Jump to content

FBI Virus.. Help!


Recommended Posts

Hello,

I was just hit with the FBI Virus.

I searched this forum, and read some very helpful advice, but it seems each individual situation requires different instructions.

I started with the instructions given on this thread: http://forums.malwarebytes.org/index.php?showtopic=117917

I opened Safe Mode with Command Prompt (the other Safe Modes shut down immediately)

and ran the FarBar scan tool. I have the FRST.txt and Search.txt below in attachments, as well as another Addition.txt that was given to me after FRST.txt.

FRST.txtAddition.txtSearch.txt

If someone could help me with what to do next, that would be absolutely wonderful.

Thank you.

Link to post
Share on other sites

Hello CobaltArrow and welcome to Malwarebytes!

I'm D-FRED-BROWN and I'll be helping you. :)

On the clean computer,

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the flashdrive as fixlist.txt

HKCU\...\Winlogon: [shell] explorer.exe,C:\Users\Jenna\AppData\Roaming\skype.dat [156160 2012-07-16] () <==== ATTENTION

2013-06-16 02:12 - 2013-06-16 02:21 - 00000004 ____A C:\Users\Jenna\AppData\Roaming\skype.ini

2013-06-16 02:19 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-16 01:24 - 2012-07-25 03:31 - 00000694 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3569561272-1230230878-413452085-1001UA.job

C:\Users\Jenna\AppData\Roaming\skype.dat

C:\Users\Jenna\AppData\Roaming\skype.ini

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options on the infected computer.

Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply. Afterwards, are you able to boot into Normal Mode now?

Let me know how things go. If you at any point have trouble using FRST, please stop and post back here to let me know.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

Link to post
Share on other sites

DFB,

thank you so much for your reply.

I was able to log into Normal Mode, and connected to the Internet successfully.

I have my Fixlog.txt below:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-06-2013

Ran by SYSTEM at 2013-06-16 11:30:49 Run:1

Running from H:\

Boot Mode: Recovery

==============================================

Error: The HKCU\...\Winlogon: [shell] explorer.exe,C:\Users\Jenna\AppData\Roaming\skype.dat [156160 2012-07-16] () <==== ATTENTION entry should be fixed outside recovery mode.

C:\Users\Jenna\AppData\Roaming\skype.ini => Moved successfully.

C:\Windows\Tasks\SA.DAT => Moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3569561272-1230230878-413452085-1001UA.job => Moved successfully.

C:\Users\Jenna\AppData\Roaming\skype.dat => Moved successfully.

C:\Users\Jenna\AppData\Roaming\skype.ini => File/Directory not found.

==== End of Fixlog ====

What can I do to further ensure the virus has been removed?

Also, are there certain programs that you recommend I delete?

Thank you so much for your help, again.

-CobaltArrow

Link to post
Share on other sites

Let's start getting rid of the rest of it:

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------

In your next reply, please include the following:

  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)

Link to post
Share on other sites

DFB,

Here are my results.

<Step 1>

The TDSSKiller scan found nothing.

Here is a text document for TDSSKiller:

TDSSKiller.2.8.18.0_16.06.2013_14.01.09_log.txt

<Step 2>

I ran the MalwareBytes Anti-Rootkit twice.

This is the log from the first scan:

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org

Database version: v2013.05.07.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16614

Jenna :: JENNASPRECIOUS [administrator]

2013-06-16 오후 2:05:25

mbar-log-2013-06-16 (14-05-25).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: Deep Anti-Rootkit Scan | PUP

Objects scanned: 284161

Time elapsed: 11 minute(s),

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|shell (Trojan.Agent.RNS) -> Data: explorer.exe,C:\Users\Jenna\AppData\Roaming\skype.dat -> Delete on reboot.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

c:\Users\Jenna\Downloads\video_codec.exe (Adware.Bundler) -> Delete on reboot.

c:\a.txt (Worm.Traces) -> Delete on reboot.

Physical Sectors Detected: 0

(No malicious items detected)

(end)

And this is the log from the second scan:

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org

Database version: v2013.05.07.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16618

Jenna :: JENNASPRECIOUS [administrator]

2013-06-16 오후 2:28:39

mbar-log-2013-06-16 (14-28-39).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: Deep Anti-Rootkit Scan | PUP

Objects scanned: 284186

Time elapsed: 10 minute(s), 41 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

This is the system-log.txt:

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16614

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED

CPU speed: 2.294000 GHz

Memory total: 8484352000, free: 4609052672

Initializing...

------------ Kernel report ------------

06/16/2013 14:05:22

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\compbatt.sys

\SystemRoot\system32\drivers\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\iaStor.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\wd.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\system32\DRIVERS\nvpciflt.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\system32\drivers\iusb3hcs.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\system32\drivers\hpdskflt.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\dtsoftbus01.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\drivers\EstRtw.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\drivers\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\system32\drivers\iusb3xhc.sys

\SystemRoot\system32\drivers\USBD.SYS

\SystemRoot\system32\drivers\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\Netwsw00.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\drivers\CmBatt.sys

\SystemRoot\system32\drivers\i8042prt.sys

\SystemRoot\system32\drivers\kbdclass.sys

\SystemRoot\system32\drivers\SynTP.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\drivers\Smb_driver.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\drivers\intelppm.sys

\SystemRoot\system32\DRIVERS\Accelerometer.sys

\SystemRoot\system32\DRIVERS\AMPPAL.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\clwvd.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\iwdbus.sys

\SystemRoot\system32\drivers\hswpan.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\drivers\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\iusb3hub.sys

\SystemRoot\system32\DRIVERS\stwrt64.sys

\SystemRoot\system32\DRIVERS\portcls.sys

\SystemRoot\system32\DRIVERS\drmk.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\Sftvollh.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\WinUSB.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\??\C:\Windows\system32\Drivers\rikvm_38F51D56.sys

\??\C:\Windows\system32\drivers\iPodDrv.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\system32\DRIVERS\Sftfslh.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\DRIVERS\Sftplaylh.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\system32\DRIVERS\Sftredirlh.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\iBtFltCoex.sys

\SystemRoot\system32\DRIVERS\btmhsf.sys

\SystemRoot\System32\Drivers\BTHUSB.sys

\SystemRoot\System32\Drivers\bthport.sys

\SystemRoot\system32\DRIVERS\rfcomm.sys

\SystemRoot\system32\drivers\BthEnum.sys

\SystemRoot\system32\DRIVERS\bthpan.sys

\SystemRoot\system32\DRIVERS\btmaux.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8007332790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa8009637050

Lower Device Driver Name: \Driver\iaStor\

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8007332790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8008329b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007332790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8008328b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\

DevicePointer: 0xfffffa8009637050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 84CA151B

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 407552

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 409600 Numsec = 1418659840

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 1419069440 Numsec = 45867008

Partition 3 type is Other (0xc)

Partition is NOT ACTIVE.

Partition starts at LBA: 1464936448 Numsec = 208896

Disk Size: 750156374016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...

Done!

Infected: c:\Users\Jenna\Downloads\video_codec.exe --> [Adware.Bundler]

Infected: c:\a.txt --> [Worm.Traces]

Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|shell --> [Trojan.Agent.RNS]

Scan finished

Creating System Restore point...

Cleaning up...

Removal scheduling successful. System shutdown needed.

System shutdown occurred

=======================================

Removal queue found; removal started

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removal finished

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16618

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED

CPU speed: 2.294000 GHz

Memory total: 8484352000, free: 5488144384

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16618

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED

CPU speed: 2.294000 GHz

Memory total: 8484352000, free: 5491601408

Initializing...

------------ Kernel report ------------

06/16/2013 14:28:36

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\compbatt.sys

\SystemRoot\system32\drivers\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\iaStor.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\wd.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\system32\DRIVERS\nvpciflt.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\system32\drivers\iusb3hcs.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\system32\drivers\hpdskflt.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\dtsoftbus01.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\drivers\EstRtw.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\drivers\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\system32\drivers\iusb3xhc.sys

\SystemRoot\system32\drivers\USBD.SYS

\SystemRoot\system32\drivers\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\Netwsw00.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\drivers\CmBatt.sys

\SystemRoot\system32\drivers\i8042prt.sys

\SystemRoot\system32\drivers\kbdclass.sys

\SystemRoot\system32\drivers\SynTP.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\drivers\Smb_driver.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\drivers\intelppm.sys

\SystemRoot\system32\DRIVERS\Accelerometer.sys

\SystemRoot\system32\DRIVERS\AMPPAL.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\clwvd.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\iwdbus.sys

\SystemRoot\system32\drivers\hswpan.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\drivers\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\iusb3hub.sys

\SystemRoot\system32\DRIVERS\stwrt64.sys

\SystemRoot\system32\DRIVERS\portcls.sys

\SystemRoot\system32\DRIVERS\drmk.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\iBtFltCoex.sys

\SystemRoot\system32\DRIVERS\btmhsf.sys

\SystemRoot\System32\Drivers\BTHUSB.sys

\SystemRoot\System32\Drivers\bthport.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\rfcomm.sys

\SystemRoot\system32\drivers\BthEnum.sys

\SystemRoot\system32\DRIVERS\bthpan.sys

\SystemRoot\system32\DRIVERS\btmaux.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\Sftvollh.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\WinUSB.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\??\C:\Windows\system32\Drivers\rikvm_38F51D56.sys

\??\C:\Windows\system32\drivers\iPodDrv.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\system32\DRIVERS\Sftfslh.sys

\SystemRoot\system32\DRIVERS\Sftplaylh.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\Sftredirlh.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa80083d8790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa80083dc050

Lower Device Driver Name: \Driver\iaStor\

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa80083d8790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800830bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80083d8790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800830ab10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\

DevicePointer: 0xfffffa80083dc050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 84CA151B

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 407552

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 409600 Numsec = 1418659840

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 1419069440 Numsec = 45867008

Partition 3 type is Other (0xc)

Partition is NOT ACTIVE.

