CobaltArrow Posted June 16, 2013 ID:691800 Share Posted June 16, 2013 Hello,I was just hit with the FBI Virus. I searched this forum, and read some very helpful advice, but it seems each individual situation requires different instructions. I started with the instructions given on this thread: http://forums.malwarebytes.org/index.php?showtopic=117917I opened Safe Mode with Command Prompt (the other Safe Modes shut down immediately)and ran the FarBar scan tool. I have the FRST.txt and Search.txt below in attachments, as well as another Addition.txt that was given to me after FRST.txt. FRST.txtAddition.txtSearch.txtIf someone could help me with what to do next, that would be absolutely wonderful.Thank you. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted June 16, 2013 ID:691801 Share Posted June 16, 2013 Hello CobaltArrow and welcome to Malwarebytes!I'm D-FRED-BROWN and I'll be helping you. On the clean computer,Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.Right-click in the open notepad and select Paste).Save it on the flashdrive as fixlist.txtHKCU\...\Winlogon: [shell] explorer.exe,C:\Users\Jenna\AppData\Roaming\skype.dat [156160 2012-07-16] () <==== ATTENTION2013-06-16 02:12 - 2013-06-16 02:21 - 00000004 ____A C:\Users\Jenna\AppData\Roaming\skype.ini2013-06-16 02:19 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-06-16 01:24 - 2012-07-25 03:31 - 00000694 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3569561272-1230230878-413452085-1001UA.jobC:\Users\Jenna\AppData\Roaming\skype.datC:\Users\Jenna\AppData\Roaming\skype.iniNOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemNow please enter System Recovery Options on the infected computer.Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply. Afterwards, are you able to boot into Normal Mode now?Let me know how things go. If you at any point have trouble using FRST, please stop and post back here to let me know.-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Note:Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"-------> Your topic will be closed if you haven't replied within 3 days! <--------(If I don't respond within 24 hours, please send me a PM)-DFB Link to post Share on other sites More sharing options...
CobaltArrow Posted June 16, 2013 Author ID:691928 Share Posted June 16, 2013 DFB,thank you so much for your reply.I was able to log into Normal Mode, and connected to the Internet successfully.I have my Fixlog.txt below:Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-06-2013 Ran by SYSTEM at 2013-06-16 11:30:49 Run:1Running from H:\Boot Mode: Recovery==============================================Error: The HKCU\...\Winlogon: [shell] explorer.exe,C:\Users\Jenna\AppData\Roaming\skype.dat [156160 2012-07-16] () <==== ATTENTION entry should be fixed outside recovery mode.C:\Users\Jenna\AppData\Roaming\skype.ini => Moved successfully.C:\Windows\Tasks\SA.DAT => Moved successfully.C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3569561272-1230230878-413452085-1001UA.job => Moved successfully.C:\Users\Jenna\AppData\Roaming\skype.dat => Moved successfully.C:\Users\Jenna\AppData\Roaming\skype.ini => File/Directory not found.==== End of Fixlog ====What can I do to further ensure the virus has been removed?Also, are there certain programs that you recommend I delete?Thank you so much for your help, again.-CobaltArrow Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted June 16, 2013 ID:691954 Share Posted June 16, 2013 Let's start getting rid of the rest of it:----------Step 1----------------Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it.To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.----------Step 2----------------Please download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt----------Step 3----------------Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:http://www.bleepingc...to-use-combofix***IMPORTANT: save ComboFix to your Desktop**** Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Please go here to see a list of programs that should be disabled.**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall** Please include the C:\ComboFix.txt in your next reply for further review.NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.----------Step 4----------------Please download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.----------Step 5----------------In your next reply, please include the following:TDSSKiller's logfileMBAR mbar-log.txt and system-log.txtComboFix's report (C:\ComboFix.txt)Security Check checkup.txtAfter that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. Link to post Share on other sites More sharing options...
CobaltArrow Posted June 16, 2013 Author ID:692002 Share Posted June 16, 2013 DFB,Here are my results.<Step 1>The TDSSKiller scan found nothing.Here is a text document for TDSSKiller:TDSSKiller.2.8.18.0_16.06.2013_14.01.09_log.txt<Step 2>I ran the MalwareBytes Anti-Rootkit twice.This is the log from the first scan:Malwarebytes Anti-Rootkit BETA 1.06.0.1003www.malwarebytes.orgDatabase version: v2013.05.07.10Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16614Jenna :: JENNASPRECIOUS [administrator]2013-06-16 오후 2:05:25mbar-log-2013-06-16 (14-05-25).txtScan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2PScan options disabled: Deep Anti-Rootkit Scan | PUPObjects scanned: 284161Time elapsed: 11 minute(s),Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 1HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|shell (Trojan.Agent.RNS) -> Data: explorer.exe,C:\Users\Jenna\AppData\Roaming\skype.dat -> Delete on reboot.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 2c:\Users\Jenna\Downloads\video_codec.exe (Adware.Bundler) -> Delete on reboot.c:\a.txt (Worm.Traces) -> Delete on reboot.Physical Sectors Detected: 0(No malicious items detected)(end)And this is the log from the second scan:Malwarebytes Anti-Rootkit BETA 1.06.0.1003www.malwarebytes.orgDatabase version: v2013.05.07.10Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16618Jenna :: JENNASPRECIOUS [administrator]2013-06-16 오후 2:28:39mbar-log-2013-06-16 (14-28-39).txtScan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2PScan options disabled: Deep Anti-Rootkit Scan | PUPObjects scanned: 284186Time elapsed: 10 minute(s), 41 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)Physical Sectors Detected: 0(No malicious items detected)(end)This is the system-log.txt:---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.0.1003© Malwarebytes Corporation 2011-2012OS version: 6.1.7601 Windows 7 Service Pack 1 x64Account is AdministrativeInternet Explorer version: 10.0.9200.16614File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXEDCPU speed: 2.294000 GHzMemory total: 8484352000, free: 4609052672Initializing...------------ Kernel report ------------ 06/16/2013 14:05:22------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\drivers\compbatt.sys\SystemRoot\system32\drivers\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\drivers\iaStor.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\wd.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\system32\DRIVERS\nvpciflt.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\system32\drivers\iusb3hcs.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\system32\drivers\hpdskflt.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\dtsoftbus01.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\drivers\EstRtw.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\drivers\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\system32\drivers\iusb3xhc.sys\SystemRoot\system32\drivers\USBD.SYS\SystemRoot\system32\drivers\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\Netwsw00.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\drivers\CmBatt.sys\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\drivers\kbdclass.sys\SystemRoot\system32\drivers\SynTP.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\drivers\Smb_driver.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\drivers\intelppm.sys\SystemRoot\system32\DRIVERS\Accelerometer.sys\SystemRoot\system32\DRIVERS\AMPPAL.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\clwvd.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\iwdbus.sys\SystemRoot\system32\drivers\hswpan.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\drivers\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\iusb3hub.sys\SystemRoot\system32\DRIVERS\stwrt64.sys\SystemRoot\system32\DRIVERS\portcls.sys\SystemRoot\system32\DRIVERS\drmk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\cdfs.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\Sftvollh.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\WinUSB.sys\SystemRoot\system32\DRIVERS\WUDFRd.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\??\C:\Windows\system32\Drivers\rikvm_38F51D56.sys\??\C:\Windows\system32\drivers\iPodDrv.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\system32\DRIVERS\Sftfslh.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\system32\DRIVERS\Sftplaylh.sys\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\system32\DRIVERS\Sftredirlh.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\iBtFltCoex.sys\SystemRoot\system32\DRIVERS\btmhsf.sys\SystemRoot\System32\Drivers\BTHUSB.sys\SystemRoot\System32\Drivers\bthport.sys\SystemRoot\system32\DRIVERS\rfcomm.sys\SystemRoot\system32\drivers\BthEnum.sys\SystemRoot\system32\DRIVERS\bthpan.sys\SystemRoot\system32\DRIVERS\btmaux.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8007332790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8009637050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Device number: 0, partition: 2Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8007332790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8008329b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8007332790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8008328b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\DevicePointer: 0xfffffa8009637050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\Windows\system32\drivers...<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 84CA151BPartition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 1418659840 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1419069440 Numsec = 45867008 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 1464936448 Numsec = 208896Disk Size: 750156374016 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...Done!Infected: c:\Users\Jenna\Downloads\video_codec.exe --> [Adware.Bundler]Infected: c:\a.txt --> [Worm.Traces]Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|shell --> [Trojan.Agent.RNS]Scan finishedCreating System Restore point...Cleaning up...Removal scheduling successful. System shutdown needed.System shutdown occurred=======================================Removal queue found; removal startedRemoving c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...Removal finished---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.0.1003© Malwarebytes Corporation 2011-2012OS version: 6.1.7601 Windows 7 Service Pack 1 x64Account is AdministrativeInternet Explorer version: 10.0.9200.16618File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXEDCPU speed: 2.294000 GHzMemory total: 8484352000, free: 5488144384---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.0.1003© Malwarebytes Corporation 2011-2012OS version: 6.1.7601 Windows 7 Service Pack 1 x64Account is AdministrativeInternet Explorer version: 10.0.9200.16618File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXEDCPU speed: 2.294000 GHzMemory total: 8484352000, free: 5491601408Initializing...