

"SlwYpxjn"="c:\users\oh-dell\AppData\Local\jwdoylwk\slwypxjn.exe" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]

"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-08-09 112408]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2011-02-27 1708048]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]

.

c:\users\oh-dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\oh-dell\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-28 28539392]

slwypxjn.exe [2013-1-11 99700]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]

R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]

R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2010-07-21 917840]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-25 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2010-11-08 196688]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-09-21 165032]

S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-23 212944]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-14 375728]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S2 SSIWEB8.0.0Apache;SSIWEB8.0.0Apache;c:\program files (x86)\Sawtooth Software\SSI Web 8.0.0\LocalWeb\bin\httpd.exe [2011-09-09 20549]

S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2011-04-07 50704]

S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-03-24 310032]

S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2011-03-24 42768]

S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2010-11-08 338000]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]

S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1600000]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 11:25]

.

2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-02 13:01]

.

2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-02 13:01]

.

2013-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-295251904-2555945974-1429892940-1000Core.job

- c:\users\oh-dell\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-07 13:01]

.

2013-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-295251904-2555945974-1429892940-1000UA.job

- c:\users\oh-dell\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-07 13:01]

.

2013-01-14 c:\windows\Tasks\update-S-1-5-21-295251904-2555945974-1429892940-1000.job

- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2012-09-04 21:09]

.

2013-01-14 c:\windows\Tasks\update-sys.job

- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2012-09-04 21:09]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\oh-dell\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\oh-dell\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\oh-dell\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\oh-dell\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"

[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]

2011-05-27 16:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-11-08 16:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-11-08 16:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-11-08 16:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-11-08 16:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"

[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]

2011-05-27 16:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl64.exe" [2010-10-04 2907240]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]

"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392]

"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]

"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\oh-dell\AppData\Roaming\Mozilla\Firefox\Profiles\6kdblg5s.default\

FF - prefs.js: browser.startup.homepage - blank

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2012-11-29 09:56; fmconverter@gmail.com; c:\program files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-295251904-2555945974-1429892940-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BA1C4E1B-E5B2-B45F-88C5-9410D221F327}*]

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2013-01-14 14:17:16 - machine was rebooted

ComboFix-quarantined-files.txt 2013-01-14 14:17

ComboFix2.txt 2013-01-14 11:33

.

Pre-Run: 385,181,360,128 bytes free

Post-Run: 384,907,718,656 bytes free

.

- - End Of File - - A3855581F0F3716C61137BB5F2EF97AC

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

c:\users\oh-dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\slwypxjn.exe

Folder::

c:\users\oh-dell\AppData\Local\jwdoylwk

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SlwYpxjn"=-

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Thank you, Maniac. Pop up window didn't appear following the most recent Restart. Plese see latest combofix log below:

ComboFix 13-01-14.01 - oh-dell 14/01/2013 14:37:50.4.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.8073.6181 [GMT 0:00]

Running from: c:\users\oh-dell\Downloads\ComboFix.exe

Command switches used :: c:\users\oh-dell\Downloads\CFScript.txt

FW: Trend Micro Personal Firewall *Enabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\users\oh-dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\slwypxjn.exe"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\oh-dell\AppData\Local\jwdoylwk

c:\users\oh-dell\AppData\Local\jwdoylwk\slwypxjn.exe

c:\users\oh-dell\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\_ctypes.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\_elementtree.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\_hashlib.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\_socket.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\_ssl.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\pyexpat.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\pysqlite2._sqlite.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\python26.dll

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\pythoncom26.dll

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\PyWinTypes26.dll

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\select.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\unicodedata.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\win32api.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\win32com.shell.shell.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\win32crypt.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\win32event.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\win32file.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\win32inet.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\win32pdh.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\win32process.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\win32profile.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\win32security.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\win32ts.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\windows._cacheinvalidation.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\wx._controls_.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\wx._core_.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\wx._gdi_.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\wx._html2.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\wx._misc_.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\wx._windows_.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\wx._wizard.pyd

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\wxbase293u_net_vc.dll

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\wxbase293u_vc.dll

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\wxmsw293u_adv_vc.dll

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\wxmsw293u_core_vc.dll

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\wxmsw293u_html_vc.dll

c:\users\oh-dell\AppData\Local\Temp\_MEI40362\wxmsw293u_webview_vc.dll

c:\users\oh-dell\AppData\Local\trjuiweh.log

c:\users\oh-dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\slwypxjn.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-12-14 to 2013-01-14 )))))))))))))))))))))))))))))))

.