Partition starts at LBA: 1464936448 Numsec = 208896

Disk Size: 750156374016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...

Done!

Scan finished

=======================================

Removal queue found; removal started

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removal finished

<Step 3>

I ran ComboFix.

Here is the ComboFix.txt:

ComboFix 13-06-15.01 - Jenna 2013-06-16 14:47:27.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8091.6121 [GMT -4:00]

Running from: c:\users\Jenna\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - Windows: deleted 12 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Roaming

c:\users\Jenna\AppData\Local\Temp\_MEI52922\_ctypes.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI52922\_elementtree.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI52922\_hashlib.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI52922\_multiprocessing.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI52922\_socket.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI52922\_ssl.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI52922\pyexpat.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI52922\pysqlite2._sqlite.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI52922\python27.dll

c:\users\Jenna\AppData\Local\Temp\_MEI52922\pythoncom27.dll

c:\users\Jenna\AppData\Local\Temp\_MEI52922\PyWinTypes27.dll

c:\users\Jenna\AppData\Local\Temp\_MEI52922\select.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI52922\unicodedata.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI52922\win32api.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI52922\win32com.shell.shell.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI52922\win32crypt.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI52922\win32event.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI52922\win32file.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI52922\win32inet.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI52922\win32pdh.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI52922\win32process.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI52922\win32profile.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI52922\win32security.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI52922\win32ts.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI52922\windows._cacheinvalidation.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI52922\wx._controls_.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI52922\wx._core_.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI52922\wx._gdi_.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI52922\wx._html2.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI52922\wx._misc_.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI52922\wx._windows_.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI52922\wx._wizard.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI52922\wxbase294u_net_vc90.dll

c:\users\Jenna\AppData\Local\Temp\_MEI52922\wxbase294u_vc90.dll

c:\users\Jenna\AppData\Local\Temp\_MEI52922\wxmsw294u_adv_vc90.dll

c:\users\Jenna\AppData\Local\Temp\_MEI52922\wxmsw294u_core_vc90.dll

c:\users\Jenna\AppData\Local\Temp\_MEI52922\wxmsw294u_html_vc90.dll

c:\users\Jenna\AppData\Local\Temp\_MEI52922\wxmsw294u_webview_vc90.dll

c:\users\Jenna\Documents\~WRL3592.tmp

.

.

((((((((((((((((((((((((( Files Created from 2013-05-16 to 2013-06-16 )))))))))))))))))))))))))))))))

.

.

2013-06-16 18:05 . 2013-06-16 18:05 -------- d-----w- c:\programdata\Malwarebytes

2013-06-16 06:50 . 2013-06-16 06:50 -------- d-----w- C:\FRST

2013-06-16 05:16 . 2013-06-16 05:19 -------- d-----w- c:\users\Jenna\AppData\Local\Turbine

2013-06-16 05:16 . 2013-06-16 05:18 -------- d-----w- c:\users\Jenna\AppData\Local\ApplicationHistory

2013-06-16 05:14 . 2013-06-16 05:14 -------- d-----w- c:\windows\SysWow64\URTTEMP

2013-06-16 05:11 . 2013-06-16 05:11 -------- d-----w- c:\programdata\Turbine

2013-06-16 05:10 . 2013-06-16 05:18 -------- d-----w- c:\programdata\HappyCloud

2013-06-15 04:46 . 2013-06-15 04:46 -------- d-----w- c:\programdata\TamoSoft

2013-06-15 04:46 . 2013-06-15 04:46 -------- d-----w- c:\program files (x86)\CommViewWiFi

2013-06-14 22:31 . 2013-06-14 22:31 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2013-06-14 22:31 . 2013-06-14 22:41 -------- d-----w- c:\users\Jenna\AppData\Roaming\DAEMON Tools Lite

2013-06-14 22:31 . 2013-06-14 22:31 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite

2013-06-14 21:40 . 2013-06-14 21:42 -------- d-----w- c:\programdata\DAEMON Tools Lite

2013-06-14 18:39 . 2013-06-14 18:39 -------- d-----w- c:\program files\7-Zip

2013-06-14 15:39 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E17760D9-41BB-4ED1-9B79-9B18D379002F}\mpengine.dll

2013-06-12 15:13 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-06-10 19:47 . 2013-06-10 19:47 -------- d-----w- c:\users\Jenna\I love David Tennant

2013-06-10 19:44 . 2013-06-10 19:44 -------- d-----w- c:\users\Jenna\Teeny

2013-06-10 19:43 . 2013-06-10 19:43 -------- d-----w- c:\users\Jenna\animal

2013-06-10 19:31 . 2013-06-16 17:10 -------- d-----w- c:\users\Jenna\temp

2013-06-10 02:40 . 2013-06-10 02:40 -------- d-----w- c:\users\Jenna\AppData\Local\ISolo

2013-06-10 02:40 . 2013-06-10 02:40 -------- d-----w- c:\programdata\ISolo

2013-06-10 02:40 . 2013-06-10 02:40 -------- d-----w- c:\program files (x86)\Lingual Media Player

2013-06-04 05:02 . 2013-06-04 05:02 -------- d-----w- c:\program files\Motorola Inc

2013-05-24 00:15 . 2013-05-24 00:15 -------- d-----w- c:\users\Jenna\AppData\Roaming\NVIDIA

2013-05-20 03:07 . 2013-05-20 03:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2013-05-20 03:07 . 2013-05-20 03:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2013-05-20 03:07 . 2013-05-20 03:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2013-05-20 03:07 . 2013-05-20 03:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2013-05-20 03:07 . 2013-05-20 03:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2013-05-20 03:07 . 2013-05-20 03:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2013-05-20 03:07 . 2013-05-20 03:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2013-05-20 03:06 . 2013-05-20 03:07 -------- d-----w- c:\program files (x86)\QuickTime

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-31 05:26 . 2012-07-25 22:44 262936 ----a-w- c:\windows\system32\drivers\EstRtw.sys

2013-05-13 02:41 . 2011-03-29 02:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-09 22:57 . 2012-12-25 08:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2013-05-02 06:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-05-01 14:32 . 2013-05-01 14:32 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-05-01 14:32 . 2013-05-01 14:32 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-05-01 14:32 . 2013-05-01 14:32 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-05-01 14:32 . 2013-05-01 14:32 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-05-01 14:32 . 2013-05-01 14:32 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-05-01 14:32 . 2013-05-01 14:32 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-05-01 14:32 . 2013-05-01 14:32 81408 ----a-w- c:\windows\system32\icardie.dll

2013-05-01 14:32 . 2013-05-01 14:32 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-05-01 14:32 . 2013-05-01 14:32 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-05-01 14:32 . 2013-05-01 14:32 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-05-01 14:32 . 2013-05-01 14:32 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-05-01 14:32 . 2013-05-01 14:32 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-05-01 14:32 . 2013-05-01 14:32 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-05-01 14:32 . 2013-05-01 14:32 441856 ----a-w- c:\windows\system32\html.iec

2013-05-01 14:32 . 2013-05-01 14:32 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-05-01 14:32 . 2013-05-01 14:32 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-05-01 14:32 . 2013-05-01 14:32 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-05-01 14:32 . 2013-05-01 14:32 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-05-01 14:32 . 2013-05-01 14:32 235008 ----a-w- c:\windows\system32\url.dll

2013-05-01 14:32 . 2013-05-01 14:32 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-05-01 14:32 . 2013-05-01 14:32 216064 ----a-w- c:\windows\system32\msls31.dll

2013-05-01 14:32 . 2013-05-01 14:32 197120 ----a-w- c:\windows\system32\msrating.dll