------------ Kernel report ------------ 06/16/2013 14:28:36------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\drivers\compbatt.sys\SystemRoot\system32\drivers\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\drivers\iaStor.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\wd.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\system32\DRIVERS\nvpciflt.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\system32\drivers\iusb3hcs.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\system32\drivers\hpdskflt.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\dtsoftbus01.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\drivers\EstRtw.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\drivers\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\system32\drivers\iusb3xhc.sys\SystemRoot\system32\drivers\USBD.SYS\SystemRoot\system32\drivers\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\Netwsw00.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\drivers\CmBatt.sys\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\drivers\kbdclass.sys\SystemRoot\system32\drivers\SynTP.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\drivers\Smb_driver.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\drivers\intelppm.sys\SystemRoot\system32\DRIVERS\Accelerometer.sys\SystemRoot\system32\DRIVERS\AMPPAL.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\clwvd.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\iwdbus.sys\SystemRoot\system32\drivers\hswpan.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\drivers\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\iusb3hub.sys\SystemRoot\system32\DRIVERS\stwrt64.sys\SystemRoot\system32\DRIVERS\portcls.sys\SystemRoot\system32\DRIVERS\drmk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\iBtFltCoex.sys\SystemRoot\system32\DRIVERS\btmhsf.sys\SystemRoot\System32\Drivers\BTHUSB.sys\SystemRoot\System32\Drivers\bthport.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\rfcomm.sys\SystemRoot\system32\drivers\BthEnum.sys\SystemRoot\system32\DRIVERS\bthpan.sys\SystemRoot\system32\DRIVERS\btmaux.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\cdfs.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\Sftvollh.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\WinUSB.sys\SystemRoot\system32\DRIVERS\WUDFRd.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\??\C:\Windows\system32\Drivers\rikvm_38F51D56.sys\??\C:\Windows\system32\drivers\iPodDrv.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\system32\DRIVERS\Sftfslh.sys\SystemRoot\system32\DRIVERS\Sftplaylh.sys\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\Sftredirlh.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa80083d8790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa80083dc050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Device number: 0, partition: 2Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa80083d8790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa800830bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa80083d8790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa800830ab10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\DevicePointer: 0xfffffa80083dc050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\Windows\system32\drivers...<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 84CA151BPartition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 1418659840 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1419069440 Numsec = 45867008 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 1464936448 Numsec = 208896Disk Size: 750156374016 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...Done!Scan finished=======================================Removal queue found; removal startedRemoving c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...Removal finished<Step 3>I ran ComboFix.Here is the ComboFix.txt:ComboFix 13-06-15.01 - Jenna 2013-06-16 14:47:27.1.8 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8091.6121 [GMT -4:00]Running from: c:\users\Jenna\Desktop\ComboFix.exeSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.ADS - Windows: deleted 12 bytes in 1 streams. .((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\Roamingc:\users\Jenna\AppData\Local\Temp\_MEI52922\_ctypes.pydc:\users\Jenna\AppData\Local\Temp\_MEI52922\_elementtree.pydc:\users\Jenna\AppData\Local\Temp\_MEI52922\_hashlib.pydc:\users\Jenna\AppData\Local\Temp\_MEI52922\_multiprocessing.pydc:\users\Jenna\AppData\Local\Temp\_MEI52922\_socket.pydc:\users\Jenna\AppData\Local\Temp\_MEI52922\_ssl.pydc:\users\Jenna\AppData\Local\Temp\_MEI52922\pyexpat.pydc:\users\Jenna\AppData\Local\Temp\_MEI52922\pysqlite2._sqlite.pydc:\users\Jenna\AppData\Local\Temp\_MEI52922\python27.dllc:\users\Jenna\AppData\Local\Temp\_MEI52922\pythoncom27.dllc:\users\Jenna\AppData\Local\Temp\_MEI52922\PyWinTypes27.dllc:\users\Jenna\AppData\Local\Temp\_MEI52922\select.pydc:\users\Jenna\AppData\Local\Temp\_MEI52922\unicodedata.pydc:\users\Jenna\AppData\Local\Temp\_MEI52922\win32api.pydc:\users\Jenna\AppData\Local\Temp\_MEI52922\win32com.shell.shell.pydc:\users\Jenna\AppData\Local\Temp\_MEI52922\win32crypt.pydc:\users\Jenna\AppData\Local\Temp\_MEI52922\win32event.pydc:\users\Jenna\AppData\Local\Temp\_MEI52922\win32file.pydc:\users\Jenna\AppData\Local\Temp\_MEI52922\win32inet.pydc:\users\Jenna\AppData\Local\Temp\_MEI52922\win32pdh.pydc:\users\Jenna\AppData\Local\Temp\_MEI52922\win32process.pydc:\users\Jenna\AppData\Local\Temp\_MEI52922\win32profile.pydc:\users\Jenna\AppData\Local\Temp\_MEI52922\win32security.pydc:\users\Jenna\AppData\Local\Temp\_MEI52922\win32ts.pydc:\users\Jenna\AppData\Local\Temp\_MEI52922\windows._cacheinvalidation.pydc:\users\Jenna\AppData\Local\Temp\_MEI52922\wx._controls_.pydc:\users\Jenna\AppData\Local\Temp\_MEI52922\wx._core_.pydc:\users\Jenna\AppData\Local\Temp\_MEI52922\wx._gdi_.pydc:\users\Jenna\AppData\Local\Temp\_MEI52922\wx._html2.pydc:\users\Jenna\AppData\Local\Temp\_MEI52922\wx._misc_.pydc:\users\Jenna\AppData\Local\Temp\_MEI52922\wx._windows_.pydc:\users\Jenna\AppData\Local\Temp\_MEI52922\wx._wizard.pydc:\users\Jenna\AppData\Local\Temp\_MEI52922\wxbase294u_net_vc90.dllc:\users\Jenna\AppData\Local\Temp\_MEI52922\wxbase294u_vc90.dllc:\users\Jenna\AppData\Local\Temp\_MEI52922\wxmsw294u_adv_vc90.dllc:\users\Jenna\AppData\Local\Temp\_MEI52922\wxmsw294u_core_vc90.dllc:\users\Jenna\AppData\Local\Temp\_MEI52922\wxmsw294u_html_vc90.dllc:\users\Jenna\AppData\Local\Temp\_MEI52922\wxmsw294u_webview_vc90.dllc:\users\Jenna\Documents\~WRL3592.tmp..((((((((((((((((((((((((( Files Created from 2013-05-16 to 2013-06-16 )))))))))))))))))))))))))))))))..2013-06-16 18:05 . 2013-06-16 18:05 -------- d-----w- c:\programdata\Malwarebytes2013-06-16 06:50 . 2013-06-16 06:50 -------- d-----w- C:\FRST2013-06-16 05:16 . 2013-06-16 05:19 -------- d-----w- c:\users\Jenna\AppData\Local\Turbine2013-06-16 05:16 . 2013-06-16 05:18 -------- d-----w- c:\users\Jenna\AppData\Local\ApplicationHistory2013-06-16 05:14 . 2013-06-16 05:14 -------- d-----w- c:\windows\SysWow64\URTTEMP2013-06-16 05:11 . 2013-06-16 05:11 -------- d-----w- c:\programdata\Turbine2013-06-16 05:10 . 2013-06-16 05:18 -------- d-----w- c:\programdata\HappyCloud2013-06-15 04:46 . 2013-06-15 04:46 -------- d-----w- c:\programdata\TamoSoft2013-06-15 04:46 . 2013-06-15 04:46 -------- d-----w- c:\program files (x86)\CommViewWiFi2013-06-14 22:31 . 2013-06-14 22:31 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys2013-06-14 22:31 . 2013-06-14 22:41 -------- d-----w- c:\users\Jenna\AppData\Roaming\DAEMON Tools Lite2013-06-14 22:31 . 2013-06-14 22:31 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite2013-06-14 21:40 . 2013-06-14 21:42 -------- d-----w- c:\programdata\DAEMON Tools Lite2013-06-14 18:39 . 2013-06-14 18:39 -------- d-----w- c:\program files\7-Zip2013-06-14 15:39 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E17760D9-41BB-4ED1-9B79-9B18D379002F}\mpengine.dll2013-06-12 15:13 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-06-10 19:47 . 2013-06-10 19:47 -------- d-----w- c:\users\Jenna\I love David Tennant2013-06-10 19:44 . 2013-06-10 19:44 -------- d-----w- c:\users\Jenna\Teeny2013-06-10 19:43 . 2013-06-10 19:43 -------- d-----w- c:\users\Jenna\animal2013-06-10 19:31 . 2013-06-16 17:10 -------- d-----w- c:\users\Jenna\temp2013-06-10 02:40 . 2013-06-10 02:40 -------- d-----w- c:\users\Jenna\AppData\Local\ISolo2013-06-10 02:40 . 2013-06-10 02:40 -------- d-----w- c:\programdata\ISolo2013-06-10 02:40 . 2013-06-10 02:40 -------- d-----w- c:\program files (x86)\Lingual Media Player2013-06-04 05:02 . 2013-06-04 05:02 -------- d-----w- c:\program files\Motorola Inc2013-05-24 00:15 . 2013-05-24 00:15 -------- d-----w- c:\users\Jenna\AppData\Roaming\NVIDIA2013-05-20 03:07 . 2013-05-20 03:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll2013-05-20 03:07 . 2013-05-20 03:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll2013-05-20 03:07 . 2013-05-20 03:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll2013-05-20 03:07 . 2013-05-20 03:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll2013-05-20 03:07 . 2013-05-20 03:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll2013-05-20 03:07 . 2013-05-20 03:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll2013-05-20 03:07 . 2013-05-20 03:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll2013-05-20 03:06 . 2013-05-20 03:07 -------- d-----w- c:\program files (x86)\QuickTime...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-05-31 05:26 . 2012-07-25 22:44 262936 ----a-w- c:\windows\system32\drivers\EstRtw.sys2013-05-13 02:41 . 2011-03-29 02:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2013-05-09 22:57 . 2012-12-25 08:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll2013-05-02 06:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe2013-05-01 14:32 . 2013-05-01 14:32 226304 ----a-w- c:\windows\system32\elshyph.dll2013-05-01 14:32 . 2013-05-01 14:32 185344 ----a-w- c:\windows\SysWow64\elshyph.dll2013-05-01 14:32 . 2013-05-01 14:32 158720 ----a-w- c:\windows\SysWow64\msls31.dll2013-05-01 14:32 . 2013-05-01 14:32 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2013-05-01 14:32 . 2013-05-01 14:32 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll2013-05-01 14:32 . 2013-05-01 14:32 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll2013-05-01 14:32 . 2013-05-01 14:32 81408 ----a-w- c:\windows\system32\icardie.dll2013-05-01 14:32 . 2013-05-01 14:32 762368 ----a-w- c:\windows\system32\ieapfltr.dll2013-05-01 14:32 . 2013-05-01 14:32 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2013-05-01 14:32 . 2013-05-01 14:32 61952 ----a-w- c:\windows\SysWow64\tdc.ocx2013-05-01 14:32 . 2013-05-01 14:32 523264 ----a-w- c:\windows\SysWow64\vbscript.dll2013-05-01 14:32 . 2013-05-01 14:32 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2013-05-01 14:32 . 2013-05-01 14:32 452096 ----a-w- c:\windows\system32\dxtmsft.dll2013-05-01 14:32 . 2013-05-01 14:32 441856 ----a-w- c:\windows\system32\html.iec2013-05-01 14:32 . 2013-05-01 14:32 38400 ----a-w- c:\windows\SysWow64\imgutil.dll2013-05-01 14:32 . 2013-05-01 14:32 361984 ----a-w- c:\windows\SysWow64\html.iec2013-05-01 14:32 . 