.

2013-01-14 14:41 . 2013-01-14 14:41 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-14 13:05 . 2013-01-14 13:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-01-14 13:05 . 2012-12-14 16:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-14 13:01 . 2013-01-14 13:01 -------- d-----w- c:\windows\ERUNT

2013-01-14 13:01 . 2013-01-14 13:21 -------- d-----w- C:\JRT

2013-01-14 10:15 . 2013-01-14 10:15 -------- d-----w- c:\users\oh-dell\AppData\Roaming\SUPERAntiSpyware.com

2013-01-11 21:08 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll

2013-01-11 21:08 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll

2013-01-11 21:08 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll

2013-01-11 21:08 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2013-01-11 21:08 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-11 21:08 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll

2013-01-11 21:08 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2013-01-11 21:04 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll

2013-01-11 21:03 . 2012-11-30 05:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-01-11 20:57 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2013-01-11 20:55 . 2013-01-11 20:56 -------- d-----w- c:\programdata\MFAData

2013-01-11 20:55 . 2013-01-11 20:55 -------- d-----w- c:\users\oh-dell\AppData\Local\MFAData

2013-01-11 20:55 . 2013-01-11 20:55 -------- d-----w- c:\users\oh-dell\AppData\Local\Avg2013

2013-01-11 17:33 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6C07491-D59E-4AC5-AA6E-ABEC12DF3A13}\mpengine.dll

2013-01-11 16:53 . 2013-01-11 16:53 -------- d-----w- c:\users\oh-dell\AppData\Roaming\Malwarebytes

2013-01-11 16:53 . 2013-01-11 16:53 -------- d-----w- c:\programdata\Malwarebytes

2013-01-11 16:10 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll

2013-01-11 16:10 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll

2013-01-11 16:10 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe

2013-01-11 15:55 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll

2013-01-11 15:54 . 2012-12-07 10:46 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs

2013-01-11 15:52 . 2012-11-30 02:44 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-01-02 18:01 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2013-01-02 18:01 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2013-01-02 18:01 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2013-01-02 18:01 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2013-01-02 09:40 . 2013-01-02 09:41 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-01-02 09:40 . 2013-01-02 09:41 -------- d-----w- c:\program files\iTunes

2013-01-02 09:40 . 2013-01-02 09:40 -------- d-----w- c:\program files\iPod

2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-10 11:25 . 2012-04-03 08:20 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-01-10 11:25 . 2011-10-14 10:04 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-10 09:40 . 2012-04-03 16:40 67599240 ----a-w- c:\windows\system32\MRT.exe

2012-11-30 04:45 . 2013-01-11 21:04 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-11-14 09:25 . 2011-11-22 15:44 88008 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-11-14 09:25 . 2011-11-22 15:44 35240 ----a-w- c:\windows\system32\LMIport.dll

2012-11-14 09:25 . 2011-11-22 15:44 83880 ----a-w- c:\windows\system32\LMIinit.dll

2012-11-14 07:06 . 2012-12-13 19:23 17811968 ----a-w- c:\windows\system32\mshtml.dll

2012-11-14 06:32 . 2012-12-13 19:23 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-11-14 06:11 . 2012-12-13 19:23 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 06:04 . 2012-12-13 19:23 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-11-14 06:04 . 2012-12-13 19:23 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 06:02 . 2012-12-13 19:23 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 06:02 . 2012-12-13 19:23 237056 ----a-w- c:\windows\system32\url.dll

2012-11-14 05:59 . 2012-12-13 19:23 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-11-14 05:58 . 2012-12-13 19:23 816640 ----a-w- c:\windows\system32\jscript.dll