2013-05-01 14:32 . 2013-05-01 14:32 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-05-01 14:32 . 2013-05-01 14:32 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-05-01 14:32 . 2013-05-01 14:32 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-05-01 14:32 . 2013-05-01 14:32 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-05-01 14:32 . 2013-05-01 14:32 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-05-01 14:32 . 2013-05-01 14:32 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-05-01 14:32 . 2013-05-01 14:32 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-05-01 14:32 . 2013-05-01 14:32 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-05-01 14:32 . 2013-05-01 14:32 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-05-01 14:32 . 2013-05-01 14:32 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-05-01 14:32 . 2013-05-01 14:32 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-05-01 14:32 . 2013-05-01 14:32 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-05-01 14:32 . 2013-05-01 14:32 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-05-01 14:32 . 2013-05-01 14:32 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-05-01 14:32 . 2013-05-01 14:32 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-05-01 14:32 . 2013-05-01 14:32 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-05-01 14:32 . 2013-05-01 14:32 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-05-01 14:32 . 2013-05-01 14:32 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-05-01 14:32 . 2013-05-01 14:32 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-05-01 14:32 . 2013-05-01 14:32 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-05-01 14:32 . 2013-05-01 14:32 149504 ----a-w- c:\windows\system32\occache.dll

2013-05-01 14:32 . 2013-05-01 14:32 144896 ----a-w- c:\windows\system32\wextract.exe

2013-05-01 14:32 . 2013-05-01 14:32 13824 ----a-w- c:\windows\system32\mshta.exe

2013-05-01 14:32 . 2013-05-01 14:32 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-05-01 14:32 . 2013-05-01 14:32 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-05-01 14:32 . 2013-05-01 14:32 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-05-01 14:32 . 2013-05-01 14:32 102912 ----a-w- c:\windows\system32\inseng.dll

2013-04-13 05:49 . 2013-05-15 17:39 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-15 17:39 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-15 17:39 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-15 17:39 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-15 17:39 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 17:39 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-23 20:04 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-10 05:24 . 2013-05-15 17:39 983912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-04-10 05:24 . 2013-05-15 17:39 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-04-10 03:30 . 2013-05-15 17:39 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-03-19 06:04 . 2013-04-10 14:33 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:53 . 2013-05-15 17:39 48640 ----a-w- c:\windows\system32\wwanprotdim.dll

2013-03-19 05:53 . 2013-05-15 17:39 230400 ----a-w- c:\windows\system32\wwansvc.dll

2013-03-19 05:46 . 2013-04-10 14:33 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-10 14:33 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-10 14:33 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-10 14:33 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-10 14:33 112640 ----a-w- c:\windows\system32\smss.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Jenna\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Jenna\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Jenna\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]

"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-10-11 1979]

"Spotify Web Helper"="c:\users\Jenna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-12 1105408]

"HLBackupScheduler"="c:\program files\Backup Assistant Plus\V CAST Backup Scheduler.exe" [2012-08-20 7065224]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-04-08 4288048]

"Spotify"="c:\users\Jenna\AppData\Roaming\Spotify\spotify.exe" [2013-05-12 4573184]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2011-12-05 291096]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]

"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]

"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-07-27 75048]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-10-11 1979]

.

c:\users\Jenna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Jenna\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-3-12 29106336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0bootalyac.exe\0

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ALYac_UpdSrv]

@="Service"

.

R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]

R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]

R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/07/26 20:49;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]

R3 EstRtwIFDrvTemp;EstRtwIFDrvTemp;c:\program files\estsoft\alyac\plugin\realtime\EstRtw.sys;c:\program files\estsoft\alyac\plugin\realtime\EstRtw.sys [x]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]

R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S1 EstRtwIFDrv;EstRtwIFDrv;c:\windows\system32\drivers\EstRtw.sys;c:\windows\SYSNATIVE\drivers\EstRtw.sys [x]

S2 ALYac_RTSrv;ALYac RealTime Service;c:\program files\ESTsoft\ALYac\AYRTSrv.aye;c:\program files\ESTsoft\ALYac\AYRTSrv.aye [x]

S2 ALYac_UpdSrv;ALYac Update Service;c:\program files\ESTsoft\ALYac\AYUpdSrv.aye;c:\program files\ESTsoft\ALYac\AYUpdSrv.aye [x]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]

S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe [x]

S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [x]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]

S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys;c:\windows\SYSNATIVE\drivers\iPodDrv.sys [x]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]

S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]

S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]

S3 hswpan;WPAN Driver;c:\windows\system32\drivers\hswpan.sys;c:\windows\SYSNATIVE\drivers\hswpan.sys [x]

S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

S3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver.sys;c:\windows\SYSNATIVE\drivers\Smb_driver.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - CLKMDRV10_38F51D56

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-06 21:11]

.

2013-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-06 21:11]

.

2013-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3569561272-1230230878-413452085-1001Core.job

- c:\users\Jenna\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-25 07:31]

.

2013-06-13 c:\windows\Tasks\HPCeeScheduleForJenna.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]

.

2013-06-08 c:\windows\Tasks\HPCeeScheduleForJENNASPRECIOUS$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Jenna\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Jenna\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Jenna\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Jenna\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]

"ALYac"="c:\program files\ESTsoft\ALYac\AYLaunch.exe" [2013-05-28 274752]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-07-27 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-07-27 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-07-27 439064]

"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-03-15 178960]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-03-27 11407120]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-09-11 1425408]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.naver.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;192.168.*.*

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: fishbattle.net\www

TCP: DhcpNameServer = 192.168.1.1

DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

c:\users\Jenna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3520 series.lnk - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ALYac_RTSrv]

"ImagePath"="\"c:\program files\ESTsoft\ALYac\AYRTSrv.aye\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ALYac_UpdSrv]

"ImagePath"="\"c:\program files\ESTsoft\ALYac\AYUpdSrv.aye\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

c:\program files (x86)\HP SimplePass\IEWebSiteLogon.exe

c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe

.

**************************************************************************

.

Completion time: 2013-06-16 14:56:12 - machine was rebooted

ComboFix-quarantined-files.txt 2013-06-16 18:56

.

Pre-Run: 50,510,168,064 bytes free

Post-Run: 50,366,377,984 bytes free

.

- - End Of File - - 457880FEAB2D61821999693ED134AB18

D41D8CD98F00B204E9800998ECF8427E

<Step 4>

Here are the contents of checkup.txt:

Results of screen317's Security Check version 0.99.64

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 10

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

??

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

JavaFX 2.0.3

Java 7 Update 9

Java version out of Date!

Adobe Reader 10.1.0 Adobe Reader out of Date!

Google Chrome 27.0.1453.110

Google Chrome 27.0.1453.94

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2%

````````````````````End of Log``````````````````````

My computer seems to be running fine! I did have to reboot after running ComboFix, but otherwise everything is in top shape.

I was wondering, is there any way to know where the virus originated from? I'd like to prevent this from happening again, so I'd like to know if it was from a site I visit regularly, or a program I thought was safe.

Thanks again!

-CobaltArrow

Link to post
Share on other sites

I was wondering, is there any way to know where the virus originated from? I'd like to prevent this from happening again, so I'd like to know if it was from a site I visit regularly, or a program I thought was safe.

It's tough to say as malware can come from many different sources. As we wrap things up, I'll provide you with some suggestions for security software ;).

----------------

We still have some more cleanup to do:

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Driver::

CLKMDRV10_38F51D56

File::

C:\Windows\System32\Drivers\CLKMDRV10_38F51D56.sys

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now

Link to post
Share on other sites

DFB,

Here is ComboFix.txt:

ComboFix 13-06-15.01 - Jenna 2013-06-16 18:16:32.2.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8091.5735 [GMT -4:00]

Running from: c:\users\Jenna\Desktop\ComboFix.exe

Command switches used :: c:\users\Jenna\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\System32\Drivers\CLKMDRV10_38F51D56.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\nautoup.log

c:\users\Jenna\AppData\Local\Temp\_MEI38282\_ctypes.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI38282\_elementtree.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI38282\_hashlib.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI38282\_multiprocessing.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI38282\_socket.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI38282\_ssl.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI38282\pyexpat.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI38282\pysqlite2._sqlite.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI38282\python27.dll

c:\users\Jenna\AppData\Local\Temp\_MEI38282\pythoncom27.dll

c:\users\Jenna\AppData\Local\Temp\_MEI38282\PyWinTypes27.dll

c:\users\Jenna\AppData\Local\Temp\_MEI38282\select.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI38282\unicodedata.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI38282\win32api.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI38282\win32com.shell.shell.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI38282\win32crypt.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI38282\win32event.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI38282\win32file.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI38282\win32inet.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI38282\win32pdh.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI38282\win32process.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI38282\win32profile.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI38282\win32security.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI38282\win32ts.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI38282\windows._cacheinvalidation.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI38282\wx._controls_.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI38282\wx._core_.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI38282\wx._gdi_.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI38282\wx._html2.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI38282\wx._misc_.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI38282\wx._windows_.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI38282\wx._wizard.pyd

c:\users\Jenna\AppData\Local\Temp\_MEI38282\wxbase294u_net_vc90.dll

c:\users\Jenna\AppData\Local\Temp\_MEI38282\wxbase294u_vc90.dll

c:\users\Jenna\AppData\Local\Temp\_MEI38282\wxmsw294u_adv_vc90.dll

c:\users\Jenna\AppData\Local\Temp\_MEI38282\wxmsw294u_core_vc90.dll

c:\users\Jenna\AppData\Local\Temp\_MEI38282\wxmsw294u_html_vc90.dll

c:\users\Jenna\AppData\Local\Temp\_MEI38282\wxmsw294u_webview_vc90.dll

c:\windows\wininit.ini

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_CLKMDRV10_38F51D56

.

.

((((((((((((((((((((((((( Files Created from 2013-05-16 to 2013-06-16 )))))))))))))))))))))))))))))))

.

.

2013-06-16 22:25 . 2013-06-16 22:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-06-16 18:05 . 2013-06-16 18:05 -------- d-----w- c:\programdata\Malwarebytes

2013-06-16 06:50 . 2013-06-16 06:50 -------- d-----w- C:\FRST

2013-06-16 05:16 . 2013-06-16 05:19 -------- d-----w- c:\users\Jenna\AppData\Local\Turbine

2013-06-16 05:16 . 2013-06-16 05:18 -------- d-----w- c:\users\Jenna\AppData\Local\ApplicationHistory

2013-06-16 05:14 . 2013-06-16 05:14 -------- d-----w- c:\windows\SysWow64\URTTEMP

2013-06-16 05:11 . 2013-06-16 05:11 -------- d-----w- c:\programdata\Turbine

2013-06-16 05:10 . 2013-06-16 05:18 -------- d-----w- c:\programdata\HappyCloud

2013-06-15 04:46 . 2013-06-15 04:46 -------- d-----w- c:\programdata\TamoSoft

2013-06-15 04:46 . 2013-06-15 04:46 -------- d-----w- c:\program files (x86)\CommViewWiFi

2013-06-14 22:31 . 2013-06-14 22:31 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2013-06-14 22:31 . 2013-06-14 22:41 -------- d-----w- c:\users\Jenna\AppData\Roaming\DAEMON Tools Lite

2013-06-14 22:31 . 2013-06-14 22:31 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite

2013-06-14 21:40 . 2013-06-14 21:42 -------- d-----w- c:\programdata\DAEMON Tools Lite

2013-06-14 18:39 . 2013-06-14 18:39 -------- d-----w- c:\program files\7-Zip

2013-06-14 15:39 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E17760D9-41BB-4ED1-9B79-9B18D379002F}\mpengine.dll

2013-06-12 15:13 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-06-10 19:47 . 2013-06-10 19:47 -------- d-----w- c:\users\Jenna\I love David Tennant

2013-06-10 19:44 . 2013-06-10 19:44 -------- d-----w- c:\users\Jenna\Teeny

2013-06-10 19:43 . 2013-06-10 19:43 -------- d-----w- c:\users\Jenna\animal

2013-06-10 19:31 . 2013-06-16 17:10 -------- d-----w- c:\users\Jenna\temp

2013-06-10 02:40 . 2013-06-10 02:40 -------- d-----w- c:\users\Jenna\AppData\Local\ISolo

2013-06-10 02:40 . 2013-06-10 02:40 -------- d-----w- c:\programdata\ISolo

2013-06-10 02:40 . 2013-06-10 02:40 -------- d-----w- c:\program files (x86)\Lingual Media Player

2013-06-04 05:02 . 2013-06-04 05:02 -------- d-----w- c:\program files\Motorola Inc

2013-05-24 00:15 . 2013-05-24 00:15 -------- d-----w- c:\users\Jenna\AppData\Roaming\NVIDIA

2013-05-20 03:07 . 2013-05-20 03:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2013-05-20 03:07 . 2013-05-20 03:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2013-05-20 03:07 . 2013-05-20 03:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2013-05-20 03:07 . 2013-05-20 03:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2013-05-20 03:07 . 2013-05-20 03:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2013-05-20 03:07 . 2013-05-20 03:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2013-05-20 03:07 . 2013-05-20 03:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2013-05-20 03:06 . 2013-05-20 03:07 -------- d-----w- c:\program files (x86)\QuickTime

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-31 05:26 . 2012-07-25 22:44 262936 ----a-w- c:\windows\system32\drivers\EstRtw.sys

2013-05-13 02:41 . 2011-03-29 02:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-09 22:57 . 2012-12-25 08:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2013-05-02 06:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-05-01 14:32 . 2013-05-01 14:32 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-05-01 14:32 . 2013-05-01 14:32 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-05-01 14:32 . 2013-05-01 14:32 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-05-01 14:32 . 2013-05-01 14:32 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-05-01 14:32 . 2013-05-01 14:32 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-05-01 14:32 . 2013-05-01 14:32 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-05-01 14:32 . 2013-05-01 14:32 81408 ----a-w- c:\windows\system32\icardie.dll

2013-05-01 14:32 . 2013-05-01 14:32 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-05-01 14:32 . 2013-05-01 14:32 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-05-01 14:32 . 2013-05-01 14:32 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-05-01 14:32 . 2013-05-01 14:32 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-05-01 14:32 . 2013-05-01 14:32 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-05-01 14:32 . 2013-05-01 14:32 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-05-01 14:32 . 2013-05-01 14:32 441856 ----a-w- c:\windows\system32\html.iec

2013-05-01 14:32 . 2013-05-01 14:32 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-05-01 14:32 . 2013-05-01 14:32 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-05-01 14:32 . 2013-05-01 14:32 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-05-01 14:32 . 2013-05-01 14:32 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-05-01 14:32 . 2013-05-01 14:32 235008 ----a-w- c:\windows\system32\url.dll

2013-05-01 14:32 . 2013-05-01 14:32 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-05-01 14:32 . 2013-05-01 14:32 216064 ----a-w- c:\windows\system32\msls31.dll

2013-05-01 14:32 . 2013-05-01 14:32 197120 ----a-w- c:\windows\system32\msrating.dll

2013-05-01 14:32 . 2013-05-01 14:32 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-05-01 14:32 . 2013-05-01 14:32 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-05-01 14:32 . 2013-05-01 14:32 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-05-01 14:32 . 2013-05-01 14:32 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-05-01 14:32 . 2013-05-01 14:32 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-05-01 14:32 . 2013-05-01 14:32 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-05-01 14:32 . 2013-05-01 14:32 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-05-01 14:32 . 2013-05-01 14:32 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-05-01 14:32 . 2013-05-01 14:32 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-05-01 14:32 . 2013-05-01 14:32 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-05-01 14:32 . 2013-05-01 14:32 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-05-01 14:32 . 2013-05-01 14:32 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-05-01 14:32 . 2013-05-01 14:32 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-05-01 14:32 . 2013-05-01 14:32 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-05-01 14:32 . 2013-05-01 14:32 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-05-01 14:32 . 2013-05-01 14:32 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-05-01 14:32 . 2013-05-01 14:32 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-05-01 14:32 . 2013-05-01 14:32 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-05-01 14:32 . 2013-05-01 14:32 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-05-01 14:32 . 2013-05-01 14:32 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-05-01 14:32 . 2013-05-01 14:32 149504 ----a-w- c:\windows\system32\occache.dll

2013-05-01 14:32 . 2013-05-01 14:32 144896 ----a-w- c:\windows\system32\wextract.exe

2013-05-01 14:32 . 2013-05-01 14:32 13824 ----a-w- c:\windows\system32\mshta.exe

2013-05-01 14:32 . 2013-05-01 14:32 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-05-01 14:32 . 2013-05-01 14:32 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-05-01 14:32 . 2013-05-01 14:32 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-05-01 14:32 . 2013-05-01 14:32 102912 ----a-w- c:\windows\system32\inseng.dll

2013-04-13 05:49 . 2013-05-15 17:39 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-15 17:39 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-15 17:39 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-15 17:39 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-15 17:39 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 17:39 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-23 20:04 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-10 05:24 . 2013-05-15 17:39 983912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-04-10 05:24 . 2013-05-15 17:39 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-04-10 03:30 . 2013-05-15 17:39 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-03-19 06:04 . 2013-04-10 14:33 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:53 . 2013-05-15 17:39 48640 ----a-w- c:\windows\system32\wwanprotdim.dll

2013-03-19 05:53 . 2013-05-15 17:39 230400 ----a-w- c:\windows\system32\wwansvc.dll

2013-03-19 05:46 . 2013-04-10 14:33 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-10 14:33 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-10 14:33 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-10 14:33 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-10 14:33 112640 ----a-w- c:\windows\system32\smss.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Jenna\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Jenna\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Jenna\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]

"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-10-11 1979]

"Spotify Web Helper"="c:\users\Jenna\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-12 1105408]

"HLBackupScheduler"="c:\program files\Backup Assistant Plus\V CAST Backup Scheduler.exe" [2012-08-20 7065224]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-04-08 4288048]

"Spotify"="c:\users\Jenna\AppData\Roaming\Spotify\spotify.exe" [2013-05-12 4573184]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2011-12-05 291096]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]

"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]

"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-07-27 75048]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-10-11 1979]

.

c:\users\Jenna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Jenna\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-3-12 29106336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0bootalyac.exe\0

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ALYac_UpdSrv]

@="Service"

.

R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]

R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]

R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/07/26 20:49;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]

R3 EstRtwIFDrvTemp;EstRtwIFDrvTemp;c:\program files\estsoft\alyac\plugin\realtime\EstRtw.sys;c:\program files\estsoft\alyac\plugin\realtime\EstRtw.sys [x]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]

R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S1 EstRtwIFDrv;EstRtwIFDrv;c:\windows\system32\drivers\EstRtw.sys;c:\windows\SYSNATIVE\drivers\EstRtw.sys [x]

S2 ALYac_RTSrv;ALYac RealTime Service;c:\program files\ESTsoft\ALYac\AYRTSrv.aye;c:\program files\ESTsoft\ALYac\AYRTSrv.aye [x]

S2 ALYac_UpdSrv;ALYac Update Service;c:\program files\ESTsoft\ALYac\AYUpdSrv.aye;c:\program files\ESTsoft\ALYac\AYUpdSrv.aye [x]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]

S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe [x]

S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [x]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]

S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys;c:\windows\SYSNATIVE\drivers\iPodDrv.sys [x]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]

S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]

S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]

S3 hswpan;WPAN Driver;c:\windows\system32\drivers\hswpan.sys;c:\windows\SYSNATIVE\drivers\hswpan.sys [x]

S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

S3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver.sys;c:\windows\SYSNATIVE\drivers\Smb_driver.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - CLKMDRV10_38F51D56

*Deregistered* - CLKMDRV10_38F51D56

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-06 21:11]

.

2013-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-06 21:11]

.

2013-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3569561272-1230230878-413452085-1001Core.job

- c:\users\Jenna\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-25 07:31]

.

2013-06-13 c:\windows\Tasks\HPCeeScheduleForJenna.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]

.

2013-06-08 c:\windows\Tasks\HPCeeScheduleForJENNASPRECIOUS$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Jenna\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Jenna\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Jenna\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Jenna\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]

"ALYac"="c:\program files\ESTsoft\ALYac\AYLaunch.exe" [2013-05-28 274752]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-07-27 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-07-27 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-07-27 439064]

"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-03-15 178960]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-03-27 11407120]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-09-11 1425408]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.naver.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;192.168.*.*

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: fishbattle.net\www

TCP: DhcpNameServer = 192.168.1.1

DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ALYac_RTSrv]

"ImagePath"="\"c:\program files\ESTsoft\ALYac\AYRTSrv.aye\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ALYac_UpdSrv]

"ImagePath"="\"c:\program files\ESTsoft\ALYac\AYUpdSrv.aye\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

c:\program files (x86)\HP SimplePass\IEWebSiteLogon.exe

c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe

.

**************************************************************************

.

Completion time: 2013-06-16 18:27:59 - machine was rebooted

ComboFix-quarantined-files.txt 2013-06-16 22:27

ComboFix2.txt 2013-06-16 18:56

.

Pre-Run: 50,383,257,600 bytes free

Post-Run: 49,855,545,344 bytes free

.

- - End Of File - - B6ADF76F2CC16ADC1C8A57E03970A1CC

D41D8CD98F00B204E9800998ECF8427E

Everything is still running smoothly. Is there anything else I need to do?

-CobaltArrow

Link to post
Share on other sites

Still not quite clean yet, but we're getting there.

----------Step 1----------------

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

----------Step 2----------------

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

----------Step 3----------------

We need to create a New FULL OTL Report

  • Please download OTL from here if you have not done so already:

    [*]Save it to your desktop.

    [*]Double click on the OTL icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Change the "Extra Registry" option to "SafeList"

    [*]Push the Run Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

----------Step 4 (note: this scan may take a little time)----------------

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    [*]Check esetAcceptTerms.png

    [*]Click the esetStart.png button.

    [*]Accept any security warnings from your browser.

    [*]Check esetScanArchives.png

    [*]Push the Start button.

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, push esetListThreats.png

    [*]Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    [*]Push the esetBack.png button.

    [*]Push esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

----------Step 5----------------

Please post the AdwCleaner logfile, the JRT.txt, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.

Link to post
Share on other sites

Here are the files you requested:

(1)AdwCleaner logfile:

# AdwCleaner v2.303 - Logfile created 06/16/2013 at 20:06:14

# Updated 08/06/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Jenna - JENNASPRECIOUS

# Boot Mode : Normal

# Running from : C:\Users\Jenna\Desktop\AdwCleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Users\Jenna\AppData\Local\funmoods.crx

Folder Found : C:\ProgramData\InstallMate

Folder Found : C:\ProgramData\Premium

Folder Found : C:\Users\Jenna\AppData\LocalLow\Download and Sa

Folder Found : C:\Users\Jenna\AppData\Roaming\OpenCandy

Folder Found : C:\Users\Jenna\AppData\Roaming\SendSpace

***** [Registry] *****

Key Found : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Found : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc

Key Found : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

Key Found : HKU\S-1-5-21-3569561272-1230230878-413452085-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKU\S-1-5-21-3569561272-1230230878-413452085-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Found : HKU\S-1-5-21-3569561272-1230230878-413452085-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKU\S-1-5-21-3569561272-1230230878-413452085-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Found : HKU\S-1-5-21-3569561272-1230230878-413452085-1001\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : HKU\S-1-5-21-3569561272-1230230878-413452085-1001\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.110

File : C:\Users\Jenna\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4358 octets] - [16/06/2013 20:06:14]

########## EOF - C:\AdwCleaner[R1].txt - [4418 octets] ##########

(2)JRT.txt:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 7 Home Premium x64

Ran by Jenna on 2013-06-16 at 20:10:07.67

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.funmoodsesrvc

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.funmoodsesrvc.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\esrv.exe

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\funmoodssetup_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\funmoodssetup_rasmancs

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C7C622C5-76D3-4E67-AE98-33C1249A0870}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E4FD6B3C-9880-46A5-B5D3-12252D97F608}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{C7C622C5-76D3-4E67-AE98-33C1249A0870}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

~~~ Files

Successfully deleted: [File] "C:\Users\Jenna\appdata\local\funmoods.crx"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\installmate"

Successfully deleted: [Folder] "C:\ProgramData\premium"

Successfully deleted: [Folder] "C:\Users\Jenna\AppData\Roaming\opencandy"

Successfully deleted: [Folder] "C:\Users\Jenna\appdata\locallow\download and sa"

Successfully deleted: [Empty Folder] C:\Users\Jenna\appdata\local\{18E99386-118D-41BB-A352-547C5D2F26C3}

Successfully deleted: [Empty Folder] C:\Users\Jenna\appdata\local\{2D79D2F3-EF12-4199-AAA1-9D23F856D0EC}

Successfully deleted: [Empty Folder] C:\Users\Jenna\appdata\local\{6C0C3410-6596-40A2-B283-72F029BCC583}

Successfully deleted: [Empty Folder] C:\Users\Jenna\appdata\local\{8F2C464C-73AC-4826-8A20-83C4DF0D8DFD}

Successfully deleted: [Empty Folder] C:\Users\Jenna\appdata\local\{A12ADDFE-8937-4767-A423-B863633BAF2C}

Successfully deleted: [Empty Folder] C:\Users\Jenna\appdata\local\{B6682A00-4AA4-47F2-9738-548B98F806BE}

Successfully deleted: [Empty Folder] C:\Users\Jenna\appdata\local\{C06F217F-8A58-4E3A-BBEC-67E518FD8FA4}

Successfully deleted: [Empty Folder] C:\Users\Jenna\appdata\local\{CC00552D-7DF8-4261-8B46-AC4A89508789}

Successfully deleted: [Empty Folder] C:\Users\Jenna\appdata\local\{CFA5E5FE-F9BF-482D-B348-8CE6D085F3A4}

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 2013-06-16 at 20:13:32.87

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

(3) OTL.txt:

OTL.Txt

(4) Extras.txt:

OTL Extras logfile created on: 2013-06-16 ¿ÀÈÄ 8:16:42 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jenna\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16614)

Locale: 00000412 | Country: Korea | Language: KOR | Date Format: yyyy-MM-dd

7.90 Gb Total Physical Memory | 3.29 Gb Available Physical Memory | 41.70% Memory free

15.80 Gb Paging File | 11.77 Gb Available in Paging File | 74.47% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 676.47 Gb Total Space | 44.11 Gb Free Space | 6.52% Space Free | Partition Type: NTFS

Drive D: | 21.87 Gb Total Space | 2.35 Gb Free Space | 10.73% Space Free | Partition Type: NTFS

Drive E: | 43.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JENNASPRECIOUS | User Name: Jenna | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{11F66ECF-8ED2-4126-B5C5-785D9F013620}" = lport=7000 | protocol=17 | dir=in | name=windows easy transfer udp port |

"{49DB290F-B2EF-4AEA-840A-8BEB41373DEF}" = lport=7000 | protocol=6 | dir=in | name=windows easy transfer tcp port |

"{72E8BFD6-162F-46B5-9A09-335AF358FE01}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{7CB90C2A-41B0-409A-95C7-474CB84E5B22}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{F262319D-6EED-4EF8-B07A-DA76218DC370}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01AB4771-28F3-43DC-AF29-0A746E151380}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{020DCCC2-BE9E-4A3A-B74B-4D8E870097FE}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{039EE011-6339-4F18-9E0C-7EAE3C7B6BA6}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{044BBC09-128D-4B20-B96B-66CC0E237340}" = protocol=6 | dir=in | app=c:\users\jenna\appdata\roaming\spotify\spotify.exe |

"{054273A1-4BF3-4499-A5EC-EBFF7DF40AA7}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |

"{09391AA1-A3A8-4B07-BC07-A17E19CD8128}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{0A2BF906-65A0-4486-966E-4C9623F57A03}" = protocol=6 | dir=in | app=c:\program files\estsoft\alyac\ayupdsrv.aye |

"{195AADCD-6631-42A9-9A63-2979FAF7B22C}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |

"{19D9B6E2-C0CF-4CF0-A4E7-16CF0B1C1CAA}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |

"{21C6171A-E575-4F7E-B258-6B51CC9F6C37}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |

"{2EB86B63-123D-4EF2-AE94-557C0D263DE4}" = protocol=6 | dir=out | app=c:\program files\estsoft\alyac\ayupdsrv.aye |

"{2F5697BC-F0B2-4137-8892-A50016C8F1FF}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{36FEF9F1-EDD1-4E81-8F8A-B7E17084F3C7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{3E9CFB17-505B-44B5-8077-EEE518A43133}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{43026BE5-E25A-459E-838B-6613CFE4AA55}" = dir=in | app=c:\program files (x86)\motorola media link\lite\mml.exe |

"{49158C53-CE7A-4BC7-BCDA-6B3FE48BC626}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |

"{49FE35D0-721A-4CF6-A3FD-555EF6C9ABA6}" = protocol=17 | dir=in | app=c:\users\jenna\appdata\roaming\spotify\spotify.exe |

"{4C366F0F-AF28-41B9-BC20-0169AEC9BBE3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{5BD29BF0-5BB7-4792-A0B8-75167D869A00}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{61F3CC31-333D-4CEC-B893-0568ECFF41F1}" = protocol=6 | dir=in | app=c:\programdata\turbine\ddo unlimited\turbinelauncher.exe |

"{6389954B-4C6D-4BFA-B9B2-880A599261D0}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\devicesetup.exe |

"{682A0A0E-EDB7-4057-B306-95ADC5F95203}" = protocol=6 | dir=in | app=c:\programdata\turbine\ddo unlimited\dndclient.exe |

"{6CCDF539-0A29-46A7-B964-96A016B1D925}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |

"{6D4DC974-82DE-4A76-BA59-9AC83A51A16F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{6EB946B9-6BF6-4A31-A674-4C763A2EF28A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{71CAEE67-B916-4A9D-B64D-F573A9340F31}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |

"{72073B48-288E-4290-BDF2-B560266B49A1}" = dir=out | app=c:\program files (x86)\motorola mobility\motocast\motocast.exe |

"{73FA05E1-24FD-44DC-BD3A-F530236F14F7}" = protocol=6 | dir=in | app=c:\users\jenna\appdata\roaming\dropbox\bin\dropbox.exe |

"{7AC406DA-D8DE-481E-B801-F146668D1550}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |

"{88853158-84DD-4D1C-8DD9-13A97751E4F1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |

"{89994881-9748-41EB-ACEC-0BA281026BB7}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |

"{8C905B52-D78B-4FC7-933F-9C9E6C031900}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |

"{8E197721-E2CC-47AA-9899-034388DE22D4}" = protocol=17 | dir=in | app=c:\programdata\turbine\ddo unlimited\turbinelauncher.exe |

"{9198A41C-B43A-4C5E-96DE-B14A01ED42A5}" = dir=out | app=c:\program files (x86)\motorola mobility\motocast\bin\motocast-thumbnailer.exe |

"{91B38960-96C0-4197-86EF-71BE1958373F}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{9481C72F-598E-48D0-983D-682E8CA2ADD3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{9CEEFA7B-10EE-4717-93AD-B8B01541B493}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

"{9D198F19-808B-4168-99A4-BCA65CE78401}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{A03913A4-CC76-4E9F-A293-1ECB18A01856}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe |

"{B2A1571F-5F74-44F0-AC70-94D10CC20017}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |

"{B2FF36E8-23C3-4759-9C69-8AEC1BB526EA}" = protocol=17 | dir=in | app=c:\programdata\turbine\ddo unlimited\dndclient.exe |

"{B8B382B4-E44C-4107-8EB6-9CB0978841FF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

"{C5B6E226-4BEB-469C-AEF7-095F4C7DAD02}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{CD3532CB-9D72-4115-A9A6-0FA7809B03A0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{D08363DE-6F0D-4317-B0FE-B357F1AAFA71}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{D3354786-05E6-47FB-9E7E-316E1A3696DC}" = dir=in | app=c:\program files (x86)\motorola mobility\motocast\bin\motocast-thumbnailer.exe |

"{D58D2D07-2D16-482F-BB97-FF076D0FE2A2}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |

"{DAB2C309-56B5-4EF1-A309-96CB7D68BCE3}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |

"{E2F6D605-1408-4AC0-B27D-C8C446D185A4}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{E377E9EB-B2F8-403B-86CA-4816BDB0E44E}" = dir=in | app=c:\program files (x86)\motorola mobility\motocast\motocast.exe |

"{E76AC1C4-26C7-457D-BA32-7851C1DFAD74}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{E9732CF3-E4AB-4A43-B5CE-3041D08EA7D5}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{E97B5908-E2C6-4E22-A7B9-A10E9DAB08C8}" = protocol=17 | dir=in | app=c:\users\jenna\appdata\roaming\dropbox\bin\dropbox.exe |

"{F1C4A0B1-16C3-46E6-9A59-810F84DB338E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{FCC7CC99-FE1D-496B-9E21-4C2A50E75072}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |

"TCP Query User{1BA7CE96-9EB1-456D-8D18-6076A65D72AF}C:\users\jenna\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jenna\appdata\roaming\dropbox\bin\dropbox.exe |

"TCP Query User{1C62F4B8-7F44-44E6-B92E-5180DA82B8A3}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

"TCP Query User{25905235-CD11-46C0-B090-61DBAB8983AA}C:\users\jenna\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\jenna\appdata\roaming\spotify\spotify.exe |

"TCP Query User{3B18E13E-E2BF-4BD4-9223-8D46C9B32805}C:\program files\backup assistant plus\v cast backup scheduler.exe" = protocol=6 | dir=in | app=c:\program files\backup assistant plus\v cast backup scheduler.exe |

"TCP Query User{50203353-1306-430D-9ECE-7CB56EF9576C}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

"TCP Query User{5ECB41D8-4A3F-4047-B87B-A2A6D17F20AF}C:\program files\backup assistant plus\verizon.exe" = protocol=6 | dir=in | app=c:\program files\backup assistant plus\verizon.exe |

"TCP Query User{60FFEF32-B861-4D53-8834-1C45C1144405}C:\program files\backup assistant plus\verizon.exe" = protocol=6 | dir=in | app=c:\program files\backup assistant plus\verizon.exe |

"TCP Query User{69BE1033-3C07-42E0-96CE-2E81BCD20E02}C:\program files\backup assistant plus\v cast backup scheduler.exe" = protocol=6 | dir=in | app=c:\program files\backup assistant plus\v cast backup scheduler.exe |

"UDP Query User{0B1B539C-1A15-485E-8A2D-11D8C7378C66}C:\program files\backup assistant plus\verizon.exe" = protocol=17 | dir=in | app=c:\program files\backup assistant plus\verizon.exe |

"UDP Query User{0D10D31D-8EFD-43EA-BAE0-1AEED9F8FBC6}C:\program files\backup assistant plus\verizon.exe" = protocol=17 | dir=in | app=c:\program files\backup assistant plus\verizon.exe |

"UDP Query User{12A85F42-39EA-40F7-B874-2A916675B48D}C:\users\jenna\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\jenna\appdata\roaming\spotify\spotify.exe |

"UDP Query User{4B907576-FCEE-4CFC-A8BC-E27FA5F1B1A4}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

"UDP Query User{5296F48E-DA3E-4F2E-9B0D-EB7D60622CF0}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

"UDP Query User{991F1250-FB29-485B-AF3E-759600B4F641}C:\program files\backup assistant plus\v cast backup scheduler.exe" = protocol=17 | dir=in | app=c:\program files\backup assistant plus\v cast backup scheduler.exe |

"UDP Query User{9D591FBF-7EAD-4FD6-8C8F-47420A386119}C:\program files\backup assistant plus\v cast backup scheduler.exe" = protocol=17 | dir=in | app=c:\program files\backup assistant plus\v cast backup scheduler.exe |

"UDP Query User{9E29FC71-3AA1-49AB-B0C1-7BCD51F3A554}C:\users\jenna\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jenna\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes

"{0CE7EBAF-157D-4111-9146-057CB2A4023E}" = HP Application Assistant

"{177F4FEE-E119-4AB7-9B32-ECF6A1D03719}" = HP Deskjet 3520 series Product Improvement Study

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}" = 인텔® PROSet/무선 WiFi 소프트웨어

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{26A24AE4-039D-4CA4-87B4-2F86417006FF}" = Java 7 Update 6 (64-bit)

"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services

"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display

"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support

"{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}" = Intel® PROSet/Wireless Software for Bluetooth® Technology

"{4169B8AC-D144-4E38-A9CA-637EA44129ED}" = Intel® Wireless Music device driver

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}" = HP 3D DriveGuard

"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client

"{64A3A4F4-B792-11D6-A78A-00B0D0170060}" = Java SE Development Kit 7 Update 6 (64-bit)

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.14

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.14

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}" = Intel® PROSet/Wireless for Bluetooth® + High Speed

"{C5A22A98-AC82-4404-BFB0-1E9F654EB176}" = Motorola Mobile Drivers Installation 6.0.0

"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA83578A-7DB2-4CF6-9453-CF24C7917AB8}" = Validity WBF DDK

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{E80963EC-EED7-411A-8AC0-149EC57FB0F9}" = HP Deskjet 3520 series Basic Device Software

"{EBC0CC3F-B7A1-4FC8-8014-4C7BFD3925E8}" = AuthenTec TrueAPI 64-bit

"{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}" = HP Security Assistant

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"ALYac_is1" = ¾Ë¾à

"CCleaner" = CCleaner

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"ProInst" = Intel PROSet Wireless

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0981D0B9-4241-4FF1-AD4E-F93D6F677129}_is1" = Lingual Media Player version 1.6.1

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3

"{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}" = HP CoolSense

"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1ABA2AF6-A2BB-486C-A7CB-FCF34C135D92}" = Cisco AnyConnect VPN Client

"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver

"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9

"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34C821CA-6B55-44A0-8A9B-2EF471D6019E}" = HP SimplePass

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource

"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{3F122044-172F-4DC6-96CA-0DD4300E9CD9}" = HP Documentation

"{402F6F2E-5683-491C-977D-0CA599A07CAF}" = Adobe CS6 Design and Web Premium

"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple 응용 프로그램 지원

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2

"{4F541CF7-7562-4EE1-9CA5-E6D73CCD34D8}" = HP Software Framework

"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch

"{5401CEE8-3C2D-4835-A802-213306537FF4}" = MotoCast

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6CEF2BC6-8929-44EE-8360-175513E1A49A}" = Secure Download Manager

"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74A8E1BE-D438-4C35-ABFF-3A1EAF17526E}" = Blio

"{768A6276-5822-489C-8A2B-67190F745655}" = ESU for Microsoft Windows 7 SP1

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8CE152BA-1D16-11E1-867D-984BE15F174E}" = Evernote v. 4.5.2

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{93F34C5C-ACAA-48F3-9B26-70359A117F12}" = Intel® WiDi

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI

"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager

"{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}" = HP Deskjet 3520 series Setup Guide

"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6

"{C13E1F46-84FE-4D3B-8581-0F2F624C7EEC}" = HP Deskjet 3520 series Help

"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CDED9EF0-D072-11DF-2EA6-0104A00B0BB3}" = CommView for WiFi

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager

"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DEAD13D3-BC70-4AAE-AEF9-BE6297E106D1}" = Motorola Device Software Update

"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager

"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display

"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant

"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"ALMind_is1" = ¾Ë¸¶Àεå Lite 1.2

"ALUpdate_is1" = ¾ËÅøÁî ¾÷µ¥ÀÌÆ®

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17

"AutoHotkey" = AutoHotkey 1.0.48.05

"Backup Assistant Plus" = Backup Assistant Plus

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager

"com.adobe.WidgetBrowser" = Adobe Widget Browser

"DAEMON Tools Lite" = DAEMON Tools Lite

"doubleTwist" = doubleTwist

"DtsFilter" = DTS+AC3 Filter

"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]

"GOM Player" = GOM Player

"GomTV Launcher Plugin" = GOMTV Plug-in

"HP Photo Creations" = HP Photo Creations

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD

"Mabinogi" = Mabinogi

"MapleStory" = MapleStory

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"MPEG2ÄÚµ¦(libmpeg2/mad)" = MPEG2ÄÚµ¦(libmpeg2/mad)

"MuseScore" = MuseScore 1.3

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"SumatraPDF" = SumatraPDF

"uTorrent" = µTorrent

"WildTangent hp Master Uninstall" = HP Games

"WinLiveSuite" = Windows Live Essentials

"WTA-0b104c12-dbb1-4c79-8b38-6c6e4ce325e3" = Bejeweled 3

"WTA-107fe714-24a7-4fe4-965b-229b8bd24b44" = Final Drive Fury

"WTA-15b06ce9-f456-48f5-a2ef-ba521d3561be" = John Deere Drive Green

"WTA-1995e512-b779-47b5-acb3-d6566b3e6c4a" = Poker Superstars III

"WTA-231000ec-3ac6-4848-9457-07940d093afa" = Torchlight

"WTA-341039b8-b6b3-4bde-96de-32fd1e414649" = RollerCoaster Tycoon 3: Platinum

"WTA-55d63651-5bc9-41f7-bf5d-b79c15cdc5bd" = Zuma's Revenge

"WTA-696100e5-ed64-4699-8835-d937a8d12a46" = Plants vs. Zombies - Game of the Year

"WTA-6c389dfa-f219-4b27-bff4-1a47254cfef1" = Polar Golfer

"WTA-6fe14483-83c6-4c56-8c40-89b0f6532064" = Farmscapes

"WTA-718e4272-b5d5-4463-b3b2-2d3ec6cc951a" = Letters from Nowhere 2

"WTA-8740d9d4-6418-4275-81f2-1458f28145d0" = Jewel Match 3

"WTA-93467d49-48ca-421c-a6db-660a69d19f3f" = Mah Jong Medley

"WTA-97c0eaca-b57a-4537-b4ef-c1bb6bd2c0d9" = The Treasures of Mystery Island: The Ghost Ship

"WTA-9f667811-0732-4527-95f9-64d01ffbd0d2" = Chuzzle Deluxe

"WTA-a9a99d24-ebfb-4ee3-96d0-9d3fb8bdaaa2" = Cradle of Rome 2

"WTA-acb1bb99-4941-412e-bf9e-4fde81dccaa2" = Blackhawk Striker 2

"WTA-acfc8311-629b-4a38-aa0e-c9df138dd60a" = Virtual Villagers 4 - The Tree of Life

"WTA-bf81c8cb-944a-4194-aa55-728f5318c4a4" = Hoyle Card Games

"WTA-c030e614-dbb5-452b-b470-2b9abfaa13d0" = Dora's World Adventure

"WTA-c465c5c9-aee0-4502-8b40-e55867e6ce6a" = Polar Bowler

"WTA-caec18f3-e7ff-4b5d-ae15-78daa661c85a" = Luxor HD

"WTA-dd291106-2fab-4e1b-af65-4e164bc65827" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition

"WTA-e15f4cb9-6c89-4d42-896a-f7c1a31d0723" = Farm Frenzy

"WTA-f005e00f-fec5-436f-b058-2268e4008a5b" = FATE

"WTA-f6c08ff1-4368-4f09-8a4c-4e56944d20f9" = Penguins!

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3569561272-1230230878-413452085-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Amazon Kindle" = Amazon Kindle

"DDO_midres_en" = Dungeons and Dragons Online

"Dropbox" = Dropbox

"Google Chrome" = Google Chrome

"HappyCloud" = Happy Cloud Client

"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Cisco AnyConnect VPN Client Events ]

Error - 2013-06-16 ¿ÀÈÄ 2:18:45 | Computer Name = JennasPrecious | Source = vpnagent | ID = 67108866

Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:

_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:

C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:

No such file or directory

Error - 2013-06-16 ¿ÀÈÄ 2:18:58 | Computer Name = JennasPrecious | Source = vpnagent | ID = 67108866

Description = Function: CDNSRequest::OnSocketReadComplete File: .\IP\DNSRequest.cpp

Line:

1069 Invoked Function: CDNSRequest::processResponse Return Code: -29229043 (0xFE42000D)

Description:

DNSREQUEST_ERROR_NO_SUCH_NAME Failed to resolve 39.109.5.192.in-addr.arpa via DNS

server 192.168.1.1

Error - 2013-06-16 ¿ÀÈÄ 2:54:02 | Computer Name = JennasPrecious | Source = vpnagent | ID = 67108866

Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:

_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:

C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:

No such file or directory

Error - 2013-06-16 ¿ÀÈÄ 2:54:14 | Computer Name = JennasPrecious | Source = vpnagent | ID = 67108866

Description = Function: CDNSRequest::OnSocketReadComplete File: .\IP\DNSRequest.cpp

Line:

1069 Invoked Function: CDNSRequest::processResponse Return Code: -29229043 (0xFE42000D)

Description:

DNSREQUEST_ERROR_NO_SUCH_NAME Failed to resolve 39.109.5.192.in-addr.arpa via DNS

server 192.168.1.1

Error - 2013-06-16 ¿ÀÈÄ 3:07:27 | Computer Name = JennasPrecious | Source = vpnagent | ID = 67108866

Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:

_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:

C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:

No such file or directory

Error - 2013-06-16 ¿ÀÈÄ 3:07:33 | Computer Name = JennasPrecious | Source = vpnagent | ID = 67108866

Description = Function: CDNSRequest::OnSocketReadComplete File: .\IP\DNSRequest.cpp

Line:

1069 Invoked Function: CDNSRequest::processResponse Return Code: -29229043 (0xFE42000D)

Description:

DNSREQUEST_ERROR_NO_SUCH_NAME Failed to resolve 39.109.5.192.in-addr.arpa via DNS

server 192.168.1.1

Error - 2013-06-16 ¿ÀÈÄ 6:26:13 | Computer Name = JennasPrecious | Source = vpnagent | ID = 67108866

Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:

_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:

C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:

No such file or directory

Error - 2013-06-16 ¿ÀÈÄ 6:26:19 | Computer Name = JennasPrecious | Source = vpnagent | ID = 67108866

Description = Function: CDNSRequest::OnSocketReadComplete File: .\IP\DNSRequest.cpp

Line:

1069 Invoked Function: CDNSRequest::processResponse Return Code: -29229043 (0xFE42000D)

Description:

DNSREQUEST_ERROR_NO_SUCH_NAME Failed to resolve 39.109.5.192.in-addr.arpa via DNS

server 192.168.1.1

Error - 2013-06-16 ¿ÀÈÄ 6:31:02 | Computer Name = JennasPrecious | Source = vpnagent | ID = 67108866

Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:

_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:

C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:

No such file or directory

Error - 2013-06-16 ¿ÀÈÄ 6:31:08 | Computer Name = JennasPrecious | Source = vpnagent | ID = 67108866

Description = Function: CDNSRequest::OnSocketReadComplete File: .\IP\DNSRequest.cpp

Line:

1069 Invoked Function: CDNSRequest::processResponse Return Code: -29229043 (0xFE42000D)

Description:

DNSREQUEST_ERROR_NO_SUCH_NAME Failed to resolve 39.109.5.192.in-addr.arpa via DNS

server 192.168.1.1

[ Hewlett-Packard Events ]

Error - 2013-04-17 ¿ÀÈÄ 3:21:19 | Computer Name = JennasPrecious | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Message:

Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Source:

HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program

Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8091

Ram

Utilization: 70 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

Error - 2013-04-17 ¿ÀÈÄ 4:32:34 | Computer Name = JennasPrecious | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Message:

Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Source:

HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program

Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8091

Ram

Utilization: 70 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

Error - 2013-04-17 ¿ÀÈÄ 7:22:51 | Computer Name = JennasPrecious | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Message:

Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Source:

HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program

Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8091

Ram

Utilization: TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

Error - 2013-04-17 ¿ÀÈÄ 8:42:05 | Computer Name = JennasPrecious | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Message:

Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Source:

HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program

Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8091

Ram

Utilization: 60 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

Error - 2013-04-17 ¿ÀÈÄ 9:42:54 | Computer Name = JennasPrecious | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Message:

Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Source:

HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program

Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8091

Ram

Utilization: TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

Error - 2013-04-17 ¿ÀÈÄ 11:20:54 | Computer Name = JennasPrecious | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Message:

Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Source:

HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program

Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8091

Ram

Utilization: 70 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

Error - 2013-04-18 ¿ÀÀü 12:23:30 | Computer Name = JennasPrecious | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Message:

Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Source:

HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program

Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8091

Ram

Utilization: 60 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

Error - 2013-04-18 ¿ÀÀü 10:31:53 | Computer Name = JennasPrecious | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Message:

Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Source:

HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program

Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8091

Ram

Utilization: 60 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

Error - 2013-04-18 ¿ÀÀü 11:31:59 | Computer Name = JennasPrecious | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Message:

Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Source:

HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program

Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8091

Ram

Utilization: 60 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

Error - 2013-04-18 ¿ÀÈÄ 3:58:57 | Computer Name = JennasPrecious | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Message:

Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Source:

HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program

Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8091

Ram

Utilization: 60 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

< End of report >

(5) ESET scan log:

C:\Users\Jenna\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_8952_267\CRX_INSTALL\50650a2c1b1cf1348799020.js Win32/Adware.MultiPlug.H application

C:\Users\Jenna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\28a560c7-6204f976 Java/Exploit.Agent.OOZ trojan

C:\Users\Jenna\Downloads\GetTest.exe a variant of Win32/Adware.iBryte.G application

C:\Documents and Settings\Jenna\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_8952_267\CRX_INSTALL\50650a2c1b1cf1348799020.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined

C:\Documents and Settings\Jenna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\28a560c7-6204f976 Java/Exploit.Agent.OOZ trojan cleaned by deleting - quarantined

C:\Documents and Settings\Jenna\Downloads\GetTest.exe a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined

C:\FRST\Quarantine\skype.dat a variant of Win32/Kryptik.BDRE trojan cleaned by deleting - quarantined

Everything seems to be running smoothly.

Link to post
Share on other sites

Still have a little more to do, but we're nearly there.

----------Step 1----------------

We need to run an OTL Fix

  • Please reopen otlicon.png on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.
    :OTL
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    [2009-07-14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [2009-07-14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013-02-27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013-02-27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]


  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

----------Step 2----------------

Instructions for DELETE:

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

Afterwards, please reboot the computer.

----------Step 3----------------

Please post the OTL and AdwCleaner reports in your next reply. How are things running now?

Link to post
Share on other sites

Here is the OTL report:

All processes killed

========== OTL ==========

C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp deleted successfully.

C:\Windows\assembly\Desktop.ini moved successfully.

File C:\Windows\assembly\Desktop.ini not found.

File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.

File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.

File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.

File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.

File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.

File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.

Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.

Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.

Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.

Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56475 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Jenna

->Temp folder emptied: 22441122 bytes

->Temporary Internet Files folder emptied: 10546415 bytes

->Java cache emptied: 1040470 bytes

->Google Chrome cache emptied: 194896854 bytes

->Flash cache emptied: 720 bytes

User: Public

->Temp folder emptied: 0 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 156061 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42287446 bytes

RecycleBin emptied: 7176 bytes

Total Files Cleaned = 259.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jenna

->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Jenna

->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 06172013_101407

Files\Folders moved on Reboot...

C:\Users\Jenna\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Jenna\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

And here is the AdwCleaner report:

# AdwCleaner v2.303 - Logfile created 06/17/2013 at 10:21:40

# Updated 08/06/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Jenna - JENNASPRECIOUS

# Boot Mode : Normal

# Running from : C:\Users\Jenna\Desktop\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\Jenna\AppData\Roaming\SendSpace

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.110

File : C:\Users\Jenna\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4467 octets] - [16/06/2013 20:06:14]

AdwCleaner[R2].txt - [4527 octets] - [16/06/2013 20:06:57]

AdwCleaner[s1].txt - [1840 octets] - [17/06/2013 10:21:40]

########## EOF - C:\AdwCleaner[s1].txt - [1900 octets] ##########

Everything is running pretty well; no observable difficulties.

Link to post
Share on other sites

Things look good. Judging by your last few logs, I'd say your system is clean. :)

Before we move on, please take the time to install the following updates. Program updates are a critical part of your computer's safety net, as outdated applications leave you vulnerable to malware.

---------

Upgrade Java : (64 bits)

  • Download the latest version of Java SE Runtime Environment (JRE) JRE 7 Update 3 .
  • Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
  • Check the box that says: "Accept License Agreement.".
  • Click on the link to download Windows Offline Installation 64 bit ( jre-7u3-windows-x64.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u3-windows-x64.exe and select "Run as an Administrator.")

---------

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

---------

Please let me know how the updates went, as failed updates may be dule to malware.

Link to post
Share on other sites

Glad to hear the updates went successfully!

Unless there are any other issues, I will now provide you with some steps to better protect your computer.

First, however we need to remove ComboFix.

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------------

Let's remove OTL and the other tools we used as well:

  • Reopen otlicon.png on your desktop.
  • Click on cleanup.png
  • You will be prompted to reboot your system. Please do so.

-------------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

-------------------

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Microsoft Security Essentials

-------------------

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

-------------------

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

-------------------

Please keep your security programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time.

-------------------

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewa...nti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

-------------------

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

-------------------

For more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

-------------------

I would grateful if you could reply to this post so that I know you have read it and, if you have no other questions, the thread can then be closed.

I will leave the thread open for a few more days. If you need anything, just come back here and let me know. After that time you will have to send me a PM.

---------------------------------------------------------

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against malware, then click here:

paypal.gif Every little bit helps. smile.png

-DFB

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.