2013-05-01 14:32 281600 ----a-w- c:\windows\system32\dxtrans.dll2013-05-01 14:32 . 2013-05-01 14:32 270848 ----a-w- c:\windows\system32\iedkcs32.dll2013-05-01 14:32 . 2013-05-01 14:32 235008 ----a-w- c:\windows\system32\url.dll2013-05-01 14:32 . 2013-05-01 14:32 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll2013-05-01 14:32 . 2013-05-01 14:32 216064 ----a-w- c:\windows\system32\msls31.dll2013-05-01 14:32 . 2013-05-01 14:32 197120 ----a-w- c:\windows\system32\msrating.dll2013-05-01 14:32 . 2013-05-01 14:32 1509376 ----a-w- c:\windows\system32\inetcpl.cpl2013-05-01 14:32 . 2013-05-01 14:32 150528 ----a-w- c:\windows\SysWow64\iexpress.exe2013-05-01 14:32 . 2013-05-01 14:32 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl2013-05-01 14:32 . 2013-05-01 14:32 1400416 ----a-w- c:\windows\system32\ieapfltr.dat2013-05-01 14:32 . 2013-05-01 14:32 138752 ----a-w- c:\windows\SysWow64\wextract.exe2013-05-01 14:32 . 2013-05-01 14:32 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe2013-05-01 14:32 . 2013-05-01 14:32 12800 ----a-w- c:\windows\SysWow64\mshta.exe2013-05-01 14:32 . 2013-05-01 14:32 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2013-05-01 14:32 . 2013-05-01 14:32 247296 ----a-w- c:\windows\system32\webcheck.dll2013-05-01 14:32 . 2013-05-01 14:32 97280 ----a-w- c:\windows\system32\mshtmled.dll2013-05-01 14:32 . 2013-05-01 14:32 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2013-05-01 14:32 . 2013-05-01 14:32 77312 ----a-w- c:\windows\system32\tdc.ocx2013-05-01 14:32 . 2013-05-01 14:32 62976 ----a-w- c:\windows\system32\pngfilt.dll2013-05-01 14:32 . 2013-05-01 14:32 599552 ----a-w- c:\windows\system32\vbscript.dll2013-05-01 14:32 . 2013-05-01 14:32 52224 ----a-w- c:\windows\system32\msfeedsbs.dll2013-05-01 14:32 . 2013-05-01 14:32 51200 ----a-w- c:\windows\system32\imgutil.dll2013-05-01 14:32 . 2013-05-01 14:32 48640 ----a-w- c:\windows\system32\mshtmler.dll2013-05-01 14:32 . 2013-05-01 14:32 27648 ----a-w- c:\windows\system32\licmgr10.dll2013-05-01 14:32 . 2013-05-01 14:32 173568 ----a-w- c:\windows\system32\ieUnatt.exe2013-05-01 14:32 . 2013-05-01 14:32 167424 ----a-w- c:\windows\system32\iexpress.exe2013-05-01 14:32 . 2013-05-01 14:32 149504 ----a-w- c:\windows\system32\occache.dll2013-05-01 14:32 . 2013-05-01 14:32 144896 ----a-w- c:\windows\system32\wextract.exe2013-05-01 14:32 . 2013-05-01 14:32 13824 ----a-w- c:\windows\system32\mshta.exe2013-05-01 14:32 . 2013-05-01 14:32 136192 ----a-w- c:\windows\system32\iepeers.dll2013-05-01 14:32 . 2013-05-01 14:32 135680 ----a-w- c:\windows\system32\IEAdvpack.dll2013-05-01 14:32 . 2013-05-01 14:32 12800 ----a-w- c:\windows\system32\msfeedssync.exe2013-05-01 14:32 . 2013-05-01 14:32 102912 ----a-w- c:\windows\system32\inseng.dll2013-04-13 05:49 . 2013-05-15 17:39 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49 . 2013-05-15 17:39 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49 . 2013-05-15 17:39 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49 . 2013-05-15 17:39 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45 . 2013-05-15 17:39 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-04-13 04:45 . 2013-05-15 17:39 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll2013-04-12 14:45 . 2013-04-23 20:04 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys2013-04-10 05:24 . 2013-05-15 17:39 983912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2013-04-10 05:24 . 2013-05-15 17:39 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys2013-04-10 03:30 . 2013-05-15 17:39 3153920 ----a-w- c:\windows\system32\win32k.sys2013-03-19 06:04 . 2013-04-10 14:33 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe2013-03-19 05:53 . 2013-05-15 17:39 48640 ----a-w- c:\windows\system32\wwanprotdim.dll2013-03-19 05:53 . 2013-05-15 17:39 230400 ----a-w- c:\windows\system32\wwansvc.dll2013-03-19 05:46 . 2013-04-10 14:33 43520 ----a-w- c:\windows\system32\csrsrv.dll2013-03-19 05:04 . 2013-04-10 14:33 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-03-19 05:04 . 2013-04-10 14:33 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-03-19 04:47 . 2013-04-10 14:33 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll2013-03-19 03:06 . 2013-04-10 14:33 112640 ----a-w- c:\windows\system32\smss.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 129272 ----a-w- c:\users\Jenna\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 129272 ----a-w- c:\users\Jenna\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 129272 ----a-w- c:\users\Jenna\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-10-11 1979]"Spotify Web Helper"="c:\users\Jenna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-12 1105408]"HLBackupScheduler"="c:\program files\Backup Assistant Plus\V CAST Backup Scheduler.exe" [2012-08-20 7065224]"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-04-08 4288048]"Spotify"="c:\users\Jenna\AppData\Roaming\Spotify\spotify.exe" [2013-05-12 4573184]"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2011-12-05 291096]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904]"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-07-27 75048]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-10-11 1979].c:\users\Jenna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Jenna\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-3-12 29106336].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0bootalyac.exe\0.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ALYac_UpdSrv]@="Service".R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/07/26 20:49;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]R3 EstRtwIFDrvTemp;EstRtwIFDrvTemp;c:\program files\estsoft\alyac\plugin\realtime\EstRtw.sys;c:\program files\estsoft\alyac\plugin\realtime\EstRtw.sys [x]R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]R3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]S1 EstRtwIFDrv;EstRtwIFDrv;c:\windows\system32\drivers\EstRtw.sys;c:\windows\SYSNATIVE\drivers\EstRtw.sys [x]S2 ALYac_RTSrv;ALYac RealTime Service;c:\program files\ESTsoft\ALYac\AYRTSrv.aye;c:\program files\ESTsoft\ALYac\AYRTSrv.aye [x]S2 ALYac_UpdSrv;ALYac Update Service;c:\program files\ESTsoft\ALYac\AYUpdSrv.aye;c:\program files\ESTsoft\ALYac\AYUpdSrv.aye [x]S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe [x]S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [x]S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys;c:\windows\SYSNATIVE\drivers\iPodDrv.sys [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]S3 hswpan;WPAN Driver;c:\windows\system32\drivers\hswpan.sys;c:\windows\SYSNATIVE\drivers\hswpan.sys [x]S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]S3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver.sys;c:\windows\SYSNATIVE\drivers\Smb_driver.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL*Deregistered* - CLKMDRV10_38F51D56.Contents of the 'Scheduled Tasks' folder.2013-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-06 21:11].2013-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-06 21:11].2013-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3569561272-1230230878-413452085-1001Core.job- c:\users\Jenna\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-25 07:31].2013-06-13 c:\windows\Tasks\HPCeeScheduleForJenna.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43].2013-06-08 c:\windows\Tasks\HPCeeScheduleForJENNASPRECIOUS$.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 162552 ----a-w- c:\users\Jenna\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 162552 ----a-w- c:\users\Jenna\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 162552 ----a-w- c:\users\Jenna\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 162552 ----a-w- c:\users\Jenna\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]"ALYac"="c:\program files\ESTsoft\ALYac\AYLaunch.exe" [2013-05-28 274752]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-07-27 170264]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-07-27 398616]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-07-27 439064]"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-03-15 178960]"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-03-27 11407120]"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-09-11 1425408]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.naver.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.local;192.168.*.*IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105Trusted Zone: fishbattle.net\wwwTCP: DhcpNameServer = 192.168.1.1DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKCU-Run-AdobeBridge - (no file)Wow6432Node-HKLM-Run-<NO NAME> - (no file)c:\users\Jenna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3520 series.lnk - (no file)HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startHKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexecHKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exeAddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ALYac_RTSrv]"ImagePath"="\"c:\program files\ESTsoft\ALYac\AYRTSrv.aye\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ALYac_UpdSrv]"ImagePath"="\"c:\program files\ESTsoft\ALYac\AYUpdSrv.aye\"".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exec:\program files (x86)\HP SimplePass\IEWebSiteLogon.exec:\program files (x86)\CyberLink\YouCam\YCMMirage.exe.**************************************************************************.Completion time: 2013-06-16 14:56:12 - machine was rebootedComboFix-quarantined-files.txt 2013-06-16 18:56.Pre-Run: 50,510,168,064 bytes freePost-Run: 50,366,377,984 bytes free.- - End Of File - - 457880FEAB2D61821999693ED134AB18D41D8CD98F00B204E9800998ECF8427E<Step 4>Here are the contents of checkup.txt:Results of screen317's Security Check version 0.99.64 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:``````````````Windows Firewall Enabled! ?? Antivirus up to date! `````````Anti-malware/Other Utilities Check:`````````JavaFX 2.0.3 Java 7 Update 9 Java version out of Date!Adobe Reader 10.1.0 Adobe Reader out of Date! Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.94 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check`````````````````Total Fragmentation on Drive C: 2%````````````````````End of Log``````````````````````My computer seems to be running fine! I did have to reboot after running ComboFix, but otherwise everything is in top shape.I was wondering, is there any way to know where the virus originated from? I'd like to prevent this from happening again, so I'd like to know if it was from a site I visit regularly, or a program I thought was safe.Thanks again!-CobaltArrow Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted June 16, 2013 ID:692006 Share Posted June 16, 2013 I was wondering, is there any way to know where the virus originated from? I'd like to prevent this from happening again, so I'd like to know if it was from a site I visit regularly, or a program I thought was safe.It's tough to say as malware can come from many different sources. As we wrap things up, I'll provide you with some suggestions for security software .----------------We still have some more cleanup to do:Please do the following:1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it:KILLALL::Driver::CLKMDRV10_38F51D56File::C:\Windows\System32\Drivers\CLKMDRV10_38F51D56.sysReboot::Save this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now Link to post Share on other sites More sharing options...