2012-11-14 05:57 . 2012-12-13 19:23 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 05:57 . 2012-12-13 19:23 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 05:55 . 2012-12-13 19:23 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-11-14 05:55 . 2012-12-13 19:23 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-11-14 05:53 . 2012-12-13 19:23 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-11-14 05:52 . 2012-12-13 19:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-14 05:46 . 2012-12-13 19:23 248320 ----a-w- c:\windows\system32\ieui.dll

2012-11-14 02:09 . 2012-12-13 19:23 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-11-14 01:58 . 2012-12-13 19:23 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57 . 2012-12-13 19:23 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-11-14 01:49 . 2012-12-13 19:23 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48 . 2012-12-13 19:23 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-11-14 01:44 . 2012-12-13 19:23 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-11-09 05:45 . 2012-12-13 09:56 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-09 04:42 . 2012-12-13 09:56 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-11-02 05:59 . 2012-12-13 09:56 478208 ----a-w- c:\windows\system32\dpnet.dll

2012-11-02 05:11 . 2012-12-13 09:56 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

2012-01-25 12:30 . 2012-01-12 22:51 15405540 ----a-w- c:\program files (x86)\Praat.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\oh-dell\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\oh-dell\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\oh-dell\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-11-08 16070136]

"LightShot"="c:\users\oh-dell\AppData\Local\Skillbrains\lightshot\LightShot.exe" [2012-02-02 220160]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"DesktopReminder2ByPolenter"="c:\program files (x86)\Desktop-Reminder 2\DesktopReminder2.exe" [2012-11-01 2745312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]

"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-08-09 112408]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2011-02-27 1708048]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]

.

c:\users\oh-dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\oh-dell\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-28 28539392]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]

R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]

R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2010-07-21 917840]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-25 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2010-11-08 196688]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-09-21 165032]

S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-23 212944]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-14 375728]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S2 SSIWEB8.0.0Apache;SSIWEB8.0.0Apache;c:\program files (x86)\Sawtooth Software\SSI Web 8.0.0\LocalWeb\bin\httpd.exe [2011-09-09 20549]

S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2011-04-07 50704]

S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-03-24 310032]

S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2011-03-24 42768]

S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2010-11-08 338000]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]

S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1600000]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [2010-07-21 596032]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 11:25]

.

2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-02 13:01]

.

2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-02 13:01]

.

2013-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-295251904-2555945974-1429892940-1000Core.job

- c:\users\oh-dell\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-07 13:01]

.

2013-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-295251904-2555945974-1429892940-1000UA.job

- c:\users\oh-dell\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-07 13:01]

.

2013-01-14 c:\windows\Tasks\update-S-1-5-21-295251904-2555945974-1429892940-1000.job

- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2012-09-04 21:09]

.

2013-01-14 c:\windows\Tasks\update-sys.job

- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2012-09-04 21:09]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\oh-dell\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\oh-dell\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\oh-dell\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\oh-dell\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"

[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]

2011-05-27 16:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-11-08 16:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-11-08 16:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-11-08 16:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-11-08 16:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"

[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]

2011-05-27 16:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl64.exe" [2010-10-04 2907240]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]

"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392]

"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]

"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\oh-dell\AppData\Roaming\Mozilla\Firefox\Profiles\6kdblg5s.default\

FF - prefs.js: browser.startup.homepage - blank

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2012-11-29 09:56; fmconverter@gmail.com; c:\program files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-295251904-2555945974-1429892940-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BA1C4E1B-E5B2-B45F-88C5-9410D221F327}*]

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe

c:\program files (x86)\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2013-01-14 14:46:16 - machine was rebooted

ComboFix-quarantined-files.txt 2013-01-14 14:46

ComboFix2.txt 2013-01-14 14:17

ComboFix3.txt 2013-01-14 11:33

.

Pre-Run: 384,853,454,848 bytes free

Post-Run: 384,563,392,512 bytes free

.

- - End Of File - - 79958F4EB2144873FB1F9A8AEE66224B

Link to post
Share on other sites

Thank you very much!