CobaltArrow Posted June 16, 2013 Author ID:692055 Share Posted June 16, 2013 DFB,Here is ComboFix.txt:ComboFix 13-06-15.01 - Jenna 2013-06-16 18:16:32.2.8 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8091.5735 [GMT -4:00]Running from: c:\users\Jenna\Desktop\ComboFix.exeCommand switches used :: c:\users\Jenna\Desktop\CFScript.txtSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:\windows\System32\Drivers\CLKMDRV10_38F51D56.sys"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\nautoup.logc:\users\Jenna\AppData\Local\Temp\_MEI38282\_ctypes.pydc:\users\Jenna\AppData\Local\Temp\_MEI38282\_elementtree.pydc:\users\Jenna\AppData\Local\Temp\_MEI38282\_hashlib.pydc:\users\Jenna\AppData\Local\Temp\_MEI38282\_multiprocessing.pydc:\users\Jenna\AppData\Local\Temp\_MEI38282\_socket.pydc:\users\Jenna\AppData\Local\Temp\_MEI38282\_ssl.pydc:\users\Jenna\AppData\Local\Temp\_MEI38282\pyexpat.pydc:\users\Jenna\AppData\Local\Temp\_MEI38282\pysqlite2._sqlite.pydc:\users\Jenna\AppData\Local\Temp\_MEI38282\python27.dllc:\users\Jenna\AppData\Local\Temp\_MEI38282\pythoncom27.dllc:\users\Jenna\AppData\Local\Temp\_MEI38282\PyWinTypes27.dllc:\users\Jenna\AppData\Local\Temp\_MEI38282\select.pydc:\users\Jenna\AppData\Local\Temp\_MEI38282\unicodedata.pydc:\users\Jenna\AppData\Local\Temp\_MEI38282\win32api.pydc:\users\Jenna\AppData\Local\Temp\_MEI38282\win32com.shell.shell.pydc:\users\Jenna\AppData\Local\Temp\_MEI38282\win32crypt.pydc:\users\Jenna\AppData\Local\Temp\_MEI38282\win32event.pydc:\users\Jenna\AppData\Local\Temp\_MEI38282\win32file.pydc:\users\Jenna\AppData\Local\Temp\_MEI38282\win32inet.pydc:\users\Jenna\AppData\Local\Temp\_MEI38282\win32pdh.pydc:\users\Jenna\AppData\Local\Temp\_MEI38282\win32process.pydc:\users\Jenna\AppData\Local\Temp\_MEI38282\win32profile.pydc:\users\Jenna\AppData\Local\Temp\_MEI38282\win32security.pydc:\users\Jenna\AppData\Local\Temp\_MEI38282\win32ts.pydc:\users\Jenna\AppData\Local\Temp\_MEI38282\windows._cacheinvalidation.pydc:\users\Jenna\AppData\Local\Temp\_MEI38282\wx._controls_.pydc:\users\Jenna\AppData\Local\Temp\_MEI38282\wx._core_.pydc:\users\Jenna\AppData\Local\Temp\_MEI38282\wx._gdi_.pydc:\users\Jenna\AppData\Local\Temp\_MEI38282\wx._html2.pydc:\users\Jenna\AppData\Local\Temp\_MEI38282\wx._misc_.pydc:\users\Jenna\AppData\Local\Temp\_MEI38282\wx._windows_.pydc:\users\Jenna\AppData\Local\Temp\_MEI38282\wx._wizard.pydc:\users\Jenna\AppData\Local\Temp\_MEI38282\wxbase294u_net_vc90.dllc:\users\Jenna\AppData\Local\Temp\_MEI38282\wxbase294u_vc90.dllc:\users\Jenna\AppData\Local\Temp\_MEI38282\wxmsw294u_adv_vc90.dllc:\users\Jenna\AppData\Local\Temp\_MEI38282\wxmsw294u_core_vc90.dllc:\users\Jenna\AppData\Local\Temp\_MEI38282\wxmsw294u_html_vc90.dllc:\users\Jenna\AppData\Local\Temp\_MEI38282\wxmsw294u_webview_vc90.dllc:\windows\wininit.ini..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_CLKMDRV10_38F51D56..((((((((((((((((((((((((( Files Created from 2013-05-16 to 2013-06-16 )))))))))))))))))))))))))))))))..2013-06-16 22:25 . 2013-06-16 22:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2013-06-16 18:05 . 2013-06-16 18:05 -------- d-----w- c:\programdata\Malwarebytes2013-06-16 06:50 . 2013-06-16 06:50 -------- d-----w- C:\FRST2013-06-16 05:16 . 2013-06-16 05:19 -------- d-----w- c:\users\Jenna\AppData\Local\Turbine2013-06-16 05:16 . 2013-06-16 05:18 -------- d-----w- c:\users\Jenna\AppData\Local\ApplicationHistory2013-06-16 05:14 . 2013-06-16 05:14 -------- d-----w- c:\windows\SysWow64\URTTEMP2013-06-16 05:11 . 2013-06-16 05:11 -------- d-----w- c:\programdata\Turbine2013-06-16 05:10 . 2013-06-16 05:18 -------- d-----w- c:\programdata\HappyCloud2013-06-15 04:46 . 2013-06-15 04:46 -------- d-----w- c:\programdata\TamoSoft2013-06-15 04:46 . 2013-06-15 04:46 -------- d-----w- c:\program files (x86)\CommViewWiFi2013-06-14 22:31 . 2013-06-14 22:31 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys2013-06-14 22:31 . 2013-06-14 22:41 -------- d-----w- c:\users\Jenna\AppData\Roaming\DAEMON Tools Lite2013-06-14 22:31 . 2013-06-14 22:31 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite2013-06-14 21:40 . 2013-06-14 21:42 -------- d-----w- c:\programdata\DAEMON Tools Lite2013-06-14 18:39 . 2013-06-14 18:39 -------- d-----w- c:\program files\7-Zip2013-06-14 15:39 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E17760D9-41BB-4ED1-9B79-9B18D379002F}\mpengine.dll2013-06-12 15:13 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-06-10 19:47 . 2013-06-10 19:47 -------- d-----w- c:\users\Jenna\I love David Tennant2013-06-10 19:44 . 2013-06-10 19:44 -------- d-----w- c:\users\Jenna\Teeny2013-06-10 19:43 . 2013-06-10 19:43 -------- d-----w- c:\users\Jenna\animal2013-06-10 19:31 . 2013-06-16 17:10 -------- d-----w- c:\users\Jenna\temp2013-06-10 02:40 . 2013-06-10 02:40 -------- d-----w- c:\users\Jenna\AppData\Local\ISolo2013-06-10 02:40 . 2013-06-10 02:40 -------- d-----w- c:\programdata\ISolo2013-06-10 02:40 . 2013-06-10 02:40 -------- d-----w- c:\program files (x86)\Lingual Media Player2013-06-04 05:02 . 2013-06-04 05:02 -------- d-----w- c:\program files\Motorola Inc2013-05-24 00:15 . 2013-05-24 00:15 -------- d-----w- c:\users\Jenna\AppData\Roaming\NVIDIA2013-05-20 03:07 . 2013-05-20 03:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll2013-05-20 03:07 . 2013-05-20 03:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll2013-05-20 03:07 . 2013-05-20 03:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll2013-05-20 03:07 . 2013-05-20 03:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll2013-05-20 03:07 . 2013-05-20 03:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll2013-05-20 03:07 . 2013-05-20 03:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll2013-05-20 03:07 . 2013-05-20 03:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll2013-05-20 03:06 . 2013-05-20 03:07 -------- d-----w- c:\program files (x86)\QuickTime...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-05-31 05:26 . 2012-07-25 22:44 262936 ----a-w- c:\windows\system32\drivers\EstRtw.sys2013-05-13 02:41 . 2011-03-29 02:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2013-05-09 22:57 . 2012-12-25 08:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll2013-05-02 06:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe2013-05-01 14:32 . 2013-05-01 14:32 226304 ----a-w- c:\windows\system32\elshyph.dll2013-05-01 14:32 . 2013-05-01 14:32 185344 ----a-w- c:\windows\SysWow64\elshyph.dll2013-05-01 14:32 . 2013-05-01 14:32 158720 ----a-w- c:\windows\SysWow64\msls31.dll2013-05-01 14:32 . 2013-05-01 14:32 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2013-05-01 14:32 . 2013-05-01 14:32 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll2013-05-01 14:32 . 2013-05-01 14:32 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll2013-05-01 14:32 . 2013-05-01 14:32 81408 ----a-w- c:\windows\system32\icardie.dll2013-05-01 14:32 . 2013-05-01 14:32 762368 ----a-w- c:\windows\system32\ieapfltr.dll2013-05-01 14:32 . 2013-05-01 14:32 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2013-05-01 14:32 . 2013-05-01 14:32 61952 ----a-w- c:\windows\SysWow64\tdc.ocx2013-05-01 14:32 . 2013-05-01 14:32 523264 ----a-w- c:\windows\SysWow64\vbscript.dll2013-05-01 14:32 . 2013-05-01 14:32 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2013-05-01 14:32 . 2013-05-01 14:32 452096 ----a-w- c:\windows\system32\dxtmsft.dll2013-05-01 14:32 . 2013-05-01 14:32 441856 ----a-w- c:\windows\system32\html.iec2013-05-01 14:32 . 2013-05-01 14:32 38400 ----a-w- c:\windows\SysWow64\imgutil.dll2013-05-01 14:32 . 2013-05-01 14:32 361984 ----a-w- c:\windows\SysWow64\html.iec2013-05-01 14:32 . 2013-05-01 14:32 281600 ----a-w- c:\windows\system32\dxtrans.dll2013-05-01 14:32 . 2013-05-01 14:32 270848 ----a-w- c:\windows\system32\iedkcs32.dll2013-05-01 14:32 . 2013-05-01 14:32 235008 ----a-w- c:\windows\system32\url.dll2013-05-01 14:32 . 2013-05-01 14:32 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll2013-05-01 14:32 . 2013-05-01 14:32 216064 ----a-w- c:\windows\system32\msls31.dll2013-05-01 14:32 . 2013-05-01 14:32 197120 ----a-w- c:\windows\system32\msrating.dll2013-05-01 14:32 . 2013-05-01 14:32 1509376 ----a-w- c:\windows\system32\inetcpl.cpl2013-05-01 14:32 . 2013-05-01 14:32 150528 ----a-w- c:\windows\SysWow64\iexpress.exe2013-05-01 14:32 . 2013-05-01 14:32 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl2013-05-01 14:32 . 2013-05-01 14:32 1400416 ----a-w- c:\windows\system32\ieapfltr.dat2013-05-01 14:32 . 2013-05-01 14:32 138752 ----a-w- c:\windows\SysWow64\wextract.exe2013-05-01 14:32 . 2013-05-01 14:32 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe2013-05-01 14:32 . 2013-05-01 14:32 12800 ----a-w- c:\windows\SysWow64\mshta.exe2013-05-01 14:32 . 2013-05-01 14:32 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2013-05-01 14:32 . 2013-05-01 14:32 247296 ----a-w- c:\windows\system32\webcheck.dll2013-05-01 14:32 . 2013-05-01 14:32 97280 ----a-w- c:\windows\system32\mshtmled.dll2013-05-01 14:32 . 2013-05-01 14:32 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2013-05-01 14:32 . 2013-05-01 14:32 77312 ----a-w- c:\windows\system32\tdc.ocx2013-05-01 14:32 . 2013-05-01 14:32 62976 ----a-w- c:\windows\system32\pngfilt.dll2013-05-01 14:32 . 2013-05-01 14:32 599552 ----a-w- c:\windows\system32\vbscript.dll2013-05-01 14:32 . 2013-05-01 14:32 52224 ----a-w- c:\windows\system32\msfeedsbs.dll2013-05-01 14:32 . 2013-05-01 14:32 51200 ----a-w- c:\windows\system32\imgutil.dll2013-05-01 14:32 . 2013-05-01 14:32 48640 ----a-w- c:\windows\system32\mshtmler.dll2013-05-01 14:32 . 2013-05-01 14:32 27648 ----a-w- c:\windows\system32\licmgr10.dll2013-05-01 14:32 . 2013-05-01 14:32 173568 ----a-w- c:\windows\system32\ieUnatt.exe2013-05-01 14:32 . 2013-05-01 14:32 167424 ----a-w- c:\windows\system32\iexpress.exe2013-05-01 14:32 . 2013-05-01 14:32 149504 ----a-w- c:\windows\system32\occache.dll2013-05-01 14:32 . 2013-05-01 14:32 144896 ----a-w- c:\windows\system32\wextract.exe2013-05-01 14:32 . 2013-05-01 14:32 13824 ----a-w- c:\windows\system32\mshta.exe2013-05-01 14:32 . 2013-05-01 14:32 136192 ----a-w- c:\windows\system32\iepeers.dll2013-05-01 14:32 . 2013-05-01 14:32 135680 ----a-w- c:\windows\system32\IEAdvpack.dll2013-05-01 14:32 . 2013-05-01 14:32 12800 ----a-w- c:\windows\system32\msfeedssync.exe2013-05-01 14:32 . 2013-05-01 14:32 102912 ----a-w- c:\windows\system32\inseng.dll2013-04-13 05:49 . 2013-05-15 17:39 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49 . 2013-05-15 17:39 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49 . 2013-05-15 17:39 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49 . 2013-05-15 17:39 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45 . 2013-05-15 17:39 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-04-13 04:45 . 2013-05-15 17:39 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll2013-04-12 14:45 . 2013-04-23 20:04 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys2013-04-10 05:24 . 2013-05-15 17:39 983912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2013-04-10 05:24 . 2013-05-15 17:39 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys2013-04-10 03:30 . 2013-05-15 17:39 3153920 ----a-w- c:\windows\system32\win32k.sys2013-03-19 06:04 . 2013-04-10 14:33 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe2013-03-19 05:53 . 2013-05-15 17:39 48640 ----a-w- c:\windows\system32\wwanprotdim.dll2013-03-19 05:53 . 2013-05-15 17:39 230400 ----a-w- c:\windows\system32\wwansvc.dll2013-03-19 05:46 . 2013-04-10 14:33 43520 ----a-w- c:\windows\system32\csrsrv.dll2013-03-19 05:04 . 2013-04-10 14:33 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-03-19 05:04 . 2013-04-10 14:33 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-03-19 04:47 . 2013-04-10 14:33 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll2013-03-19 03:06 . 2013-04-10 14:33 112640 ----a-w- c:\windows\system32\smss.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 129272 ----a-w- c:\users\Jenna\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 129272 ----a-w- c:\users\Jenna\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 129272 ----a-w- c:\users\Jenna\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-10-11 1979]"Spotify Web Helper"="c:\users\Jenna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-12 1105408]"HLBackupScheduler"="c:\program files\Backup Assistant Plus\V CAST Backup Scheduler.exe" [2012-08-20 7065224]"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-04-08 4288048]"Spotify"="c:\users\Jenna\AppData\Roaming\Spotify\spotify.exe" [2013-05-12 4573184]"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2011-12-05 291096]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904]"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-07-27 75048]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-10-11 1979].c:\users\Jenna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Jenna\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-3-12 29106336].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0bootalyac.exe\0.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ALYac_UpdSrv]@="Service".R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/07/26 20:49;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]R3 EstRtwIFDrvTemp;EstRtwIFDrvTemp;c:\program files\estsoft\alyac\plugin\realtime\EstRtw.sys;c:\program files\estsoft\alyac\plugin\realtime\EstRtw.sys [x]R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]R3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]S1 EstRtwIFDrv;EstRtwIFDrv;c:\windows\system32\drivers\EstRtw.sys;c:\windows\SYSNATIVE\drivers\EstRtw.sys [x]S2 ALYac_RTSrv;ALYac RealTime Service;c:\program files\ESTsoft\ALYac\AYRTSrv.aye;c:\program files\ESTsoft\ALYac\AYRTSrv.aye [x]S2 ALYac_UpdSrv;ALYac Update Service;c:\program files\ESTsoft\ALYac\AYUpdSrv.aye;c:\program files\ESTsoft\ALYac\AYUpdSrv.aye [x]S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe [x]S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [x]S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys;c:\windows\SYSNATIVE\drivers\iPodDrv.sys [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]S3 hswpan;WPAN Driver;c:\windows\system32\drivers\hswpan.sys;c:\windows\SYSNATIVE\drivers\hswpan.sys [x]S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]S3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver.sys;c:\windows\SYSNATIVE\drivers\Smb_driver.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - CLKMDRV10_38F51D56*Deregistered* - CLKMDRV10_38F51D56.Contents of the 'Scheduled Tasks' folder.2013-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-06 21:11].2013-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-06 21:11].2013-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3569561272-1230230878-413452085-1001Core.job- c:\users\Jenna\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-25 07:31].2013-06-13 c:\windows\Tasks\HPCeeScheduleForJenna.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43].2013-06-08 c:\windows\Tasks\HPCeeScheduleForJENNASPRECIOUS$.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 162552 ----a-w- c:\users\Jenna\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 162552 ----a-w- c:\users\Jenna\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 162552 ----a-w- c:\users\Jenna\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 162552 ----a-w- c:\users\Jenna\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]"ALYac"="c:\program files\ESTsoft\ALYac\AYLaunch.exe" [2013-05-28 274752]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-07-27 170264]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-07-27 398616]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-07-27 439064]"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-03-15 178960]"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-03-27 11407120]"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-09-11 1425408]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.naver.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.local;192.168.*.*IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105Trusted Zone: fishbattle.net\wwwTCP: DhcpNameServer = 192.168.1.1DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKLM-Run-<NO NAME> - (no file)AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ALYac_RTSrv]"ImagePath"="\"c:\program files\ESTsoft\ALYac\AYRTSrv.aye\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ALYac_UpdSrv]"ImagePath"="\"c:\program files\ESTsoft\ALYac\AYUpdSrv.aye\"".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exec:\program files (x86)\HP SimplePass\IEWebSiteLogon.exec:\program files (x86)\CyberLink\YouCam\YCMMirage.exe.**************************************************************************.Completion time: 2013-06-16 18:27:59 - machine was rebootedComboFix-quarantined-files.txt 2013-06-16 22:27ComboFix2.txt 2013-06-16 18:56.Pre-Run: 50,383,257,600 bytes freePost-Run: 49,855,545,344 bytes free.- - End Of File - - B6ADF76F2CC16ADC1C8A57E03970A1CCD41D8CD98F00B204E9800998ECF8427EEverything is still running smoothly. Is there anything else I need to do?-CobaltArrow Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted June 16, 2013 ID:692063 Share Posted June 16, 2013 Still not quite clean yet, but we're getting there.----------Step 1----------------Please download AdwCleaner by Xplode onto your desktop.Double click on AdwCleaner.exe to run the tool.Click on Search.A logfile will automatically open after the scan has finished.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[R1].txt as well.----------Step 2----------------Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.----------Step 3----------------We need to create a New FULL OTL ReportPlease download OTL from here if you have not done so already:Main Mirror[*]Save it to your desktop.[*]Double click on the OTL icon on your desktop.[*]Click the "Scan All Users" checkbox.[*]Change the "Extra Registry" option to "SafeList"[*]Push the Run Scan button.[*]Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimized----------Step 4 (note: this scan may take a little time)----------------I'd like us to scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window.ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.[*]Check [*]Click the button.[*]Accept any security warnings from your browser.[*]Check [*]Push the Start button.[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.[*]When the scan completes, push [*]Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.[*]Push the button.[*]Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt----------Step 5----------------Please post the AdwCleaner logfile, the JRT.txt, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.Let me know how things go. Link to post Share on other sites More sharing options...
CobaltArrow Posted June 17, 2013 Author ID:692120 Share Posted June 17, 2013 Here are the files you requested:(1)AdwCleaner logfile:# AdwCleaner v2.303 - Logfile created 06/16/2013 at 20:06:14# Updated 08/06/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Jenna - JENNASPRECIOUS# Boot Mode : Normal# Running from : C:\Users\Jenna\Desktop\AdwCleaner.exe# Option [search]***** [services] ********** [Files / Folders] *****File Found : C:\Users\Jenna\AppData\Local\funmoods.crxFolder Found : C:\ProgramData\InstallMateFolder Found : C:\ProgramData\PremiumFolder Found : C:\Users\Jenna\AppData\LocalLow\Download and SaFolder Found : C:\Users\Jenna\AppData\Roaming\OpenCandyFolder Found : C:\Users\Jenna\AppData\Roaming\SendSpace***** [Registry] *****Key Found : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphhKey Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXEKey Found : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvcKey Found : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1Key Found : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCSKey Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphhKey Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphhKey Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}Key Found : HKU\S-1-5-21-3569561272-1230230878-413452085-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Found : HKU\S-1-5-21-3569561272-1230230878-413452085-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}Key Found : HKU\S-1-5-21-3569561272-1230230878-413452085-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Found : HKU\S-1-5-21-3569561272-1230230878-413452085-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Found : HKU\S-1-5-21-3569561272-1230230878-413452085-1001\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Key Found : HKU\S-1-5-21-3569561272-1230230878-413452085-1001\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}***** [internet Browsers] *****-\\ Internet Explorer v10.0.9200.16611[OK] Registry is clean.-\\ Google Chrome v27.0.1453.110File : C:\Users\Jenna\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [4358 octets] - [16/06/2013 20:06:14]########## EOF - C:\AdwCleaner[R1].txt - [4418 octets] ##########(2)JRT.txt:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 4.9.4 (05.06.2013:1)OS: Windows 7 Home Premium x64Ran by Jenna on 2013-06-16 at 20:10:07.67~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.funmoodsesrvcSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.funmoodsesrvc.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\esrv.exeSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\funmoodssetup_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\funmoodssetup_rasmancsSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C7C622C5-76D3-4E67-AE98-33C1249A0870}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E4FD6B3C-9880-46A5-B5D3-12252D97F608}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{C7C622C5-76D3-4E67-AE98-33C1249A0870}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}~~~ FilesSuccessfully deleted: [File] "C:\Users\Jenna\appdata\local\funmoods.crx"~~~ FoldersSuccessfully deleted: [Folder] "C:\ProgramData\installmate"Successfully deleted: [Folder] "C:\ProgramData\premium"Successfully deleted: [Folder] "C:\Users\Jenna\AppData\Roaming\opencandy"Successfully deleted: [Folder] "C:\Users\Jenna\appdata\locallow\download and sa"Successfully deleted: [Empty Folder] C:\Users\Jenna\appdata\local\{18E99386-118D-41BB-A352-547C5D2F26C3}Successfully deleted: [Empty Folder] C:\Users\Jenna\appdata\local\{2D79D2F3-EF12-4199-AAA1-9D23F856D0EC}Successfully deleted: [Empty Folder] C:\Users\Jenna\appdata\local\{6C0C3410-6596-40A2-B283-72F029BCC583}Successfully deleted: [Empty Folder] C:\Users\Jenna\appdata\local\{8F2C464C-73AC-4826-8A20-83C4DF0D8DFD}Successfully deleted: [Empty Folder] C:\Users\Jenna\appdata\local\{A12ADDFE-8937-4767-A423-B863633BAF2C}Successfully deleted: [Empty Folder] C:\Users\Jenna\appdata\local\{B6682A00-4AA4-47F2-9738-548B98F806BE}Successfully deleted: [Empty Folder] C:\Users\Jenna\appdata\local\{C06F217F-8A58-4E3A-BBEC-67E518FD8FA4}Successfully deleted: [Empty Folder] C:\Users\Jenna\appdata\local\{CC00552D-7DF8-4261-8B46-AC4A89508789}Successfully deleted: [Empty Folder] C:\Users\Jenna\appdata\local\{CFA5E5FE-F9BF-482D-B348-8CE6D085F3A4}~~~ ChromeSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphhSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 2013-06-16 at 20:13:32.87End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~(3) OTL.txt:OTL.Txt(4) Extras.txt:OTL Extras logfile created on: 2013-06-16 ¿ÀÈÄ 8:16:42 - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jenna\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16614)Locale: 00000412 | Country: Korea | Language: KOR | Date Format: yyyy-MM-dd7.90 Gb Total Physical Memory | 3.29 Gb Available Physical Memory | 41.70% Memory free15.80 Gb Paging File | 11.77 Gb Available in Paging File | 74.47% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 676.47 Gb Total Space | 44.11 Gb Free Space | 6.52% Space Free | Partition Type: NTFSDrive D: | 21.87 Gb Total Space | 2.35 Gb Free Space | 10.73% Space Free | Partition Type: NTFSDrive E: | 43.