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

One last scan please:

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Link to post
Share on other sites

Thanks, Maniac. Please see below:

--

Status: Deleted (events: 8)

16/01/2013 14:58:20 Deleted Trojan program HEUR:Exploit.Java.CVE-2012-4681.gen C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\2d10bde5-1a9ffa52 High

16/01/2013 14:58:20 Deleted Trojan program HEUR:Exploit.Java.CVE-2012-4681.gen C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\3c0cc9a3-40208e88 High

16/01/2013 14:58:53 Deleted Trojan program HEUR:Exploit.Java.CVE-2012-1723.gen C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\6fe2e4bb-77fe7d71 High

16/01/2013 14:58:26 Deleted Trojan program Exploit.Java.CVE-2012-0507.ox C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\6fe2e4bb-77fe7d71/m123a/m123b.class High

16/01/2013 14:58:29 Deleted Trojan program Exploit.Java.CVE-2012-0507.pn C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\6fe2e4bb-77fe7d71/m123a/m123a.class High

16/01/2013 14:58:34 Deleted Trojan program HEUR:Exploit.Java.CVE-2013-0422.gen C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\53d42608-4bc35024 High

16/01/2013 14:58:34 Deleted Trojan program Exploit.Java.CVE-2012-0507.pn C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\6fe2e4bb-77fe7d71/m123a/m123d.class High

16/01/2013 14:58:37 Deleted Trojan program Exploit.Java.CVE-2012-0507.ox C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\6fe2e4bb-77fe7d71/m123a/m123e.class High

Status: Disinfected (events: 29)

16/01/2013 14:58:09 Disinfected Trojan program HEUR:Exploit.Java.CVE-2012-4681.gen C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\12c021ae-5b55d2de High

16/01/2013 14:58:09 Disinfected Trojan program Exploit.Java.CVE-2012-1723.kf C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\12c021ae-5b55d2de/fbeatbea/fbeatbea.class High

16/01/2013 14:58:09 Disinfected Trojan program Exploit.Java.CVE-2012-4681.o C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\12c021ae-5b55d2de/fbeatbea/fbeatbec.class High

16/01/2013 14:58:09 Disinfected Trojan program Exploit.Java.CVE-2012-1723.fu C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\12c021ae-5b55d2de/fbeatbea/fbeatbef.class High

16/01/2013 14:58:09 Disinfected Trojan program Exploit.Java.CVE-2012-1723.ji C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\12c021ae-5b55d2de/fbeatbea/fbeatbee.class High

16/01/2013 14:58:09 Disinfected Trojan program Exploit.Java.CVE-2012-1723.jk C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\12c021ae-5b55d2de/fbeatbea/fbeatbed.class High

16/01/2013 14:58:09 Disinfected Trojan program Exploit.Java.CVE-2012-1723.jj C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\12c021ae-5b55d2de/fbeatbea/fbeatbeb.class High

16/01/2013 14:58:27 Disinfected Trojan program Exploit.Java.CVE-2012-0507.kl C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\622b2d70-7beec53c High

16/01/2013 14:58:27 Disinfected Trojan program Exploit.Java.CVE-2012-0507.kl C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\622b2d70-7beec53c/gui_a/a2.class High

16/01/2013 14:58:27 Disinfected Trojan program Exploit.Java.CVE-2012-0507.kl C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\622b2d70-7beec53c/gui_a/gui_a.class High

16/01/2013 14:58:27 Disinfected Trojan program Exploit.Java.CVE-2012-0507.kl C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\622b2d70-7beec53c/gui_a/gui_c.class High

16/01/2013 14:58:27 Disinfected Trojan program Exploit.Java.CVE-2012-0507.kl C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\622b2d70-7beec53c/gui_a/F.class High

16/01/2013 14:58:27 Disinfected Trojan program Exploit.Java.CVE-2012-0507.kl C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\622b2d70-7beec53c/gui_a/gui_b.class High

16/01/2013 14:58:42 Disinfected Trojan program HEUR:Exploit.Java.CVE-2012-4681.gen C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31ab07a-5a244bba High