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFSComputer Name: JENNASPRECIOUS | User Name: Jenna | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)========== Shell Spawning ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.========== Security Center Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0========== Firewall Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 1"DisableNotifications" = 0========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]========== Vista Active Open Ports Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{11F66ECF-8ED2-4126-B5C5-785D9F013620}" = lport=7000 | protocol=17 | dir=in | name=windows easy transfer udp port |"{49DB290F-B2EF-4AEA-840A-8BEB41373DEF}" = lport=7000 | protocol=6 | dir=in | name=windows easy transfer tcp port |"{72E8BFD6-162F-46B5-9A09-335AF358FE01}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |"{7CB90C2A-41B0-409A-95C7-474CB84E5B22}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |"{F262319D-6EED-4EF8-B07A-DA76218DC370}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |========== Vista Active Application Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{01AB4771-28F3-43DC-AF29-0A746E151380}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |"{020DCCC2-BE9E-4A3A-B74B-4D8E870097FE}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |"{039EE011-6339-4F18-9E0C-7EAE3C7B6BA6}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |"{044BBC09-128D-4B20-B96B-66CC0E237340}" = protocol=6 | dir=in | app=c:\users\jenna\appdata\roaming\spotify\spotify.exe |"{054273A1-4BF3-4499-A5EC-EBFF7DF40AA7}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |"{09391AA1-A3A8-4B07-BC07-A17E19CD8128}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |"{0A2BF906-65A0-4486-966E-4C9623F57A03}" = protocol=6 | dir=in | app=c:\program files\estsoft\alyac\ayupdsrv.aye |"{195AADCD-6631-42A9-9A63-2979FAF7B22C}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |"{19D9B6E2-C0CF-4CF0-A4E7-16CF0B1C1CAA}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |"{21C6171A-E575-4F7E-B258-6B51CC9F6C37}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |"{2EB86B63-123D-4EF2-AE94-557C0D263DE4}" = protocol=6 | dir=out | app=c:\program files\estsoft\alyac\ayupdsrv.aye |"{2F5697BC-F0B2-4137-8892-A50016C8F1FF}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |"{36FEF9F1-EDD1-4E81-8F8A-B7E17084F3C7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |"{3E9CFB17-505B-44B5-8077-EEE518A43133}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |"{43026BE5-E25A-459E-838B-6613CFE4AA55}" = dir=in | app=c:\program files (x86)\motorola media link\lite\mml.exe |"{49158C53-CE7A-4BC7-BCDA-6B3FE48BC626}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |"{49FE35D0-721A-4CF6-A3FD-555EF6C9ABA6}" = protocol=17 | dir=in | app=c:\users\jenna\appdata\roaming\spotify\spotify.exe |"{4C366F0F-AF28-41B9-BC20-0169AEC9BBE3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |"{5BD29BF0-5BB7-4792-A0B8-75167D869A00}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |"{61F3CC31-333D-4CEC-B893-0568ECFF41F1}" = protocol=6 | dir=in | app=c:\programdata\turbine\ddo unlimited\turbinelauncher.exe |"{6389954B-4C6D-4BFA-B9B2-880A599261D0}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\devicesetup.exe |"{682A0A0E-EDB7-4057-B306-95ADC5F95203}" = protocol=6 | dir=in | app=c:\programdata\turbine\ddo unlimited\dndclient.exe |"{6CCDF539-0A29-46A7-B964-96A016B1D925}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |"{6D4DC974-82DE-4A76-BA59-9AC83A51A16F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |"{6EB946B9-6BF6-4A31-A674-4C763A2EF28A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |"{71CAEE67-B916-4A9D-B64D-F573A9340F31}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |"{72073B48-288E-4290-BDF2-B560266B49A1}" = dir=out | app=c:\program files (x86)\motorola mobility\motocast\motocast.exe |"{73FA05E1-24FD-44DC-BD3A-F530236F14F7}" = protocol=6 | dir=in | app=c:\users\jenna\appdata\roaming\dropbox\bin\dropbox.exe |"{7AC406DA-D8DE-481E-B801-F146668D1550}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |"{88853158-84DD-4D1C-8DD9-13A97751E4F1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |"{89994881-9748-41EB-ACEC-0BA281026BB7}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |"{8C905B52-D78B-4FC7-933F-9C9E6C031900}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |"{8E197721-E2CC-47AA-9899-034388DE22D4}" = protocol=17 | dir=in | app=c:\programdata\turbine\ddo unlimited\turbinelauncher.exe |"{9198A41C-B43A-4C5E-96DE-B14A01ED42A5}" = dir=out | app=c:\program files (x86)\motorola mobility\motocast\bin\motocast-thumbnailer.exe |"{91B38960-96C0-4197-86EF-71BE1958373F}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |"{9481C72F-598E-48D0-983D-682E8CA2ADD3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |"{9CEEFA7B-10EE-4717-93AD-B8B01541B493}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |"{9D198F19-808B-4168-99A4-BCA65CE78401}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |"{A03913A4-CC76-4E9F-A293-1ECB18A01856}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe |"{B2A1571F-5F74-44F0-AC70-94D10CC20017}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |"{B2FF36E8-23C3-4759-9C69-8AEC1BB526EA}" = protocol=17 | dir=in | app=c:\programdata\turbine\ddo unlimited\dndclient.exe |"{B8B382B4-E44C-4107-8EB6-9CB0978841FF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |"{C5B6E226-4BEB-469C-AEF7-095F4C7DAD02}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |"{CD3532CB-9D72-4115-A9A6-0FA7809B03A0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |"{D08363DE-6F0D-4317-B0FE-B357F1AAFA71}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |"{D3354786-05E6-47FB-9E7E-316E1A3696DC}" = dir=in | app=c:\program files (x86)\motorola mobility\motocast\bin\motocast-thumbnailer.exe |"{D58D2D07-2D16-482F-BB97-FF076D0FE2A2}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |"{DAB2C309-56B5-4EF1-A309-96CB7D68BCE3}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |"{E2F6D605-1408-4AC0-B27D-C8C446D185A4}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |"{E377E9EB-B2F8-403B-86CA-4816BDB0E44E}" = dir=in | app=c:\program files (x86)\motorola mobility\motocast\motocast.exe |"{E76AC1C4-26C7-457D-BA32-7851C1DFAD74}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |"{E9732CF3-E4AB-4A43-B5CE-3041D08EA7D5}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |"{E97B5908-E2C6-4E22-A7B9-A10E9DAB08C8}" = protocol=17 | dir=in | app=c:\users\jenna\appdata\roaming\dropbox\bin\dropbox.exe |"{F1C4A0B1-16C3-46E6-9A59-810F84DB338E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |"{FCC7CC99-FE1D-496B-9E21-4C2A50E75072}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |"TCP Query User{1BA7CE96-9EB1-456D-8D18-6076A65D72AF}C:\users\jenna\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jenna\appdata\roaming\dropbox\bin\dropbox.exe |"TCP Query User{1C62F4B8-7F44-44E6-B92E-5180DA82B8A3}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |"TCP Query User{25905235-CD11-46C0-B090-61DBAB8983AA}C:\users\jenna\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\jenna\appdata\roaming\spotify\spotify.exe |"TCP Query User{3B18E13E-E2BF-4BD4-9223-8D46C9B32805}C:\program files\backup assistant plus\v cast backup scheduler.exe" = protocol=6 | dir=in | app=c:\program files\backup assistant plus\v cast backup scheduler.exe |"TCP Query User{50203353-1306-430D-9ECE-7CB56EF9576C}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |"TCP Query User{5ECB41D8-4A3F-4047-B87B-A2A6D17F20AF}C:\program files\backup assistant plus\verizon.exe" = protocol=6 | dir=in | app=c:\program files\backup assistant plus\verizon.exe |"TCP Query User{60FFEF32-B861-4D53-8834-1C45C1144405}C:\program files\backup assistant plus\verizon.exe" = protocol=6 | dir=in | app=c:\program files\backup assistant plus\verizon.exe |"TCP Query User{69BE1033-3C07-42E0-96CE-2E81BCD20E02}C:\program files\backup assistant plus\v cast backup scheduler.exe" = protocol=6 | dir=in | app=c:\program files\backup assistant plus\v cast backup scheduler.exe |"UDP Query User{0B1B539C-1A15-485E-8A2D-11D8C7378C66}C:\program files\backup assistant plus\verizon.exe" = protocol=17 | dir=in | app=c:\program files\backup assistant plus\verizon.exe |"UDP Query User{0D10D31D-8EFD-43EA-BAE0-1AEED9F8FBC6}C:\program files\backup assistant plus\verizon.exe" = protocol=17 | dir=in | app=c:\program files\backup assistant plus\verizon.exe |"UDP Query User{12A85F42-39EA-40F7-B874-2A916675B48D}C:\users\jenna\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\jenna\appdata\roaming\spotify\spotify.exe |"UDP Query User{4B907576-FCEE-4CFC-A8BC-E27FA5F1B1A4}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |"UDP Query User{5296F48E-DA3E-4F2E-9B0D-EB7D60622CF0}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |"UDP Query User{991F1250-FB29-485B-AF3E-759600B4F641}C:\program files\backup assistant plus\v cast backup scheduler.exe" = protocol=17 | dir=in | app=c:\program files\backup assistant plus\v cast backup scheduler.exe |"UDP Query User{9D591FBF-7EAD-4FD6-8C8F-47420A386119}C:\program files\backup assistant plus\v cast backup scheduler.exe" = protocol=17 | dir=in | app=c:\program files\backup assistant plus\v cast backup scheduler.exe |"UDP Query User{9E29FC71-3AA1-49AB-B0C1-7BCD51F3A554}C:\users\jenna\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jenna\appdata\roaming\dropbox\bin\dropbox.exe |========== HKEY_LOCAL_MACHINE Uninstall List ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes"{0CE7EBAF-157D-4111-9146-057CB2A4023E}" = HP Application Assistant"{177F4FEE-E119-4AB7-9B32-ECF6A1D03719}" = HP Deskjet 3520 series Product Improvement Study"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector"{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}" = 인텔® PROSet/무선 WiFi 소프트웨어"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)"{26A24AE4-039D-4CA4-87B4-2F86417006FF}" = Java 7 Update 6 (64-bit)"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support"{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}" = Intel® PROSet/Wireless Software for Bluetooth® Technology"{4169B8AC-D144-4E38-A9CA-637EA44129ED}" = Intel® Wireless Music device driver"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148"{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}" = HP 3D DriveGuard"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client"{64A3A4F4-B792-11D6-A78A-00B0D0170060}" = Java SE Development Kit 7 Update 6 (64-bit)"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.14"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.14"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components"{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}" = Intel® PROSet/Wireless for Bluetooth® + High Speed"{C5A22A98-AC82-4404-BFB0-1E9F654EB176}" = Motorola Mobile Drivers Installation 6.0.0"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter"{DA83578A-7DB2-4CF6-9453-CF24C7917AB8}" = Validity