16/01/2013 14:58:42 Disinfected Trojan program Exploit.Java.CVE-2012-1723.kf C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31ab07a-5a244bba/fbeatbea/fbeatbea.class High

16/01/2013 14:58:27 Disinfected Trojan program Exploit.Java.CVE-2012-0507.kl C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\622b2d70-7beec53c/gui_a/gui_e.class High

16/01/2013 14:58:27 Disinfected Trojan program Exploit.Java.CVE-2012-0507.kl C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\622b2d70-7beec53c/gui_a/gui_d.class High

16/01/2013 14:58:42 Disinfected Trojan program Exploit.Java.CVE-2012-4681.o C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31ab07a-5a244bba/fbeatbea/fbeatbec.class High

16/01/2013 14:58:42 Disinfected Trojan program Exploit.Java.CVE-2012-1723.fu C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31ab07a-5a244bba/fbeatbea/fbeatbef.class High

16/01/2013 14:58:42 Disinfected Trojan program Exploit.Java.CVE-2012-1723.ji C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31ab07a-5a244bba/fbeatbea/fbeatbee.class High

16/01/2013 14:58:42 Disinfected Trojan program Exploit.Java.CVE-2012-1723.jk C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31ab07a-5a244bba/fbeatbea/fbeatbed.class High

16/01/2013 14:58:42 Disinfected Trojan program Exploit.Java.CVE-2012-1723.jj C:\Documents and Settings\oh-dell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31ab07a-5a244bba/fbeatbea/fbeatbeb.class High

16/01/2013 15:26:32 Disinfected Trojan program Trojan.Win32.Lebag.trg C:\Qoobox\Quarantine.zip High

16/01/2013 15:26:32 Disinfected Trojan program Trojan.Win32.Lebag.trg C:\Qoobox\Quarantine.zip/Quarantine/C/Users/oh-dell/AppData/Local/jwdoylwk/slwypxjn.exe.vir High

16/01/2013 15:26:32 Disinfected Trojan program Trojan.Win32.Lebag.trg C:\Qoobox\Quarantine.zip/Quarantine/C/Users/oh-dell/AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Startup/slwypxjn.exe.vir High

16/01/2013 16:04:47 Disinfected Trojan program Trojan-Spy.Win32.Zbot.dzrx Outlook\daisy@opinionhealth.com\IPM_SUBTREE\Deleted Items\[From:Booking.com][subject:Hotel booking confirmation ][Time:2012/06/14 07:10:14]/Booking_Hotel_Reservation_Details-3GY9AQV566.zip High

16/01/2013 16:04:47 Disinfected Trojan program Trojan-Spy.Win32.Zbot.dzrx Outlook\daisy@opinionhealth.com\IPM_SUBTREE\Deleted Items\[From:Booking.com][subject:Hotel booking confirmation ][Time:2012/06/14 07:10:14]/Booking_Hotel_Reservation_Details-3GY9AQV566.zip/Hotel-Reservation_Booking.exe High

16/01/2013 16:35:35 Disinfected Trojan program Trojan-PSW.HTML.BankFraud.b Outlook\daisy@opinionhealth.com\IPM_SUBTREE\Junk E-Mail\[From:Barclays Bank ©][subject:© Barclays: Check your online account security!][Time:2012/12/29 04:11:14]/Barclays - Member Login.html High

16/01/2013 16:35:37 Disinfected Trojan program Trojan-PSW.HTML.BankFraud.a Outlook\daisy@opinionhealth.com\IPM_SUBTREE\Junk E-Mail\[From:Barclays Bank ©][subject:Barclays: Please check your online account.][Time:2012/12/27 06:00:59]/Barclays - Member Login.html High

Link to post
Share on other sites

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, then click Remove JRE.
  • Run the built-in uninstallers for all copies of java listed
  • Click the Next button
  • Click the Next button again
  • Click the Java Manual Download link
  • A browser window will open with the Java download page
  • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
  • Run the installer
  • Close JavaRa

Link to post
Share on other sites

Glad I could help! :)

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Next, uninstall ESET Online Scanner and then manually delete Kaspersky AVP and Junkware Removal Tool.

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.