WBF DDK"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service"{E80963EC-EED7-411A-8AC0-149EC57FB0F9}" = HP Deskjet 3520 series Basic Device Software"{EBC0CC3F-B7A1-4FC8-8014-4C7BFD3925E8}" = AuthenTec TrueAPI 64-bit"{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}" = HP Security Assistant"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"ALYac_is1" = ¾Ë¾à"CCleaner" = CCleaner"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"ProInst" = Intel PROSet Wireless"SynTPDeinstKey" = Synaptics Pointing Device Driver[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86"{0981D0B9-4241-4FF1-AD4E-F93D6F677129}_is1" = Lingual Media Player version 1.6.1"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3"{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}" = HP CoolSense"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker"{1ABA2AF6-A2BB-486C-A7CB-FCF34C135D92}" = Cisco AnyConnect VPN Client"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery"{34C821CA-6B55-44A0-8A9B-2EF471D6019E}" = HP SimplePass"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology"{3F122044-172F-4DC6-96CA-0DD4300E9CD9}" = HP Documentation"{402F6F2E-5683-491C-977D-0CA599A07CAF}" = Adobe CS6 Design and Web Premium"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple 응용 프로그램 지원"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2"{4F541CF7-7562-4EE1-9CA5-E6D73CCD34D8}" = HP Software Framework"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch"{5401CEE8-3C2D-4835-A802-213306537FF4}" = MotoCast"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE"{6CEF2BC6-8929-44EE-8360-175513E1A49A}" = Secure Download Manager"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{74A8E1BE-D438-4C35-ABFF-3A1EAF17526E}" = Blio"{768A6276-5822-489C-8A2B-67190F745655}" = ESU for Microsoft Windows 7 SP1"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime"{8CE152BA-1D16-11E1-867D-984BE15F174E}" = Evernote v. 4.5.2"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker"{93F34C5C-ACAA-48F3-9B26-70359A117F12}" = Intel® WiDi"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager"{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}" = HP Deskjet 3520 series Setup Guide"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6"{C13E1F46-84FE-4D3B-8581-0F2F624C7EEC}" = HP Deskjet 3520 series Help"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86"{CDED9EF0-D072-11DF-2EA6-0104A00B0BB3}" = CommView for WiFi"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform"{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources"{DEAD13D3-BC70-4AAE-AEF9-BE6297E106D1}" = Motorola Device Software Update"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Shockwave Player" = Adobe Shockwave Player 11.6"ALMind_is1" = ¾Ë¸¶Àεå Lite 1.2"ALUpdate_is1" = ¾ËÅøÁî ¾÷µ¥ÀÌÆ®"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17"AutoHotkey" = AutoHotkey 1.0.48.05"Backup Assistant Plus" = Backup Assistant Plus"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager"com.adobe.WidgetBrowser" = Adobe Widget Browser"DAEMON Tools Lite" = DAEMON Tools Lite"doubleTwist" = doubleTwist"DtsFilter" = DTS+AC3 Filter"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]"GOM Player" = GOM Player"GomTV Launcher Plugin" = GOMTV Plug-in"HP Photo Creations" = HP Photo Creations"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD"Mabinogi" = Mabinogi"MapleStory" = MapleStory"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1"MPEG2ÄÚµ¦(libmpeg2/mad)" = MPEG2ÄÚµ¦(libmpeg2/mad)"MuseScore" = MuseScore 1.3"Office14.Click2Run" = Microsoft Office Click-to-Run 2010"Office14.PROPLUS" = Microsoft Office Professional Plus 2010"SumatraPDF" = SumatraPDF"uTorrent" = µTorrent"WildTangent hp Master Uninstall" = HP Games"WinLiveSuite" = Windows Live Essentials"WTA-0b104c12-dbb1-4c79-8b38-6c6e4ce325e3" = Bejeweled 3"WTA-107fe714-24a7-4fe4-965b-229b8bd24b44" = Final Drive Fury"WTA-15b06ce9-f456-48f5-a2ef-ba521d3561be" = John Deere Drive Green"WTA-1995e512-b779-47b5-acb3-d6566b3e6c4a" = Poker Superstars III"WTA-231000ec-3ac6-4848-9457-07940d093afa" = Torchlight"WTA-341039b8-b6b3-4bde-96de-32fd1e414649" = RollerCoaster Tycoon 3: Platinum"WTA-55d63651-5bc9-41f7-bf5d-b79c15cdc5bd" = Zuma's Revenge"WTA-696100e5-ed64-4699-8835-d937a8d12a46" = Plants vs. Zombies - Game of the Year"WTA-6c389dfa-f219-4b27-bff4-1a47254cfef1" = Polar Golfer"WTA-6fe14483-83c6-4c56-8c40-89b0f6532064" = Farmscapes"WTA-718e4272-b5d5-4463-b3b2-2d3ec6cc951a" = Letters from Nowhere 2"WTA-8740d9d4-6418-4275-81f2-1458f28145d0" = Jewel Match 3"WTA-93467d49-48ca-421c-a6db-660a69d19f3f" = Mah Jong Medley"WTA-97c0eaca-b57a-4537-b4ef-c1bb6bd2c0d9" = The Treasures of Mystery Island: The Ghost Ship"WTA-9f667811-0732-4527-95f9-64d01ffbd0d2" = Chuzzle Deluxe"WTA-a9a99d24-ebfb-4ee3-96d0-9d3fb8bdaaa2" = Cradle of Rome 2"WTA-acb1bb99-4941-412e-bf9e-4fde81dccaa2" = Blackhawk Striker 2"WTA-acfc8311-629b-4a38-aa0e-c9df138dd60a" = Virtual Villagers 4 - The Tree of Life"WTA-bf81c8cb-944a-4194-aa55-728f5318c4a4" = Hoyle Card Games"WTA-c030e614-dbb5-452b-b470-2b9abfaa13d0" = Dora's World Adventure"WTA-c465c5c9-aee0-4502-8b40-e55867e6ce6a" = Polar Bowler"WTA-caec18f3-e7ff-4b5d-ae15-78daa661c85a" = Luxor HD"WTA-dd291106-2fab-4e1b-af65-4e164bc65827" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition"WTA-e15f4cb9-6c89-4d42-896a-f7c1a31d0723" = Farm Frenzy"WTA-f005e00f-fec5-436f-b058-2268e4008a5b" = FATE"WTA-f6c08ff1-4368-4f09-8a4c-4e56944d20f9" = Penguins!========== HKEY_USERS Uninstall List ==========[HKEY_USERS\S-1-5-21-3569561272-1230230878-413452085-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Amazon Kindle" = Amazon Kindle"DDO_midres_en" = Dungeons and Dragons Online"Dropbox" = Dropbox"Google Chrome" = Google Chrome"HappyCloud" = Happy Cloud Client"Spotify" = Spotify========== Last 20 Event Log Errors ==========[ Cisco AnyConnect VPN Client Events ]Error - 2013-06-16 ¿ÀÈÄ 2:18:45 | Computer Name = JennasPrecious | Source = vpnagent | ID = 67108866Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.File:C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:No such file or directoryError - 2013-06-16 ¿ÀÈÄ 2:18:58 | Computer Name = JennasPrecious | Source = vpnagent | ID = 67108866Description = Function: CDNSRequest::OnSocketReadComplete File: .\IP\DNSRequest.cppLine:1069 Invoked Function: CDNSRequest::processResponse Return Code: -29229043 (0xFE42000D)Description:DNSREQUEST_ERROR_NO_SUCH_NAME Failed to resolve 39.109.5.192.in-addr.arpa via DNSserver 192.168.1.1Error - 2013-06-16 ¿ÀÈÄ 2:54:02 | Computer Name = JennasPrecious | Source = vpnagent | ID = 67108866Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.File:C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:No such file or directoryError - 2013-06-16 ¿ÀÈÄ 2:54:14 | Computer Name = JennasPrecious | Source = vpnagent | ID = 67108866Description = Function: CDNSRequest::OnSocketReadComplete File: .\IP\DNSRequest.cppLine:1069 Invoked Function: CDNSRequest::processResponse Return Code: -29229043 (0xFE42000D)Description:DNSREQUEST_ERROR_NO_SUCH_NAME Failed to resolve 39.109.5.192.in-addr.arpa via DNSserver 192.168.1.1Error - 2013-06-16 ¿ÀÈÄ 3:07:27 | Computer Name = JennasPrecious | Source = vpnagent | ID = 67108866Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.File:C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:No such file or directoryError - 2013-06-16 ¿ÀÈÄ 3:07:33 | Computer Name = JennasPrecious | Source = vpnagent | ID = 67108866Description = Function: CDNSRequest::OnSocketReadComplete File: .\IP\DNSRequest.cppLine:1069 Invoked Function: CDNSRequest::processResponse Return Code: -29229043 (0xFE42000D)Description:DNSREQUEST_ERROR_NO_SUCH_NAME Failed to resolve 39.109.5.192.in-addr.arpa via DNSserver 192.168.1.1Error - 2013-06-16 ¿ÀÈÄ 6:26:13 | Computer Name = JennasPrecious | Source = vpnagent | ID = 67108866Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.File:C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:No such file or directoryError - 2013-06-16 ¿ÀÈÄ 6:26:19 | Computer Name = JennasPrecious | Source = vpnagent | ID = 67108866Description = Function: CDNSRequest::OnSocketReadComplete File: .\IP\DNSRequest.cppLine:1069 Invoked Function: CDNSRequest::processResponse Return Code: -29229043 (0xFE42000D)Description:DNSREQUEST_ERROR_NO_SUCH_NAME Failed to resolve 39.109.5.192.in-addr.arpa via DNSserver 192.168.1.1Error - 2013-06-16 ¿ÀÈÄ 6:31:02 | Computer Name = JennasPrecious | Source = vpnagent | ID = 67108866Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.File:C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:No such file or directoryError - 2013-06-16 ¿ÀÈÄ 6:31:08 | Computer Name = JennasPrecious | Source = vpnagent | ID = 67108866Description = Function: CDNSRequest::OnSocketReadComplete File: .\IP\DNSRequest.cppLine:1069 Invoked Function: CDNSRequest::processResponse Return Code: -29229043 (0xFE42000D)Description:DNSREQUEST_ERROR_NO_SUCH_NAME Failed to resolve 39.109.5.192.in-addr.arpa via DNSserver 192.168.1.1[ Hewlett-Packard Events ]Error - 2013-04-17 ¿ÀÈÄ 3:21:19 | Computer Name = JennasPrecious | Source = HPSF.exe | ID = 2000Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Message:Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Source:HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\ProgramFiles (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8091RamUtilization: 70 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()Error - 2013-04-17 ¿ÀÈÄ 4:32:34 | Computer Name = JennasPrecious | Source = HPSF.exe | ID = 2000Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Message:Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Source:HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\ProgramFiles (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8091RamUtilization: 70 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()Error - 2013-04-17 ¿ÀÈÄ 7:22:51 | Computer Name = JennasPrecious | Source = HPSF.exe | ID = 2000Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Message:Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Source:HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\ProgramFiles (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8091RamUtilization: TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()Error - 2013-04-17 ¿ÀÈÄ 8:42:05 | Computer Name = JennasPrecious | Source = HPSF.exe | ID = 2000Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Message:Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Source:HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\ProgramFiles (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8091RamUtilization: 60 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()Error - 2013-04-17 ¿ÀÈÄ 9:42:54 | Computer Name = JennasPrecious | Source = HPSF.exe | ID = 2000Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Message:Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Source:HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\ProgramFiles (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8091RamUtilization: TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()Error - 2013-04-17 ¿ÀÈÄ 11:20:54 | Computer Name = JennasPrecious | Source = HPSF.exe | ID = 2000Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Message:Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Source:HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\ProgramFiles (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8091RamUtilization: 70 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()Error - 2013-04-18 ¿ÀÀü 12:23:30 | Computer Name = JennasPrecious | Source = HPSF.exe | ID = 2000Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Message:Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Source:HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\ProgramFiles (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8091RamUtilization: 60 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()Error - 2013-04-18 ¿ÀÀü 10:31:53 | Computer Name = JennasPrecious | Source = HPSF.exe | ID = 2000Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Message:Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Source:HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\ProgramFiles (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8091RamUtilization: 60 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()Error - 2013-04-18 ¿ÀÀü 11:31:59 | Computer Name = JennasPrecious | Source = HPSF.exe | ID = 2000Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Message:Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Source:HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\ProgramFiles (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8091RamUtilization: 60 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()Error - 2013-04-18 ¿ÀÈÄ 3:58:57 | Computer Name = JennasPrecious | Source = HPSF.exe | ID = 2000Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Message:Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Source:HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\ProgramFiles (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8091RamUtilization: 60 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()< End of report >(5) ESET scan log:C:\Users\Jenna\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_8952_267\CRX_INSTALL\50650a2c1b1cf1348799020.js Win32/Adware.MultiPlug.H applicationC:\Users\Jenna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\28a560c7-6204f976 Java/Exploit.Agent.OOZ trojanC:\Users\Jenna\Downloads\GetTest.exe a variant of Win32/Adware.iBryte.G applicationC:\Documents and Settings\Jenna\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_8952_267\CRX_INSTALL\50650a2c1b1cf1348799020.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantinedC:\Documents and Settings\Jenna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\28a560c7-6204f976 Java/Exploit.Agent.OOZ trojan cleaned by deleting - quarantinedC:\Documents and Settings\Jenna\Downloads\GetTest.exe a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantinedC:\FRST\Quarantine\skype.dat a variant of Win32/Kryptik.BDRE trojan cleaned by deleting - quarantinedEverything seems to be running smoothly. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted June 17, 2013 ID:692143 Share Posted June 17, 2013 Still have a little more to do, but we're nearly there.----------Step 1----------------We need to run an OTL FixPlease reopen on your desktop.Copy and Paste the following code into the textbox.:OTL[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ][2009-07-14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini[2009-07-14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013-02-27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013-02-27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]:Commands[purity][emptytemp][emptyjava][emptyflash][Reboot]Push OTL may ask to reboot the machine. Please do so if asked.Click the OK button.A report will open. Copy and Paste that report in your next reply.----------Step 2----------------Instructions for DELETE:Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.You will be prompted to restart your computer. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[s1].txt as well.Afterwards, please reboot the computer.----------Step 3----------------Please post the OTL and AdwCleaner reports in your next reply. How are things running now? Link to post Share on other sites More sharing options...
CobaltArrow Posted June 17, 2013 Author ID:692250 Share Posted June 17, 2013 Here is the OTL report:All processes killed========== OTL ==========C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp deleted successfully.C:\Windows\assembly\Desktop.ini moved successfully.File C:\Windows\assembly\Desktop.ini not found.File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.========== COMMANDS ==========[EMPTYTEMP]User: All UsersUser: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 56475 bytesUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytesUser: Jenna->Temp folder emptied: 22441122 bytes->Temporary Internet Files folder emptied: 10546415 bytes->Java cache emptied: 1040470 bytes->Google Chrome cache emptied: 194896854 bytes->Flash cache emptied: 720 bytesUser: Public->Temp folder emptied: 0 bytesUser: UpdatusUser->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 156061 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42287446 bytesRecycleBin emptied: 7176 bytesTotal Files Cleaned = 259.00 mb[EMPTYJAVA]User: All UsersUser: DefaultUser: Default UserUser: Jenna->Java cache emptied: 0 bytesUser: PublicUser: UpdatusUserTotal Java Files Cleaned = 0.00 mb[EMPTYFLASH]User: All UsersUser: Default->Flash cache emptied: 0 bytesUser: Default User->Flash cache emptied: 0 bytesUser: Jenna->Flash cache emptied: 0 bytesUser: PublicUser: UpdatusUserTotal Flash Files Cleaned = 0.00 mbOTL by OldTimer - Version 3.2.69.0 log created on 06172013_101407Files\Folders moved on Reboot...C:\Users\Jenna\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.C:\Users\Jenna\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.PendingFileRenameOperations files...Registry entries deleted on Reboot...And here is the AdwCleaner report:# AdwCleaner v2.303 - Logfile created 06/17/2013 at 10:21:40# Updated 08/06/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Jenna - JENNASPRECIOUS# Boot Mode : Normal# Running from : C:\Users\Jenna\Desktop\AdwCleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] *****Folder Deleted : C:\Users\Jenna\AppData\Roaming\SendSpace***** [Registry] *****Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphhKey Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}***** [internet Browsers] *****-\\ Internet Explorer v10.0.9200.16611[OK] Registry is clean.-\\ Google Chrome v27.0.1453.110File : C:\Users\Jenna\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [4467 octets] - [16/06/2013 20:06:14]AdwCleaner[R2].txt - [4527 octets] - [16/06/2013 20:06:57]AdwCleaner[s1].txt - [1840 octets] - [17/06/2013 10:21:40]########## EOF - C:\AdwCleaner[s1].txt - [1900 octets] ##########Everything is running pretty well; no observable difficulties. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted June 17, 2013 ID:692257 Share Posted June 17, 2013 Things look good. Judging by your last few logs, I'd say your system is clean. Before we move on, please take the time to install the following updates. Program updates are a critical part of your computer's safety net, as outdated applications leave you vulnerable to malware.---------Upgrade Java : (64 bits)Download the latest version of Java SE Runtime Environment (JRE) JRE 7 Update 3 .Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.Check the box that says: "Accept License Agreement.".Click on the link to download Windows Offline Installation 64 bit ( jre-7u3-windows-x64.exe) and save it to your desktop. Do NOT use the Sun Download Manager..Close any programs you may have running - especially your web browser.Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.Check any item with Java Runtime Environment (JRE or J2SE) in the name.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java version.Reboot your computer once all Java components are removed.Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u3-windows-x64.exe and select "Run as an Administrator.")---------Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:Download the latest version of Adobe Reader and save it to your desktop.Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offeredClick the download button at the bottom.If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your ComputerThen from your desktop double-click on Adobe Reader to install the newest version.If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.When the "Adobe Setup - Welcome" window opens, click the Install > button.If offered to install a Toolbar, just uncheck the box before continuing unless you want it.---------Please let me know how the updates went, as failed updates may be dule to malware. Link to post Share on other sites More sharing options...
CobaltArrow Posted June 17, 2013 Author ID:692334 Share Posted June 17, 2013 Both updates installed successfully.I haven't had any problems so far! Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted June 17, 2013 ID:692336 Share Posted June 17, 2013 Glad to hear the updates went successfully!Unless there are any other issues, I will now provide you with some steps to better protect your computer.First, however we need to remove ComboFix.The following will implement some cleanup procedures as well as reset System Restore points:Click Start > Run and copy/paste the following bolded text into the Run box and click OK:ComboFix /Uninstall -------------------Let's remove OTL and the other tools we used as well:Reopen on your desktop.Click on You will be prompted to reboot your system. Please do so.-------------------Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.-------------------It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.avast!.AntiVirAVGMicrosoft Security Essentials-------------------Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:Spybot-Search & DestroyA tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.SpywareBlasterA tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.SpywareGuardA tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.-------------------Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too. A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.These firewalls are good and do have free versions availableOutpost Firewall Free Online Armor FirewallA tutorial on understanding and using firewalls may be found here.-------------------Please keep your security programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time.-------------------Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:http://www.spywarewa...nti-spyware.htmA similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.-------------------Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.If you are interested, Firefox may be downloaded from hereOpera is available here: http://www.opera.com/download/-------------------For more useful information, please also read Tony Klein's excellent article: How did I get infected in the first placeHopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.-------------------I would grateful if you could reply to this post so that I know you have read it and, if you have no other questions, the thread can then be closed.I will leave the thread open for a few more days. If you need anything, just come back here and let me know. After that time you will have to send me a PM.---------------------------------------------------------My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against malware, then click here: Every little bit helps. -DFB Link to post Share on other sites More sharing options...
CobaltArrow Posted June 17, 2013 Author ID:692351 Share Posted June 17, 2013 I really appreciate you walking me through everything, and giving me great resources.I'll be sure to adhere to your advice.Thank you so much! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 17, 2013 Root Admin ID:692357 Share Posted June 17, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts