Jump to content

still have Smart PC Cleaner after running mbam

SweetMamaBR
 Share

Recommended Posts

SweetMamaBR

SweetMamaBR

Posted
Posted

Having problems with SmartPCCleaner. I've run malwarebytes PRO, DDS and ComboFix. Here are the logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16635
Run by Owner at 19:30:02 on 2013-08-10
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8174.5699 [GMT -5:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Easy Downloads\easydownloads.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
mWinlogon: Userinit = userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: getsav-in 5.0: {1E5425B1-F8A2-41EF-9B67-6F6C4EBCB102} - 
BHO: Toolbar BHO: {631acb68-57c3-48af-9cc5-fcec0837ffd3} - 
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - 
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Search Assistant BHO: {d5e9b421-c309-41de-9014-800a2adcdeb0} - 
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: FilmFanatic: {0b84b4b4-8af8-4f1f-91fe-074a666f6425} - 
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [updReg] C:\Windows\UpdReg.EXE
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [EasyDownloads] "C:\Program Files (x86)\Easy Downloads\easydownloads.exe" -tray
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: chase.com
TCP: NameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{9C676C4F-BE7D-49BD-AD3F-9F80C503B4B2} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{9C676C4F-BE7D-49BD-AD3F-9F80C503B4B2}\C696E6B6379737 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{EAC18A2B-1F4C-4CD1-A7CD-7E6AA9BE100C} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [FilmFanatic Home Page Guard 64 bit] "C:\PROGRA~2\FILMFA~2\bar\1.bin\AppIntegrator64.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;Hotcore helper;C:\Windows\System32\drivers\hotcore3.sys [2011-8-19 37392]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-7-7 55856]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-4-3 28600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-7 203776]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-3-20 84024]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-3-20 108088]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-4-3 100712]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-7 13336]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-12 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-12 701512]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-7-7 115216]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-7-7 317440]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-7-7 406056]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-12 25928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-7-7 158976]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-8-3 36680]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-3-18 25072]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-14 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-08-10 23:56:06 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A738F35D-F4D8-41E9-877E-9BEC2201F74C}\offreg.dll
2013-08-10 23:46:14 -------- d-----w- C:\ComboFix
2013-08-06 21:22:20 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A738F35D-F4D8-41E9-877E-9BEC2201F74C}\mpengine.dll
2013-08-06 16:19:53 98816 ----a-w- C:\Windows\sed.exe
2013-08-06 16:19:53 256000 ----a-w- C:\Windows\PEV.exe
2013-08-06 16:19:53 208896 ----a-w- C:\Windows\MBR.exe
2013-08-03 22:25:56 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-03 22:25:41 36680 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-08-01 18:55:47 -------- d-----w- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2013-08-01 18:46:45 -------- d-----w- C:\Windows\pss
2013-07-31 15:19:31 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2013-07-31 15:19:30 52568 ----a-r- C:\Windows\System32\AdobePDF.dll
2013-07-27 19:36:48 -------- d-----w- C:\Users\Owner\AppData\Local\Samsung
2013-07-25 21:33:01 -------- d-----w- C:\ProgramData\KingsIsle Entertainment
2013-07-25 19:36:47 274432 ----a-w- C:\Windows\TLCUninstall.exe
2013-07-25 19:36:47 -------- d-----w- C:\Program Files (x86)\Living Books
2013-07-25 19:36:39 306688 ----a-w- C:\Windows\IsUninst.exe
2013-07-23 22:58:54 -------- d-----w- C:\Windows\Lhsp
2013-07-23 22:56:34 -------- d-----w- C:\ProgramData\The Learning Company
2013-07-23 22:55:31 -------- d-----w- C:\Program Files (x86)\The Learning Company
2013-07-23 22:54:46 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2013-07-23 22:54:46 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2013-07-23 22:54:45 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2013-07-23 22:54:45 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2013-07-23 22:54:45 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2013-07-23 22:54:39 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2013-07-23 22:54:39 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2013-07-23 22:54:38 -------- d-----w- C:\Program Files (x86)\NZRVR
2013-07-23 22:54:38 -------- d-----w- C:\Program Files (x86)\Connection Wizard
2013-07-21 23:09:24 -------- d-----w- C:\ProgramData\boost_interprocess
2013-07-21 18:55:23 -------- d-----w- C:\Users\Owner\AppData\Local\FilmFanatic
2013-07-21 15:03:33 -------- d-----w- C:\ProgramData\DriverGenius
2013-07-16 08:01:01 -------- d-----w- C:\Windows\System32\MRT
2013-07-13 00:52:19 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-07-13 00:51:56 -------- d-----w- C:\ProgramData\Malwarebytes
2013-07-13 00:51:55 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-07-13 00:51:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-13 00:51:35 -------- d-----w- C:\Users\Owner\AppData\Local\Programs
.
==================== Find3M  ====================
.
2013-06-26 09:49:30 83672 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2013-06-12 14:39:08 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 14:39:08 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
.
============= FINISH: 19:30:09.67 ===============
 
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume2
Install Date: 8/14/2011 2:42:55 PM
System Uptime: 8/10/2013 5:07:09 PM (2 hours ago)
.
Motherboard: Dell Inc. |  | 0Y2MRG
Processor: Intel® Core i7-2600 CPU @ 3.40GHz | CPU 1 | 2380/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1385 GiB total, 1199.076 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is FIXED (NTFS) - 932 GiB total, 931.393 GiB free.
J: is Removable
K: is Removable
L: is FIXED (NTFS) - 466 GiB total, 175.402 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart C309a series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart C309a series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C309a series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C309a series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service: 
.
==== System Restore Points ===================
.
RP174: 7/25/2013 4:32:39 PM - Installed Wizard101
RP175: 7/26/2013 8:04:37 AM - Windows Update
RP176: 7/26/2013 5:59:59 PM - Installed Pirate101
RP177: 7/30/2013 9:05:06 AM - Windows Update
RP178: 8/6/2013 1:13:23 PM - Windows Update
RP179: 8/10/2013 6:46:26 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Activision®
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe Connect Add-in
Adobe Flash Player 11 ActiveX
Adobe Reader X MUI
AMD APP SDK Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI AVIVO64 Codecs
ATI Catalyst Install Manager
Audible Download Manager
Avanquest Perfect Image 12 
Avira Free Antivirus
Best Buy pc app
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
Bonjour
BufferChm
C309a
C309g-m
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Coupon Printer for Windows
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Edoc Viewer
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell Support Center
Dell VideoStage 
Destinations
DeviceDiscovery
DirectX 9 Runtime
DocProc
Driver Genius
Dropbox
DW WLAN Card
EasyDownloads - fastest downloads in two clicks!
Fax
FilmFanatic Firefox Toolbar
FilmFanatic Internet Explorer Toolbar
getsav-in
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5
HP Photosmart Essential 3.5
HP Photosmart Premium C309g-m All-in-One Driver Software 14.0 Rel. 6
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Intel® Rapid Storage Technology
iSEEK AnswerWorks English Runtime
iTunes
Java Auto Updater
Java 6 Update 24 (64-bit)
Java 6 Update 31
Junk Mail filter update
Kid Pix Deluxe 4
L&H TTS3000 Español
LEGO® Star Wars™: The Complete Saga
Lernout & Hauspie TruVoice American English TTS Engine
Logitech Gaming Software 5.10
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
mPlayer version 1.0
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
Network64
NetZero For Riverdeep
OCR Software by I.R.I.S. 14.0
PhotoShowExpress
Pirate101
PS_AIO_05_C309_Software_Min
PS_AIO_06_C309g-m_SW_Min
Quicken 2011
Quicken 2012
QuickTime
QuickTransfer
RBVirtualFolder64Inst
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Shop for HP Supplies
Skype Toolbars
Skype™ 5.10
Smart PC Cleaner v3.1
SmartWebPrinting
SolutionCenter
Sonic CinePlayer Decoder Pack
SPORE™
Status
The Cat in the Hat
THX TruStudio PC
Toolbox
Transformers - Revenge of the Fallen
TrayApp
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wlaiper
TurboTax 2011 wrapper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 15.0
Wizard101
Yahoo! Detect
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
8/9/2013 9:14:13 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/7/2013 3:38:04 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
8/7/2013 2:43:01 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
8/7/2013 10:05:24 AM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/7/2013 10:04:05 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
8/6/2013 5:00:17 PM, Error: Tcpip [4199]  - The system detected an address conflict for IP address 192.168.1.101 with the system having network hardware address 40-B3-95-A9-5F-DB. Network operations on this system may be disrupted as a result.
8/6/2013 4:27:05 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/6/2013 1:10:15 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Peer Networking Identity Manager service to connect.
8/6/2013 1:10:15 PM, Error: Service Control Manager [7001]  - The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
8/6/2013 1:10:15 PM, Error: Service Control Manager [7001]  - The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
8/6/2013 1:10:15 PM, Error: Service Control Manager [7000]  - The Peer Networking Identity Manager service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/5/2013 8:42:46 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
8/5/2013 8:42:46 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
8/10/2013 7:00:29 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
8/10/2013 6:45:48 PM, Error: Service Control Manager [7034]  - The hpqcxs08 service terminated unexpectedly.  It has done this 1 time(s).
8/10/2013 6:45:48 PM, Error: Service Control Manager [7034]  - The HP CUE DeviceDiscovery Service service terminated unexpectedly.  It has done this 1 time(s).
8/10/2013 6:42:55 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk7\DR7.
8/10/2013 6:42:52 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{9C676C4F-BE7D-49BD-AD3F-9F80C503B4B2} because another computer on the network has the same name.  The server could not start.
8/10/2013 3:53:54 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/10/2013 3:50:37 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
8/10/2013 3:50:01 PM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
8/10/2013 3:48:28 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
8/10/2013 3:48:27 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/10/2013 3:48:27 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/10/2013 3:48:23 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/10/2013 3:48:16 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/10/2013 3:48:14 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
8/10/2013 3:48:01 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  avipbb avkmgr discache spldr UimBus Wanarpv6
.
==== End Of File ===========================
 
 
 
ComboFix 13-08-09.02 - Owner 08/10/2013  18:48:01.4.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8174.6273 [GMT -5:00]
Running from: C:\Users\Owner\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
 
 
(((((((((((((((((((((((((   Files Created from 2013-07-11 to 2013-08-11  )))))))))))))))))))))))))))))))
 
 
2013-08-11 00:00:21 . 2013-08-11 00:00:21 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\temp
2013-08-11 00:00:21 . 2013-08-11 00:00:21 -------- d-----w- C:\Users\William\AppData\Local\temp
2013-08-11 00:00:21 . 2013-08-11 00:00:21 -------- d-----w- C:\Users\Justin\AppData\Local\temp
2013-08-11 00:00:21 . 2013-08-11 00:00:21 -------- d-----w- C:\Users\Helen\AppData\Local\temp
2013-08-11 00:00:21 . 2013-08-11 00:00:21 -------- d-----w- C:\Users\Elise\AppData\Local\temp
2013-08-11 00:00:21 . 2013-08-11 00:00:21 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-08-11 00:00:21 . 2013-08-11 00:00:21 -------- d-----w- C:\Users\Carole P\AppData\Local\temp
2013-08-11 00:00:21 . 2013-08-11 00:00:21 -------- d-----w- C:\Users\Ashleigh\AppData\Local\temp
2013-08-10 23:56:06 . 2013-08-10 23:56:06 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A738F35D-F4D8-41E9-877E-9BEC2201F74C}\offreg.dll
2013-08-03 22:25:56 . 2013-08-06 21:21:11 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-03 22:25:41 . 2013-08-03 22:25:41 36680 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys
2013-08-01 18:55:47 . 2013-08-01 18:55:47 -------- d-----w- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2013-07-31 15:19:31 . 2009-08-20 04:50:58 24416 ----a-r- C:\Windows\system32\AdobePDFUI.dll
2013-07-31 15:19:30 . 2009-08-20 04:50:52 52568 ----a-r- C:\Windows\system32\AdobePDF.dll
2013-07-27 19:36:48 . 2013-07-27 20:10:24 -------- d-----w- C:\Users\Owner\AppData\Local\Samsung
2013-07-26 22:52:19 . 2013-07-26 22:52:19 -------- d-----w- C:\Users\Justin\AppData\Roaming\Malwarebytes
2013-07-25 21:33:01 . 2013-07-26 23:00:10 -------- d-----w- C:\ProgramData\KingsIsle Entertainment
2013-07-25 19:36:47 . 2013-07-25 19:36:47 -------- d-----w- C:\Program Files (x86)\Living Books
2013-07-25 19:36:47 . 2002-06-13 07:09:12 274432 ----a-w- C:\Windows\TLCUninstall.exe
2013-07-25 19:36:39 . 1998-10-29 21:45:06 306688 ----a-w- C:\Windows\IsUninst.exe
2013-07-23 23:26:25 . 2013-07-23 23:26:25 -------- d-----w- C:\Users\Justin\AppData\Roaming\InstallShield
2013-07-23 22:58:54 . 2013-07-23 22:58:56 -------- d-----w- C:\Windows\Lhsp
2013-07-23 22:58:43 . 2013-07-23 22:58:43 -------- d-----w- C:\ProgramData\QuickTime
2013-07-23 22:56:34 . 2013-07-23 22:56:34 -------- d-----w- C:\ProgramData\The Learning Company
2013-07-23 22:55:31 . 2013-07-23 22:55:31 -------- d-----w- C:\Program Files (x86)\The Learning Company
2013-07-23 22:54:46 . 2004-04-19 04:39:58 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2013-07-23 22:54:46 . 2004-04-19 04:39:28 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2013-07-23 22:54:45 . 2004-04-19 04:42:00 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2013-07-23 22:54:45 . 2004-04-19 04:40:42 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2013-07-23 22:54:45 . 2004-04-19 04:39:14 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2013-07-23 22:54:39 . 2013-07-23 22:54:39 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2013-07-23 22:54:39 . 2013-07-23 22:54:39 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2013-07-23 22:54:38 . 2013-07-23 22:54:38 -------- d-----w- C:\Program Files (x86)\NZRVR
2013-07-23 22:54:38 . 2013-07-23 22:54:38 -------- d-----w- C:\Program Files (x86)\Connection Wizard
2013-07-21 23:09:24 . 2013-08-06 16:29:31 -------- d-----w- C:\ProgramData\boost_interprocess
2013-07-21 18:55:23 . 2013-07-21 18:55:23 -------- d-----w- C:\Users\Owner\AppData\Local\FilmFanatic
2013-07-21 15:03:33 . 2013-07-23 23:24:36 -------- d-----w- C:\ProgramData\DriverGenius
2013-07-21 14:28:05 . 2013-07-21 14:28:05 -------- d-----w- C:\ProgramData\Yahoo!
2013-07-16 08:01:01 . 2013-07-16 08:03:21 -------- d-----w- C:\Windows\system32\MRT
2013-07-13 00:52:19 . 2013-07-13 00:52:19 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-07-13 00:51:56 . 2013-07-13 00:51:56 -------- d-----w- C:\ProgramData\Malwarebytes
2013-07-13 00:51:55 . 2013-08-09 21:52:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-13 00:51:55 . 2013-04-04 19:50:32 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys
2013-07-13 00:51:35 . 2013-07-13 00:51:35 -------- d-----w- C:\Users\Owner\AppData\Local\Programs
.
 
 
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
 
2013-06-26 09:49:30 . 2013-05-07 20:39:25 83672 ----a-w- C:\Windows\system32\drivers\avnetflt.sys
2013-06-24 05:57:12 . 2011-08-14 21:43:56 78277128 ----a-w- C:\Windows\system32\MRT.exe
2013-06-22 08:02:26 . 2013-06-22 08:02:26 73728 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2013-06-22 08:02:26 . 2013-06-22 08:02:26 719360 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2013-06-22 08:02:26 . 2013-06-22 08:02:26 61952 ----a-w- C:\Windows\SysWow64\tdc.ocx
2013-06-22 08:02:26 . 2013-06-22 08:02:26 523264 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-06-22 08:02:26 . 2013-06-22 08:02:26 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll
2013-06-22 08:02:26 . 2013-06-22 08:02:26 38400 ----a-w- C:\Windows\SysWow64\imgutil.dll
2013-06-22 08:02:26 . 2013-06-22 08:02:26 361984 ----a-w- C:\Windows\SysWow64\html.iec
2013-06-22 08:02:26 . 2013-06-22 08:02:26 23040 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2013-06-22 08:02:26 . 2013-06-22 08:02:26 226304 ----a-w- C:\Windows\system32\elshyph.dll
2013-06-22 08:02:26 . 2013-06-22 08:02:26 185344 ----a-w- C:\Windows\SysWow64\elshyph.dll
2013-06-22 08:02:26 . 2013-06-22 08:02:26 158720 ----a-w- C:\Windows\SysWow64\msls31.dll
2013-06-22 08:02:26 . 2013-06-22 08:02:26 150528 ----a-w- C:\Windows\SysWow64\iexpress.exe
2013-06-22 08:02:26 . 2013-06-22 08:02:26 1441280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-06-22 08:02:26 . 2013-06-22 08:02:26 138752 ----a-w- C:\Windows\SysWow64\wextract.exe
2013-06-22 08:02:26 . 2013-06-22 08:02:26 137216 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-06-22 08:02:26 . 2013-06-22 08:02:26 12800 ----a-w- C:\Windows\SysWow64\mshta.exe
2013-06-22 08:02:26 . 2013-06-22 08:02:26 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll
2013-06-22 08:02:26 . 2013-06-22 08:02:26 1054720 ----a-w- C:\Windows\system32\MsSpellCheckingFacility.exe
2013-06-22 08:02:25 . 2013-06-22 08:02:25 97280 ----a-w- C:\Windows\system32\mshtmled.dll
2013-06-22 08:02:25 . 2013-06-22 08:02:25 92160 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe
2013-06-22 08:02:25 . 2013-06-22 08:02:25 905728 ----a-w- C:\Windows\system32\mshtmlmedia.dll
2013-06-22 08:02:25 . 2013-06-22 08:02:25 81408 ----a-w- C:\Windows\system32\icardie.dll
2013-06-22 08:02:25 . 2013-06-22 08:02:25 77312 ----a-w- C:\Windows\system32\tdc.ocx
2013-06-22 08:02:25 . 2013-06-22 08:02:25 762368 ----a-w- C:\Windows\system32\ieapfltr.dll
2013-06-22 08:02:25 . 2013-06-22 08:02:25 62976 ----a-w- C:\Windows\system32\pngfilt.dll
2013-06-22 08:02:25 . 2013-06-22 08:02:25 599552 ----a-w- C:\Windows\system32\vbscript.dll
2013-06-22 08:02:25 . 2013-06-22 08:02:25 52224 ----a-w- C:\Windows\system32\msfeedsbs.dll
2013-06-22 08:02:25 . 2013-06-22 08:02:25 51200 ----a-w- C:\Windows\system32\imgutil.dll
2013-06-22 08:02:25 . 2013-06-22 08:02:25 48640 ----a-w- C:\Windows\system32\mshtmler.dll
2013-06-22 08:02:25 . 2013-06-22 08:02:25 452096 ----a-w- C:\Windows\system32\dxtmsft.dll
2013-06-22 08:02:25 . 2013-06-22 08:02:25 441856 ----a-w- C:\Windows\system32\html.iec
2013-06-22 08:02:25 . 2013-06-22 08:02:25 281600 ----a-w- C:\Windows\system32\dxtrans.dll
2013-06-22 08:02:25 . 2013-06-22 08:02:25 27648 ----a-w- C:\Windows\system32\licmgr10.dll
2013-06-22 08:02:25 . 2013-06-22 08:02:25 270848 ----a-w- C:\Windows\system32\iedkcs32.dll
2013-06-22 08:02:25 . 2013-06-22 08:02:25 247296 ----a-w- C:\Windows\system32\webcheck.dll
2013-06-22 08:02:25 . 2013-06-22 08:02:25 235008 ----a-w- C:\Windows\system32\url.dll
2013-06-22 08:02:25 . 2013-06-22 08:02:25 216064 ----a-w- C:\Windows\system32\msls31.dll
2013-06-22 08:02:25 . 2013-06-22 08:02:25 197120 ----a-w- C:\Windows\system32\msrating.dll
2013-06-22 08:02:25 . 2013-06-22 08:02:25 173568 ----a-w- C:\Windows\system32\ieUnatt.exe
2013-06-22 08:02:25 . 2013-06-22 08:02:25 167424 ----a-w- C:\Windows\system32\iexpress.exe
2013-06-22 08:02:25 . 2013-06-22 08:02:25 1509376 ----a-w- C:\Windows\system32\inetcpl.cpl
2013-06-22 08:02:25 . 2013-06-22 08:02:25 149504 ----a-w- C:\Windows\system32\occache.dll
2013-06-22 08:02:25 . 2013-06-22 08:02:25 144896 ----a-w- C:\Windows\system32\wextract.exe
2013-06-22 08:02:25 . 2013-06-22 08:02:25 1400416 ----a-w- C:\Windows\system32\ieapfltr.dat
2013-06-22 08:02:25 . 2013-06-22 08:02:25 13824 ----a-w- C:\Windows\system32\mshta.exe
2013-06-22 08:02:25 . 2013-06-22 08:02:25 136192 ----a-w- C:\Windows\system32\iepeers.dll
2013-06-22 08:02:25 . 2013-06-22 08:02:25 135680 ----a-w- C:\Windows\system32\IEAdvpack.dll
2013-06-22 08:02:25 . 2013-06-22 08:02:25 12800 ----a-w- C:\Windows\system32\msfeedssync.exe
2013-06-22 08:02:25 . 2013-06-22 08:02:25 102912 ----a-w- C:\Windows\system32\inseng.dll
2013-06-12 14:39:08 . 2012-08-21 20:25:30 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-12 14:39:08 . 2011-12-29 23:32:55 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 23:43:37 . 2013-07-10 08:06:04 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 . 2013-07-10 08:06:05 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 . 2013-07-10 08:06:07 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 . 2013-07-10 08:06:07 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:36 . 2013-07-10 08:06:07 51712 ----a-w- C:\Windows\system32\ie4uinit.exe
2013-06-11 23:26:20 . 2013-07-10 08:06:04 2241024 ----a-w- C:\Windows\system32\wininet.dll
2013-06-11 23:26:13 . 2013-07-10 08:06:05 1365504 ----a-w- C:\Windows\system32\urlmon.dll
2013-06-11 23:25:30 . 2013-07-10 08:06:02 19238912 ----a-w- C:\Windows\system32\mshtml.dll
2013-06-11 23:25:29 . 2013-07-10 08:06:06 603136 ----a-w- C:\Windows\system32\msfeeds.dll
2013-06-11 23:25:16 . 2013-07-10 08:06:06 855552 ----a-w- C:\Windows\system32\jscript.dll
2013-06-11 23:25:16 . 2013-07-10 08:06:05 3958784 ----a-w- C:\Windows\system32\jscript9.dll
2013-06-11 23:25:16 . 2013-07-10 08:06:04 53248 ----a-w- C:\Windows\system32\jsproxy.dll
2013-06-11 23:25:13 . 2013-07-10 08:06:07 67072 ----a-w- C:\Windows\system32\iesetup.dll
2013-06-11 23:25:13 . 2013-07-10 08:06:07 526336 ----a-w- C:\Windows\system32\ieui.dll
2013-06-11 23:25:13 . 2013-07-10 08:06:07 39936 ----a-w- C:\Windows\system32\iernonce.dll
2013-06-11 23:25:13 . 2013-07-10 08:06:07 2648576 ----a-w- C:\Windows\system32\iertutil.dll
2013-06-11 23:25:13 . 2013-07-10 08:06:07 136704 ----a-w- C:\Windows\system32\iesysprep.dll
2013-06-11 23:25:13 . 2013-07-10 08:06:02 15404032 ----a-w- C:\Windows\system32\ieframe.dll
2013-06-11 22:51:45 . 2013-07-10 08:06:07 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 . 2013-07-10 08:06:07 89600 ----a-w- C:\Windows\system32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 . 2013-07-10 08:06:08 2706432 ----a-w- C:\Windows\system32\mshtml.tlb
2013-06-07 02:37:52 . 2013-07-10 08:06:08 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27 . 2013-07-10 00:06:51 3153920 ----a-w- C:\Windows\system32\win32k.sys
2013-06-04 06:00:13 . 2013-07-10 00:07:08 624128 ----a-w- C:\Windows\system32\qedit.dll
2013-06-04 04:53:07 . 2013-07-10 00:07:08 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-13 05:51:01 . 2013-06-12 13:36:23 184320 ----a-w- C:\Windows\system32\cryptsvc.dll
2013-05-13 05:51:00 . 2013-06-12 13:36:23 1464320 ----a-w- C:\Windows\system32\crypt32.dll
2013-05-13 05:51:00 . 2013-06-12 13:36:23 139776 ----a-w- C:\Windows\system32\cryptnet.dll
2013-05-13 05:50:40 . 2013-06-12 13:36:23 52224 ----a-w- C:\Windows\system32\certenc.dll
2013-05-13 04:45:55 . 2013-06-12 13:36:23 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 . 2013-06-12 13:36:23 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 . 2013-06-12 13:36:23 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 . 2013-06-12 13:36:23 1192448 ----a-w- C:\Windows\system32\certutil.exe
2013-05-13 03:08:10 . 2013-06-12 13:36:23 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 . 2013-06-12 13:36:23 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
 
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1E5425B1-F8A2-41EF-9B67-6F6C4EBCB102}]
C:\Users\Owner\AppData\Local\getsav-in\ie\getsav-in_1374417302.dll [bU]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{631acb68-57c3-48af-9cc5-fcec0837ffd3}]
C:\PROGRA~2\FILMFA~2\bar\1.bin\pabar.dll [bU]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{d5e9b421-c309-41de-9014-800a2adcdeb0}]
C:\Program Files (x86)\FilmFanatic\bar\1.bin\paSrcAs.dll [bU]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{0b84b4b4-8af8-4f1f-91fe-074a666f6425}"= "C:\Program Files (x86)\FilmFanatic\bar\1.bin\pabar.dll" [bU]
 
[HKEY_CLASSES_ROOT\clsid\{0b84b4b4-8af8-4f1f-91fe-074a666f6425}]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34:00 130736 ----a-w- C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34:00 130736 ----a-w- C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34:00 130736 ----a-w- C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 23:32:30 283160]
"ShwiconXP9106"="C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 21:26:30 237568]
"StartCCC"="c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 03:11:22 336384]
"THX Audio Control Panel"="C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 19:13:44 963584]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 06:00:00 90112]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 02:02:24 35736]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 21:06:36 958576]
"RoxWatchTray"="C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 10:33:58 240112]
"Desktop Disc Tool"="C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 15:35:34 514544]
"hpqSRMon"="C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 23:33:36 150528]
"Adobe Acrobat Speed Launcher"="C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 19:14:57 44128]
"Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 08:17:22 642664]
"EasyDownloads"="C:\Program Files (x86)\Easy Downloads\easydownloads.exe" [2011-09-02 12:29:58 849944]
"RIMBBLaunchAgent.exe"="C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 16:47:12 79192]
"AccuWeatherWidget"="C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 16:30:00 885760]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 02:43:52 59720]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 20:02:04 254696]
"HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 18:18:46 49208]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-06-26 09:48:51 345144]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2013-05-01 08:59:04 421888]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 16:56:02 152392]
 
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-21 27995640]
OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448]
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe /Startup [2011-3-14 2125472]
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
 
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [2010-10-13 9216]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
 
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe;C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe;C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys;C:\Windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 mbamchameleon;mbamchameleon;C:\Windows\system32\drivers\mbamchameleon.sys;C:\Windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys;C:\Windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys;C:\Windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 hotcore3;Hotcore helper;C:\Windows\system32\DRIVERS\hotcore3.sys;C:\Windows\SYSNATIVE\DRIVERS\hotcore3.sys [x]
S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys;C:\Windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys;C:\Windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe;C:\Windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys;C:\Windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys;C:\Windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys;C:\Windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.sys [x]
 
 
--- Other Services/Drivers In Memory ---
 
*NewlyCreated* - MBAMPROTECTOR
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
 
Contents of the 'Scheduled Tasks' folder
 
2013-07-25 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-21 20:25:31 . 2013-06-12 14:39:09]
 
2013-07-25 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 01:15:00 . 2011-08-16 01:14:50]
 
2013-07-25 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 01:15:00 . 2011-08-16 01:14:50]
 
2013-07-25 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3809346749-867324117-2494245077-1000Core.job
- C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-15 21:17:37 . 2011-08-15 21:17:36]
 
2013-07-25 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3809346749-867324117-2494245077-1000UA.job
- C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-15 21:17:37 . 2011-08-15 21:17:36]
 
2013-07-25 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3809346749-867324117-2494245077-1007Core.job
- C:\Users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-17 18:10:13 . 2013-05-13 21:33:51]
 
2013-07-25 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3809346749-867324117-2494245077-1007UA.job
- C:\Users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-17 18:10:13 . 2013-05-13 21:33:51]
 
2013-07-10 C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
- C:\Program Files\Dell Support Center\uaclauncher.exe [2011-07-25 17:44:26 . 2011-07-25 17:44:26]
 
2013-07-25 C:\Windows\Tasks\SystemToolsDailyTest.job
- C:\Program Files\Dell Support Center\uaclauncher.exe [2011-07-25 17:44:26 . 2011-07-25 17:44:26]
 
 
--------- X64 Entries -----------
 
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34:04 164016 ----a-w- C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34:04 164016 ----a-w- C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34:04 164016 ----a-w- C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34:04 164016 ----a-w- C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 02:02:52 10920552]
"RunDLLEntry_THXCfg"="C:\Windows\system32\THXCfg64.dll" [2009-10-15 18:38:42 17920]
"RunDLLEntry_EptMon"="C:\Windows\system32\EptMon64.dll" [2009-10-15 18:32:26 21504]
"Logitech Download Assistant"="C:\Windows\System32\LogiLDA.dll" [2010-11-04 02:50:28 1580368]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 23:18:09 190536]
"DellStage"="C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 16:29:20 2055816]
"FilmFanatic Home Page Guard 64 bit"="C:\PROGRA~2\FILMFA~2\bar\1.bin\AppIntegrator64.exe" [bU]
 
------- Supplementary Scan -------
 
uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: chase.com
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
 
- - - - ORPHANS REMOVED - - - -
 
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Driver Genius_is1 - C:\Program Files (x86)\Driver-Soft\DriverGenius\unins000.exe
AddRemove-getsav-in - C:\Users\Owner\AppData\Local\getsav-in\uninst.exe
AddRemove-Smart PC Cleaner_is1 - C:\Program Files (x86)\Smart PC Cleaner\unins000.exe
AddRemove-{B482E758-D602-434C-80B9-DDEFEEAE4BCA}_is1 - C:\Program Files (x86)\mPlayer\unins000.exe
 
 

 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello SweetMamaBR and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please do not run ComboFix without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Step 1

Please uninstall the following applications:

Coupon Printer for Windows

FilmFanatic Firefox Toolbar

FilmFanatic Internet Explorer Toolbar

getsav-in

Skype Toolbars

Smart PC Cleaner v3.1

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 5

  • Download on the desktop RogueKiller
  • Quit all programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished ...
  • Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
  • RogueKiller log
Link to post
Share on other sites
SweetMamaBR

SweetMamaBR

Posted
  • Author
Posted

Thank you Borislav!  The following are the requested reports:

 

BTW: The link you gave for RogueKiller was very difficult to actually find RK itself. Kept being directed to download all kinds of other software instead. Ended up downloading from bleepingcomputer.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.2 (08.11.2013:1)
OS: Windows 7 Professional x64
Ran by Owner on Sun 08/11/2013 at 11:01:13.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\cpturlpassthru.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dca-api.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dca-bho.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{13119113-0854-469D-807A-171568457991}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{33119133-0854-469D-807A-171568457991}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{23119123-0854-469D-807A-171568457991}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{03119103-0854-469D-807A-171568457991}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\compete
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\compete
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\competeinc
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\cpturlpassthru.httpmonitor
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\cpturlpassthru.httpmonitor.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dcabho.dca
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dcabho.dca.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{23088cf8-eaf8-4bb3-a251-9ba61557ac75}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9FBED72E-700E-4C05-BC79-8BB7A8D054A7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{23088cf8-eaf8-4bb3-a251-9ba61557ac75}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{631ACB68-57C3-48AF-9CC5-FCEC0837FFD3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\babylon"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\filmfanatic"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\opencandy"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\filmfanatic"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\iac"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 08/11/2013 at 11:04:55.44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
# AdwCleaner v2.306 - Logfile created 08/11/2013 at 11:10:38
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option [Delete]
 
 
***** [services] *****
 
 
***** [Files / Folders] *****
 
Folder Deleted : C:\Users\Helen\AppData\LocalLow\iac
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DBBBC528-9C8C-4051-9187-ED6F01A457C9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C8758BC4-4581-48C7-BA38-C1A650477AE9}
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
 
***** [internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16635
 
[OK] Registry is clean.
 
-\\ Google Chrome v28.0.1500.95
 
File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.29] : keyword = "babylon.com",
 
File : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[s1].txt - [4811 octets] - [11/08/2013 11:10:38]
 
########## EOF - C:\AdwCleaner[s1].txt - [4871 octets] ##########
 
 
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.10.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Owner :: OWNER-PC [administrator]
 
Protection: Enabled
 
8/11/2013 11:35:27 AM
mbam-log-2013-08-11 (11-35-27).txt
 
Scan type: Custom scan (C:\Users\Owner\Desktop\Smart PC Cleaner.lnk|)
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 1
Time elapsed: 1 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
 
RogueKiller V8.6.5 [Aug  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 08/11/2013 13:34:37
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 9 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:49555;hxxps=127.0.0.1:49555) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3809346749-867324117-2494245077-1007UA.job : C:\Users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3809346749-867324117-2494245077-1007Core.job : C:\Users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3809346749-867324117-2494245077-1000UA.job : C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3809346749-867324117-2494245077-1000Core.job : C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ST31500341AS +++++
--- User ---
[MBR] e5e56ac9bcc85cc35daf73fac2d4f0ff
[bSP] abec6d2a009eceb27c16af495df6667e : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12542 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25767936 | Size: 1418216 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: ST31500341AS +++++
--- User ---
[MBR] 48592523efd3f55488c298754c0ed825
[bSP] ac35831c41e0aa6377eb22df36c2762a : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive2: ST31500341AS +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
 
Finished : << RKreport[0]_S_08112013_133437.txt >>
 
 
 
 
Link to post
Share on other sites
SweetMamaBR

SweetMamaBR

Posted
  • Author
Posted

I believe this is the log from the quick scan.

 

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.10.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Owner :: OWNER-PC [administrator]
 
Protection: Enabled
 
8/11/2013 7:10:46 PM
MBAM-log-2013-08-11 (19-17-12).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 384091
Time elapsed: 5 minute(s), 9 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 3
C:\Users\Owner\Downloads\7-zip.exe (PUP.Optional.MSILLauncher) -> No action taken.
C:\Users\Owner\Downloads\Setup (1).exe (PUP.Optional.IBryte.A) -> No action taken.
C:\Users\Owner\Downloads\Setup.exe (PUP.Optional.IBryte.A) -> No action taken.
 
(end)
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites
SweetMamaBR

SweetMamaBR

Posted
  • Author
Posted

Ran ComboFix without a hitch.

 

 

ComboFix 13-08-12.01 - Owner 08/12/2013   8:59.5.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8174.6470 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-12 to 2013-08-12  )))))))))))))))))))))))))))))))
.
.
2013-08-12 14:04 . 2013-08-12 14:04 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-08-12 14:04 . 2013-08-12 14:04 -------- d-----w- c:\users\William\AppData\Local\temp
2013-08-03 22:25 . 2013-08-06 21:21 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-03 22:25 . 2013-08-03 22:25 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-08-01 18:55 . 2013-08-01 18:55 -------- d-----w- c:\users\Owner\AppData\Local\ElevatedDiagnostics
2013-07-31 15:19 . 2009-08-20 04:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2013-07-31 15:19 . 2009-08-20 04:50 52568 ----a-r- c:\windows\system32\AdobePDF.dll
2013-07-27 19:36 . 2013-07-27 20:10 -------- d-----w- c:\users\Owner\AppData\Local\Samsung
2013-07-26 22:52 . 2013-07-26 22:52 -------- d-----w- c:\users\Justin\AppData\Roaming\Malwarebytes
2013-07-25 21:33 . 2013-07-26 23:00 -------- d-----w- c:\programdata\KingsIsle Entertainment
2013-07-25 19:36 . 2013-07-25 19:36 -------- d-----w- c:\program files (x86)\Living Books
2013-07-25 19:36 . 2002-06-13 07:09 274432 ----a-w- c:\windows\TLCUninstall.exe
2013-07-25 19:36 . 1998-10-29 21:45 306688 ----a-w- c:\windows\IsUninst.exe
2013-07-23 23:26 . 2013-07-23 23:26 -------- d-----w- c:\users\Justin\AppData\Roaming\InstallShield
2013-07-23 22:58 . 2013-07-23 22:58 -------- d-----w- c:\windows\Lhsp
2013-07-23 22:58 . 2013-07-23 22:58 -------- d-----w- c:\programdata\QuickTime
2013-07-23 22:56 . 2013-07-23 22:56 -------- d-----w- c:\programdata\The Learning Company
2013-07-23 22:55 . 2013-07-23 22:55 -------- d-----w- c:\program files (x86)\The Learning Company
2013-07-23 22:54 . 2004-04-19 04:39 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2013-07-23 22:54 . 2004-04-19 04:39 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2013-07-23 22:54 . 2004-04-19 04:42 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2013-07-23 22:54 . 2004-04-19 04:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2013-07-23 22:54 . 2004-04-19 04:39 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2013-07-23 22:54 . 2013-07-23 22:54 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2013-07-23 22:54 . 2013-07-23 22:54 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2013-07-23 22:54 . 2013-07-23 22:54 -------- d-----w- c:\program files (x86)\NZRVR
2013-07-23 22:54 . 2013-07-23 22:54 -------- d-----w- c:\program files (x86)\Connection Wizard
2013-07-21 15:03 . 2013-07-23 23:24 -------- d-----w- c:\programdata\DriverGenius
2013-07-21 14:28 . 2013-07-21 14:28 -------- d-----w- c:\programdata\Yahoo!
2013-07-16 08:01 . 2013-07-16 08:03 -------- d-----w- c:\windows\system32\MRT
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-26 09:49 . 2013-05-07 20:39 83672 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-06-24 05:57 . 2011-08-14 21:43 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-22 08:02 . 2013-06-22 08:02 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-22 08:02 . 2013-06-22 08:02 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-22 08:02 . 2013-06-22 08:02 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-22 08:02 . 2013-06-22 08:02 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-22 08:02 . 2013-06-22 08:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-22 08:02 . 2013-06-22 08:02 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-22 08:02 . 2013-06-22 08:02 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-22 08:02 . 2013-06-22 08:02 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-22 08:02 . 2013-06-22 08:02 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-22 08:02 . 2013-06-22 08:02 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-22 08:02 . 2013-06-22 08:02 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-22 08:02 . 2013-06-22 08:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-22 08:02 . 2013-06-22 08:02 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-22 08:02 . 2013-06-22 08:02 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-22 08:02 . 2013-06-22 08:02 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-22 08:02 . 2013-06-22 08:02 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-22 08:02 . 2013-06-22 08:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-22 08:02 . 2013-06-22 08:02 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-22 08:02 . 2013-06-22 08:02 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-22 08:02 . 2013-06-22 08:02 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-22 08:02 . 2013-06-22 08:02 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-22 08:02 . 2013-06-22 08:02 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-22 08:02 . 2013-06-22 08:02 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-22 08:02 . 2013-06-22 08:02 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-22 08:02 . 2013-06-22 08:02 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-22 08:02 . 2013-06-22 08:02 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-22 08:02 . 2013-06-22 08:02 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-22 08:02 . 2013-06-22 08:02 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-22 08:02 . 2013-06-22 08:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-22 08:02 . 2013-06-22 08:02 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-22 08:02 . 2013-06-22 08:02 441856 ----a-w- c:\windows\system32\html.iec
2013-06-22 08:02 . 2013-06-22 08:02 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-22 08:02 . 2013-06-22 08:02 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-22 08:02 . 2013-06-22 08:02 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-22 08:02 . 2013-06-22 08:02 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-22 08:02 . 2013-06-22 08:02 235008 ----a-w- c:\windows\system32\url.dll
2013-06-22 08:02 . 2013-06-22 08:02 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-22 08:02 . 2013-06-22 08:02 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-22 08:02 . 2013-06-22 08:02 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-22 08:02 . 2013-06-22 08:02 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-22 08:02 . 2013-06-22 08:02 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-22 08:02 . 2013-06-22 08:02 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-22 08:02 . 2013-06-22 08:02 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-22 08:02 . 2013-06-22 08:02 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-22 08:02 . 2013-06-22 08:02 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-22 08:02 . 2013-06-22 08:02 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-22 08:02 . 2013-06-22 08:02 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-22 08:02 . 2013-06-22 08:02 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-22 08:02 . 2013-06-22 08:02 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-12 14:39 . 2012-08-21 20:25 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 14:39 . 2011-12-29 23:32 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 23:43 . 2013-07-10 08:06 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-11 23:43 . 2013-07-10 08:06 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-06-11 23:42 . 2013-07-10 08:06 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-06-11 23:42 . 2013-07-10 08:06 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26 . 2013-07-10 08:06 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-06-11 23:26 . 2013-07-10 08:06 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:26 . 2013-07-10 08:06 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-06-11 23:25 . 2013-07-10 08:06 19238912 ----a-w- c:\windows\system32\mshtml.dll
2013-06-11 23:25 . 2013-07-10 08:06 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-06-11 23:25 . 2013-07-10 08:06 855552 ----a-w- c:\windows\system32\jscript.dll
2013-06-11 23:25 . 2013-07-10 08:06 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:25 . 2013-07-10 08:06 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-06-11 23:25 . 2013-07-10 08:06 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:25 . 2013-07-10 08:06 526336 ----a-w- c:\windows\system32\ieui.dll
2013-06-11 23:25 . 2013-07-10 08:06 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-06-11 23:25 . 2013-07-10 08:06 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-06-11 23:25 . 2013-07-10 08:06 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 23:25 . 2013-07-10 08:06 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-06-11 22:51 . 2013-07-10 08:06 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50 . 2013-07-10 08:06 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-07 03:22 . 2013-07-10 08:06 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-07 02:37 . 2013-07-10 08:06 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-06-05 03:34 . 2013-07-10 00:06 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 00:07 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 00:07 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1E5425B1-F8A2-41EF-9B67-6F6C4EBCB102}]
c:\users\Owner\AppData\Local\getsav-in\ie\getsav-in_1374417302.dll [bU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{d5e9b421-c309-41de-9014-800a2adcdeb0}]
c:\program files (x86)\FilmFanatic\bar\1.bin\paSrcAs.dll [bU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{0b84b4b4-8af8-4f1f-91fe-074a666f6425}"= "c:\program files (x86)\FilmFanatic\bar\1.bin\pabar.dll" [bU]
.
[HKEY_CLASSES_ROOT\clsid\{0b84b4b4-8af8-4f1f-91fe-074a666f6425}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrowserSafeguard"="c:\program files (x86)\Browsersafeguard\Browsersafeguard.exe" [2013-07-31 528896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-06-26 345144]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-21 27995640]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe /Startup [2011-3-14 2125472]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 hotcore3;Hotcore helper;c:\windows\system32\DRIVERS\hotcore3.sys;c:\windows\SYSNATIVE\DRIVERS\hotcore3.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [bU]
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-21 14:39]
.
2013-08-11 c:\windows\Tasks\BrowserSafeguard Update Task.job
- c:\program files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe [2013-08-11 16:45]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 01:14]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 01:14]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3809346749-867324117-2494245077-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-15 21:17]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3809346749-867324117-2494245077-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-15 21:17]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3809346749-867324117-2494245077-1007Core.job
- c:\users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-17 21:33]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3809346749-867324117-2494245077-1007UA.job
- c:\users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-17 21:33]
.
2013-07-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-07-25 17:44]
.
2013-07-25 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-07-25 17:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]
"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
"FilmFanatic Home Page Guard 64 bit"="c:\progra~2\FILMFA~2\bar\1.bin\AppIntegrator64.exe" [bU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:49173;https=127.0.0.1:49173
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: chase.com
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Driver Genius_is1 - c:\program files (x86)\Driver-Soft\DriverGenius\unins000.exe
AddRemove-{B482E758-D602-434C-80B9-DDEFEEAE4BCA}_is1 - c:\program files (x86)\mPlayer\unins000.exe
AddRemove-48e4cff94f039634 - c:\programdata\Best Buy pc app\ClickOnceUninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-12  09:05:57
ComboFix-quarantined-files.txt  2013-08-12 14:05
ComboFix2.txt  2013-08-07 15:17
ComboFix3.txt  2013-08-06 18:03
ComboFix4.txt  2013-08-06 16:40
.
Pre-Run: 1,285,971,009,536 bytes free
Post-Run: 1,285,417,615,360 bytes free
.
- - End Of File - - E4A3D46EB7D1146E9E82A3F4999EE2D2
D41D8CD98F00B204E9800998ECF8427E
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

c:\program files (x86)\FilmFanatic\bar\1.bin\paSrcAs.dll

Folder::

c:\users\Owner\AppData\Local\getsav-in

Registry::

[-HKEY_CLASSES_ROOT\clsid\{0b84b4b4-8af8-4f1f-91fe-074a666f6425}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1E5425B1-F8A2-41EF-9B67-6F6C4EBCB102}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{d5e9b421-c309-41de-9014-800a2adcdeb0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{0b84b4b4-8af8-4f1f-91fe-074a666f6425}"=-

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites
SweetMamaBR

SweetMamaBR

Posted
  • Author
Posted
ComboFix 13-08-12.01 - Owner 08/12/2013   9:40.6.8 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8174.6208 [GMT -5:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

Command switches used :: c:\users\Owner\Desktop\CFScript.txt

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\program files (x86)\FilmFanatic\bar\1.bin\paSrcAs.dll"

.

.

(((((((((((((((((((((((((   Files Created from 2013-07-12 to 2013-08-12  )))))))))))))))))))))))))))))))

.

.

2013-08-12 14:43 . 2013-08-12 14:43 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2013-08-12 14:43 . 2013-08-12 14:43 -------- d-----w- c:\users\William\AppData\Local\temp

2013-08-03 22:25 . 2013-08-06 21:21 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-08-03 22:25 . 2013-08-03 22:25 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-08-01 18:55 . 2013-08-01 18:55 -------- d-----w- c:\users\Owner\AppData\Local\ElevatedDiagnostics

2013-07-31 15:19 . 2009-08-20 04:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll

2013-07-31 15:19 . 2009-08-20 04:50 52568 ----a-r- c:\windows\system32\AdobePDF.dll

2013-07-27 19:36 . 2013-07-27 20:10 -------- d-----w- c:\users\Owner\AppData\Local\Samsung

2013-07-26 22:52 . 2013-07-26 22:52 -------- d-----w- c:\users\Justin\AppData\Roaming\Malwarebytes

2013-07-25 21:33 . 2013-07-26 23:00 -------- d-----w- c:\programdata\KingsIsle Entertainment

2013-07-25 19:36 . 2013-07-25 19:36 -------- d-----w- c:\program files (x86)\Living Books

2013-07-25 19:36 . 2002-06-13 07:09 274432 ----a-w- c:\windows\TLCUninstall.exe

2013-07-25 19:36 . 1998-10-29 21:45 306688 ----a-w- c:\windows\IsUninst.exe

2013-07-23 23:26 . 2013-07-23 23:26 -------- d-----w- c:\users\Justin\AppData\Roaming\InstallShield

2013-07-23 22:58 . 2013-07-23 22:58 -------- d-----w- c:\windows\Lhsp

2013-07-23 22:58 . 2013-07-23 22:58 -------- d-----w- c:\programdata\QuickTime

2013-07-23 22:56 . 2013-07-23 22:56 -------- d-----w- c:\programdata\The Learning Company

2013-07-23 22:55 . 2013-07-23 22:55 -------- d-----w- c:\program files (x86)\The Learning Company

2013-07-23 22:54 . 2004-04-19 04:39 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll

2013-07-23 22:54 . 2004-04-19 04:39 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll

2013-07-23 22:54 . 2004-04-19 04:42 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll

2013-07-23 22:54 . 2004-04-19 04:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll

2013-07-23 22:54 . 2004-04-19 04:39 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe

2013-07-23 22:54 . 2013-07-23 22:54 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll

2013-07-23 22:54 . 2013-07-23 22:54 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll

2013-07-23 22:54 . 2013-07-23 22:54 -------- d-----w- c:\program files (x86)\NZRVR

2013-07-23 22:54 . 2013-07-23 22:54 -------- d-----w- c:\program files (x86)\Connection Wizard

2013-07-21 15:03 . 2013-07-23 23:24 -------- d-----w- c:\programdata\DriverGenius

2013-07-21 14:28 . 2013-07-21 14:28 -------- d-----w- c:\programdata\Yahoo!

2013-07-16 08:01 . 2013-07-16 08:03 -------- d-----w- c:\windows\system32\MRT

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-26 09:49 . 2013-05-07 20:39 83672 ----a-w- c:\windows\system32\drivers\avnetflt.sys

2013-06-24 05:57 . 2011-08-14 21:43 78277128 ----a-w- c:\windows\system32\MRT.exe

2013-06-22 08:02 . 2013-06-22 08:02 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-06-22 08:02 . 2013-06-22 08:02 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-06-22 08:02 . 2013-06-22 08:02 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-06-22 08:02 . 2013-06-22 08:02 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-06-22 08:02 . 2013-06-22 08:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-06-22 08:02 . 2013-06-22 08:02 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-06-22 08:02 . 2013-06-22 08:02 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-06-22 08:02 . 2013-06-22 08:02 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-06-22 08:02 . 2013-06-22 08:02 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-06-22 08:02 . 2013-06-22 08:02 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-06-22 08:02 . 2013-06-22 08:02 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-06-22 08:02 . 2013-06-22 08:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-06-22 08:02 . 2013-06-22 08:02 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-06-22 08:02 . 2013-06-22 08:02 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-06-22 08:02 . 2013-06-22 08:02 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-06-22 08:02 . 2013-06-22 08:02 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-06-22 08:02 . 2013-06-22 08:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-06-22 08:02 . 2013-06-22 08:02 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-06-22 08:02 . 2013-06-22 08:02 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-06-22 08:02 . 2013-06-22 08:02 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-06-22 08:02 . 2013-06-22 08:02 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-06-22 08:02 . 2013-06-22 08:02 81408 ----a-w- c:\windows\system32\icardie.dll

2013-06-22 08:02 . 2013-06-22 08:02 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-06-22 08:02 . 2013-06-22 08:02 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-06-22 08:02 . 2013-06-22 08:02 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-06-22 08:02 . 2013-06-22 08:02 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-06-22 08:02 . 2013-06-22 08:02 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-06-22 08:02 . 2013-06-22 08:02 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-06-22 08:02 . 2013-06-22 08:02 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-06-22 08:02 . 2013-06-22 08:02 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-06-22 08:02 . 2013-06-22 08:02 441856 ----a-w- c:\windows\system32\html.iec

2013-06-22 08:02 . 2013-06-22 08:02 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-06-22 08:02 . 2013-06-22 08:02 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-06-22 08:02 . 2013-06-22 08:02 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-06-22 08:02 . 2013-06-22 08:02 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-06-22 08:02 . 2013-06-22 08:02 235008 ----a-w- c:\windows\system32\url.dll

2013-06-22 08:02 . 2013-06-22 08:02 216064 ----a-w- c:\windows\system32\msls31.dll

2013-06-22 08:02 . 2013-06-22 08:02 197120 ----a-w- c:\windows\system32\msrating.dll

2013-06-22 08:02 . 2013-06-22 08:02 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-06-22 08:02 . 2013-06-22 08:02 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-06-22 08:02 . 2013-06-22 08:02 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-06-22 08:02 . 2013-06-22 08:02 149504 ----a-w- c:\windows\system32\occache.dll

2013-06-22 08:02 . 2013-06-22 08:02 144896 ----a-w- c:\windows\system32\wextract.exe

2013-06-22 08:02 . 2013-06-22 08:02 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-06-22 08:02 . 2013-06-22 08:02 13824 ----a-w- c:\windows\system32\mshta.exe

2013-06-22 08:02 . 2013-06-22 08:02 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-06-22 08:02 . 2013-06-22 08:02 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-06-22 08:02 . 2013-06-22 08:02 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-06-22 08:02 . 2013-06-22 08:02 102912 ----a-w- c:\windows\system32\inseng.dll

2013-06-12 14:39 . 2012-08-21 20:25 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-06-12 14:39 . 2011-12-29 23:32 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-11 23:43 . 2013-07-10 08:06 1767936 ----a-w- c:\windows\SysWow64\wininet.dll

2013-06-11 23:43 . 2013-07-10 08:06 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll

2013-06-11 23:42 . 2013-07-10 08:06 61440 ----a-w- c:\windows\SysWow64\iesetup.dll

2013-06-11 23:42 . 2013-07-10 08:06 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll

2013-06-11 23:26 . 2013-07-10 08:06 51712 ----a-w- c:\windows\system32\ie4uinit.exe

2013-06-11 23:26 . 2013-07-10 08:06 2241024 ----a-w- c:\windows\system32\wininet.dll

2013-06-11 23:26 . 2013-07-10 08:06 1365504 ----a-w- c:\windows\system32\urlmon.dll

2013-06-11 23:25 . 2013-07-10 08:06 19238912 ----a-w- c:\windows\system32\mshtml.dll

2013-06-11 23:25 . 2013-07-10 08:06 603136 ----a-w- c:\windows\system32\msfeeds.dll

2013-06-11 23:25 . 2013-07-10 08:06 855552 ----a-w- c:\windows\system32\jscript.dll

2013-06-11 23:25 . 2013-07-10 08:06 3958784 ----a-w- c:\windows\system32\jscript9.dll

2013-06-11 23:25 . 2013-07-10 08:06 53248 ----a-w- c:\windows\system32\jsproxy.dll

2013-06-11 23:25 . 2013-07-10 08:06 67072 ----a-w- c:\windows\system32\iesetup.dll

2013-06-11 23:25 . 2013-07-10 08:06 526336 ----a-w- c:\windows\system32\ieui.dll

2013-06-11 23:25 . 2013-07-10 08:06 39936 ----a-w- c:\windows\system32\iernonce.dll

2013-06-11 23:25 . 2013-07-10 08:06 2648576 ----a-w- c:\windows\system32\iertutil.dll

2013-06-11 23:25 . 2013-07-10 08:06 136704 ----a-w- c:\windows\system32\iesysprep.dll

2013-06-11 23:25 . 2013-07-10 08:06 15404032 ----a-w- c:\windows\system32\ieframe.dll

2013-06-11 22:51 . 2013-07-10 08:06 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2013-06-11 22:50 . 2013-07-10 08:06 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-06-07 03:22 . 2013-07-10 08:06 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-06-07 02:37 . 2013-07-10 08:06 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb

2013-06-05 03:34 . 2013-07-10 00:06 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-06-04 06:00 . 2013-07-10 00:07 624128 ----a-w- c:\windows\system32\qedit.dll

2013-06-04 04:53 . 2013-07-10 00:07 509440 ----a-w- c:\windows\SysWow64\qedit.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1E5425B1-F8A2-41EF-9B67-6F6C4EBCB102}]

c:\users\Owner\AppData\Local\getsav-in\ie\getsav-in_1374417302.dll [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{d5e9b421-c309-41de-9014-800a2adcdeb0}]

c:\program files (x86)\FilmFanatic\bar\1.bin\paSrcAs.dll [bU]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-21 23:34 130736 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-21 23:34 130736 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-21 23:34 130736 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BrowserSafeguard"="c:\program files (x86)\Browsersafeguard\Browsersafeguard.exe" [2013-07-31 528896]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]

"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]

"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]

"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-06-26 345144]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]

.

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-21 27995640]

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe /Startup [2011-3-14 2125472]

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 hotcore3;Hotcore helper;c:\windows\system32\DRIVERS\hotcore3.sys;c:\windows\SYSNATIVE\DRIVERS\hotcore3.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]

start [bU]

.

Contents of the 'Scheduled Tasks' folder

.

2013-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-21 14:39]

.

2013-08-11 c:\windows\Tasks\BrowserSafeguard Update Task.job

- c:\program files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe [2013-08-11 16:45]

.

2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 01:14]

.

2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 01:14]

.

2013-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3809346749-867324117-2494245077-1000Core.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-15 21:17]

.

2013-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3809346749-867324117-2494245077-1000UA.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-15 21:17]

.

2013-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3809346749-867324117-2494245077-1007Core.job

- c:\users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-17 21:33]

.

2013-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3809346749-867324117-2494245077-1007UA.job

- c:\users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-17 21:33]

.

2013-07-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-07-25 17:44]

.

2013-07-25 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-07-25 17:44]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-21 23:34 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-21 23:34 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-21 23:34 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-21 23:34 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]

"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]

"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]

"FilmFanatic Home Page Guard 64 bit"="c:\progra~2\FILMFA~2\bar\1.bin\AppIntegrator64.exe" [bU]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <-loopback>

uInternet Settings,ProxyServer = http=127.0.0.1:49173;https=127.0.0.1:49173

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: chase.com

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-Driver Genius_is1 - c:\program files (x86)\Driver-Soft\DriverGenius\unins000.exe

AddRemove-{B482E758-D602-434C-80B9-DDEFEEAE4BCA}_is1 - c:\program files (x86)\mPlayer\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-08-12  09:44:53

ComboFix-quarantined-files.txt  2013-08-12 14:44

ComboFix2.txt  2013-08-12 14:05

ComboFix3.txt  2013-08-07 15:17

ComboFix4.txt  2013-08-06 18:03

ComboFix5.txt  2013-08-12 14:39

.

Pre-Run: 1,285,546,602,496 bytes free

Post-Run: 1,285,453,103,104 bytes free

.

- - End Of File - - B2E3EE3D0529961556BD7B03D454A3FD

D41D8CD98F00B204E9800998ECF8427E
Link to post
Share on other sites
SweetMamaBR

SweetMamaBR

Posted
  • Author
Posted
ComboFix 13-08-12.01 - Owner 08/12/2013  17:36:14.7.8 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8174.6648 [GMT -5:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

Command switches used :: c:\users\Owner\Desktop\CFScript.txt

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\program files (x86)\FilmFanatic\bar\1.bin\paSrcAs.dll"

.

.

(((((((((((((((((((((((((   Files Created from 2013-07-12 to 2013-08-12  )))))))))))))))))))))))))))))))

.

.

2013-08-12 22:39 . 2013-08-12 22:39 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2013-08-12 22:39 . 2013-08-12 22:39 -------- d-----w- c:\users\William\AppData\Local\temp

2013-08-03 22:25 . 2013-08-06 21:21 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-08-03 22:25 . 2013-08-03 22:25 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-08-01 18:55 . 2013-08-01 18:55 -------- d-----w- c:\users\Owner\AppData\Local\ElevatedDiagnostics

2013-07-31 15:19 . 2009-08-20 04:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll

2013-07-31 15:19 . 2009-08-20 04:50 52568 ----a-r- c:\windows\system32\AdobePDF.dll

2013-07-27 19:36 . 2013-07-27 20:10 -------- d-----w- c:\users\Owner\AppData\Local\Samsung

2013-07-26 22:52 . 2013-07-26 22:52 -------- d-----w- c:\users\Justin\AppData\Roaming\Malwarebytes

2013-07-25 21:33 . 2013-07-26 23:00 -------- d-----w- c:\programdata\KingsIsle Entertainment

2013-07-25 19:36 . 2013-07-25 19:36 -------- d-----w- c:\program files (x86)\Living Books

2013-07-25 19:36 . 2002-06-13 07:09 274432 ----a-w- c:\windows\TLCUninstall.exe

2013-07-25 19:36 . 1998-10-29 21:45 306688 ----a-w- c:\windows\IsUninst.exe

2013-07-23 23:26 . 2013-07-23 23:26 -------- d-----w- c:\users\Justin\AppData\Roaming\InstallShield

2013-07-23 22:58 . 2013-07-23 22:58 -------- d-----w- c:\windows\Lhsp

2013-07-23 22:58 . 2013-07-23 22:58 -------- d-----w- c:\programdata\QuickTime

2013-07-23 22:56 . 2013-07-23 22:56 -------- d-----w- c:\programdata\The Learning Company

2013-07-23 22:55 . 2013-07-23 22:55 -------- d-----w- c:\program files (x86)\The Learning Company

2013-07-23 22:54 . 2004-04-19 04:39 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll

2013-07-23 22:54 . 2004-04-19 04:39 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll

2013-07-23 22:54 . 2004-04-19 04:42 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll

2013-07-23 22:54 . 2004-04-19 04:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll

2013-07-23 22:54 . 2004-04-19 04:39 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe

2013-07-23 22:54 . 2013-07-23 22:54 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll

2013-07-23 22:54 . 2013-07-23 22:54 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll

2013-07-23 22:54 . 2013-07-23 22:54 -------- d-----w- c:\program files (x86)\NZRVR

2013-07-23 22:54 . 2013-07-23 22:54 -------- d-----w- c:\program files (x86)\Connection Wizard

2013-07-21 15:03 . 2013-07-23 23:24 -------- d-----w- c:\programdata\DriverGenius

2013-07-21 14:28 . 2013-07-21 14:28 -------- d-----w- c:\programdata\Yahoo!

2013-07-16 08:01 . 2013-07-16 08:03 -------- d-----w- c:\windows\system32\MRT

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-26 09:49 . 2013-05-07 20:39 83672 ----a-w- c:\windows\system32\drivers\avnetflt.sys

2013-06-24 05:57 . 2011-08-14 21:43 78277128 ----a-w- c:\windows\system32\MRT.exe

2013-06-22 08:02 . 2013-06-22 08:02 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-06-22 08:02 . 2013-06-22 08:02 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-06-22 08:02 . 2013-06-22 08:02 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-06-22 08:02 . 2013-06-22 08:02 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-06-22 08:02 . 2013-06-22 08:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-06-22 08:02 . 2013-06-22 08:02 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-06-22 08:02 . 2013-06-22 08:02 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-06-22 08:02 . 2013-06-22 08:02 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-06-22 08:02 . 2013-06-22 08:02 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-06-22 08:02 . 2013-06-22 08:02 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-06-22 08:02 . 2013-06-22 08:02 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-06-22 08:02 . 2013-06-22 08:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-06-22 08:02 . 2013-06-22 08:02 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-06-22 08:02 . 2013-06-22 08:02 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-06-22 08:02 . 2013-06-22 08:02 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-06-22 08:02 . 2013-06-22 08:02 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-06-22 08:02 . 2013-06-22 08:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-06-22 08:02 . 2013-06-22 08:02 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-06-22 08:02 . 2013-06-22 08:02 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-06-22 08:02 . 2013-06-22 08:02 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-06-22 08:02 . 2013-06-22 08:02 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-06-22 08:02 . 2013-06-22 08:02 81408 ----a-w- c:\windows\system32\icardie.dll

2013-06-22 08:02 . 2013-06-22 08:02 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-06-22 08:02 . 2013-06-22 08:02 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-06-22 08:02 . 2013-06-22 08:02 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-06-22 08:02 . 2013-06-22 08:02 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-06-22 08:02 . 2013-06-22 08:02 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-06-22 08:02 . 2013-06-22 08:02 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-06-22 08:02 . 2013-06-22 08:02 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-06-22 08:02 . 2013-06-22 08:02 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-06-22 08:02 . 2013-06-22 08:02 441856 ----a-w- c:\windows\system32\html.iec

2013-06-22 08:02 . 2013-06-22 08:02 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-06-22 08:02 . 2013-06-22 08:02 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-06-22 08:02 . 2013-06-22 08:02 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-06-22 08:02 . 2013-06-22 08:02 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-06-22 08:02 . 2013-06-22 08:02 235008 ----a-w- c:\windows\system32\url.dll

2013-06-22 08:02 . 2013-06-22 08:02 216064 ----a-w- c:\windows\system32\msls31.dll

2013-06-22 08:02 . 2013-06-22 08:02 197120 ----a-w- c:\windows\system32\msrating.dll

2013-06-22 08:02 . 2013-06-22 08:02 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-06-22 08:02 . 2013-06-22 08:02 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-06-22 08:02 . 2013-06-22 08:02 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-06-22 08:02 . 2013-06-22 08:02 149504 ----a-w- c:\windows\system32\occache.dll

2013-06-22 08:02 . 2013-06-22 08:02 144896 ----a-w- c:\windows\system32\wextract.exe

2013-06-22 08:02 . 2013-06-22 08:02 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-06-22 08:02 . 2013-06-22 08:02 13824 ----a-w- c:\windows\system32\mshta.exe

2013-06-22 08:02 . 2013-06-22 08:02 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-06-22 08:02 . 2013-06-22 08:02 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-06-22 08:02 . 2013-06-22 08:02 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-06-22 08:02 . 2013-06-22 08:02 102912 ----a-w- c:\windows\system32\inseng.dll

2013-06-12 14:39 . 2012-08-21 20:25 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-06-12 14:39 . 2011-12-29 23:32 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-11 23:43 . 2013-07-10 08:06 1767936 ----a-w- c:\windows\SysWow64\wininet.dll

2013-06-11 23:43 . 2013-07-10 08:06 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll

2013-06-11 23:42 . 2013-07-10 08:06 61440 ----a-w- c:\windows\SysWow64\iesetup.dll

2013-06-11 23:42 . 2013-07-10 08:06 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll

2013-06-11 23:26 . 2013-07-10 08:06 51712 ----a-w- c:\windows\system32\ie4uinit.exe

2013-06-11 23:26 . 2013-07-10 08:06 2241024 ----a-w- c:\windows\system32\wininet.dll

2013-06-11 23:26 . 2013-07-10 08:06 1365504 ----a-w- c:\windows\system32\urlmon.dll

2013-06-11 23:25 . 2013-07-10 08:06 19238912 ----a-w- c:\windows\system32\mshtml.dll

2013-06-11 23:25 . 2013-07-10 08:06 603136 ----a-w- c:\windows\system32\msfeeds.dll

2013-06-11 23:25 . 2013-07-10 08:06 855552 ----a-w- c:\windows\system32\jscript.dll

2013-06-11 23:25 . 2013-07-10 08:06 3958784 ----a-w- c:\windows\system32\jscript9.dll

2013-06-11 23:25 . 2013-07-10 08:06 53248 ----a-w- c:\windows\system32\jsproxy.dll

2013-06-11 23:25 . 2013-07-10 08:06 67072 ----a-w- c:\windows\system32\iesetup.dll

2013-06-11 23:25 . 2013-07-10 08:06 526336 ----a-w- c:\windows\system32\ieui.dll

2013-06-11 23:25 . 2013-07-10 08:06 39936 ----a-w- c:\windows\system32\iernonce.dll

2013-06-11 23:25 . 2013-07-10 08:06 2648576 ----a-w- c:\windows\system32\iertutil.dll

2013-06-11 23:25 . 2013-07-10 08:06 136704 ----a-w- c:\windows\system32\iesysprep.dll

2013-06-11 23:25 . 2013-07-10 08:06 15404032 ----a-w- c:\windows\system32\ieframe.dll

2013-06-11 22:51 . 2013-07-10 08:06 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2013-06-11 22:50 . 2013-07-10 08:06 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-06-07 03:22 . 2013-07-10 08:06 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-06-07 02:37 . 2013-07-10 08:06 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb

2013-06-05 03:34 . 2013-07-10 00:06 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-06-04 06:00 . 2013-07-10 00:07 624128 ----a-w- c:\windows\system32\qedit.dll

2013-06-04 04:53 . 2013-07-10 00:07 509440 ----a-w- c:\windows\SysWow64\qedit.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1E5425B1-F8A2-41EF-9B67-6F6C4EBCB102}]

c:\users\Owner\AppData\Local\getsav-in\ie\getsav-in_1374417302.dll [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{d5e9b421-c309-41de-9014-800a2adcdeb0}]

c:\program files (x86)\FilmFanatic\bar\1.bin\paSrcAs.dll [bU]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-21 23:34 130736 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-21 23:34 130736 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-21 23:34 130736 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BrowserSafeguard"="c:\program files (x86)\Browsersafeguard\Browsersafeguard.exe" [2013-07-31 528896]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]

"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]

"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]

"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-06-26 345144]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]

.

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-21 27995640]

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe /Startup [2011-3-14 2125472]

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 hotcore3;Hotcore helper;c:\windows\system32\DRIVERS\hotcore3.sys;c:\windows\SYSNATIVE\DRIVERS\hotcore3.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]

start [bU]

.

Contents of the 'Scheduled Tasks' folder

.

2013-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-21 14:39]

.

2013-08-11 c:\windows\Tasks\BrowserSafeguard Update Task.job

- c:\program files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe [2013-08-11 16:45]

.

2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 01:14]

.

2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 01:14]

.

2013-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3809346749-867324117-2494245077-1000Core.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-15 21:17]

.

2013-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3809346749-867324117-2494245077-1000UA.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-15 21:17]

.

2013-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3809346749-867324117-2494245077-1007Core.job

- c:\users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-17 21:33]

.

2013-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3809346749-867324117-2494245077-1007UA.job

- c:\users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-17 21:33]

.

2013-07-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-07-25 17:44]

.

2013-07-25 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-07-25 17:44]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-21 23:34 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-21 23:34 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-21 23:34 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-21 23:34 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]

"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]

"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]

"FilmFanatic Home Page Guard 64 bit"="c:\progra~2\FILMFA~2\bar\1.bin\AppIntegrator64.exe" [bU]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <-loopback>

uInternet Settings,ProxyServer = http=127.0.0.1:49173;https=127.0.0.1:49173

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: chase.com

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-Driver Genius_is1 - c:\program files (x86)\Driver-Soft\DriverGenius\unins000.exe

AddRemove-{B482E758-D602-434C-80B9-DDEFEEAE4BCA}_is1 - c:\program files (x86)\mPlayer\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-08-12  17:40:53

ComboFix-quarantined-files.txt  2013-08-12 22:40

ComboFix2.txt  2013-08-12 14:44

ComboFix3.txt  2013-08-12 14:05

ComboFix4.txt  2013-08-07 15:17

ComboFix5.txt  2013-08-12 22:35

.

Pre-Run: 1,285,497,294,848 bytes free

Post-Run: 1,285,408,358,400 bytes free

.

- - End Of File - - 65AE3D7B6F6975BFBB635F9DB1F76B04

D41D8CD98F00B204E9800998ECF8427E
Link to post
Share on other sites
SweetMamaBR

SweetMamaBR

Posted
  • Author
Posted

Found how to keep Avira from keeping CF from registry edit. Here's the log after running it **again**. Hope it helps:

 

 

ComboFix 13-08-12.01 - Owner 08/12/2013  18:58:18.8.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8174.6265 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\FilmFanatic\bar\1.bin\paSrcAs.dll"
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-13 to 2013-08-13  )))))))))))))))))))))))))))))))
.
.
2013-08-13 00:02 . 2013-08-13 00:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-08-13 00:02 . 2013-08-13 00:02 -------- d-----w- c:\users\William\AppData\Local\temp
2013-08-03 22:25 . 2013-08-06 21:21 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-03 22:25 . 2013-08-03 22:25 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-08-01 18:55 . 2013-08-01 18:55 -------- d-----w- c:\users\Owner\AppData\Local\ElevatedDiagnostics
2013-07-31 15:19 . 2009-08-20 04:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2013-07-31 15:19 . 2009-08-20 04:50 52568 ----a-r- c:\windows\system32\AdobePDF.dll
2013-07-27 19:36 . 2013-07-27 20:10 -------- d-----w- c:\users\Owner\AppData\Local\Samsung
2013-07-26 22:52 . 2013-07-26 22:52 -------- d-----w- c:\users\Justin\AppData\Roaming\Malwarebytes
2013-07-25 21:33 . 2013-07-26 23:00 -------- d-----w- c:\programdata\KingsIsle Entertainment
2013-07-25 19:36 . 2013-07-25 19:36 -------- d-----w- c:\program files (x86)\Living Books
2013-07-25 19:36 . 2002-06-13 07:09 274432 ----a-w- c:\windows\TLCUninstall.exe
2013-07-25 19:36 . 1998-10-29 21:45 306688 ----a-w- c:\windows\IsUninst.exe
2013-07-23 23:26 . 2013-07-23 23:26 -------- d-----w- c:\users\Justin\AppData\Roaming\InstallShield
2013-07-23 22:58 . 2013-07-23 22:58 -------- d-----w- c:\windows\Lhsp
2013-07-23 22:58 . 2013-07-23 22:58 -------- d-----w- c:\programdata\QuickTime
2013-07-23 22:56 . 2013-07-23 22:56 -------- d-----w- c:\programdata\The Learning Company
2013-07-23 22:55 . 2013-07-23 22:55 -------- d-----w- c:\program files (x86)\The Learning Company
2013-07-23 22:54 . 2004-04-19 04:39 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2013-07-23 22:54 . 2004-04-19 04:39 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2013-07-23 22:54 . 2004-04-19 04:42 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2013-07-23 22:54 . 2004-04-19 04:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2013-07-23 22:54 . 2004-04-19 04:39 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2013-07-23 22:54 . 2013-07-23 22:54 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2013-07-23 22:54 . 2013-07-23 22:54 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2013-07-23 22:54 . 2013-07-23 22:54 -------- d-----w- c:\program files (x86)\NZRVR
2013-07-23 22:54 . 2013-07-23 22:54 -------- d-----w- c:\program files (x86)\Connection Wizard
2013-07-21 15:03 . 2013-07-23 23:24 -------- d-----w- c:\programdata\DriverGenius
2013-07-21 14:28 . 2013-07-21 14:28 -------- d-----w- c:\programdata\Yahoo!
2013-07-16 08:01 . 2013-07-16 08:03 -------- d-----w- c:\windows\system32\MRT
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-26 09:49 . 2013-05-07 20:39 83672 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-06-24 05:57 . 2011-08-14 21:43 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-22 08:02 . 2013-06-22 08:02 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-22 08:02 . 2013-06-22 08:02 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-22 08:02 . 2013-06-22 08:02 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-22 08:02 . 2013-06-22 08:02 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-22 08:02 . 2013-06-22 08:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-22 08:02 . 2013-06-22 08:02 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-22 08:02 . 2013-06-22 08:02 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-22 08:02 . 2013-06-22 08:02 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-22 08:02 . 2013-06-22 08:02 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-22 08:02 . 2013-06-22 08:02 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-22 08:02 . 2013-06-22 08:02 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-22 08:02 . 2013-06-22 08:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-22 08:02 . 2013-06-22 08:02 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-22 08:02 . 2013-06-22 08:02 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-22 08:02 . 2013-06-22 08:02 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-22 08:02 . 2013-06-22 08:02 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-22 08:02 . 2013-06-22 08:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-22 08:02 . 2013-06-22 08:02 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-22 08:02 . 2013-06-22 08:02 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-22 08:02 . 2013-06-22 08:02 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-22 08:02 . 2013-06-22 08:02 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-22 08:02 . 2013-06-22 08:02 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-22 08:02 . 2013-06-22 08:02 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-22 08:02 . 2013-06-22 08:02 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-22 08:02 . 2013-06-22 08:02 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-22 08:02 . 2013-06-22 08:02 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-22 08:02 . 2013-06-22 08:02 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-22 08:02 . 2013-06-22 08:02 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-22 08:02 . 2013-06-22 08:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-22 08:02 . 2013-06-22 08:02 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-22 08:02 . 2013-06-22 08:02 441856 ----a-w- c:\windows\system32\html.iec
2013-06-22 08:02 . 2013-06-22 08:02 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-22 08:02 . 2013-06-22 08:02 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-22 08:02 . 2013-06-22 08:02 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-22 08:02 . 2013-06-22 08:02 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-22 08:02 . 2013-06-22 08:02 235008 ----a-w- c:\windows\system32\url.dll
2013-06-22 08:02 . 2013-06-22 08:02 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-22 08:02 . 2013-06-22 08:02 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-22 08:02 . 2013-06-22 08:02 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-22 08:02 . 2013-06-22 08:02 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-22 08:02 . 2013-06-22 08:02 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-22 08:02 . 2013-06-22 08:02 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-22 08:02 . 2013-06-22 08:02 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-22 08:02 . 2013-06-22 08:02 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-22 08:02 . 2013-06-22 08:02 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-22 08:02 . 2013-06-22 08:02 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-22 08:02 . 2013-06-22 08:02 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-22 08:02 . 2013-06-22 08:02 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-22 08:02 . 2013-06-22 08:02 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-12 14:39 . 2012-08-21 20:25 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 14:39 . 2011-12-29 23:32 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 23:43 . 2013-07-10 08:06 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-11 23:43 . 2013-07-10 08:06 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-06-11 23:42 . 2013-07-10 08:06 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-06-11 23:42 . 2013-07-10 08:06 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26 . 2013-07-10 08:06 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-06-11 23:26 . 2013-07-10 08:06 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:26 . 2013-07-10 08:06 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-06-11 23:25 . 2013-07-10 08:06 19238912 ----a-w- c:\windows\system32\mshtml.dll
2013-06-11 23:25 . 2013-07-10 08:06 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-06-11 23:25 . 2013-07-10 08:06 855552 ----a-w- c:\windows\system32\jscript.dll
2013-06-11 23:25 . 2013-07-10 08:06 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:25 . 2013-07-10 08:06 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-06-11 23:25 . 2013-07-10 08:06 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:25 . 2013-07-10 08:06 526336 ----a-w- c:\windows\system32\ieui.dll
2013-06-11 23:25 . 2013-07-10 08:06 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-06-11 23:25 . 2013-07-10 08:06 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-06-11 23:25 . 2013-07-10 08:06 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 23:25 . 2013-07-10 08:06 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-06-11 22:51 . 2013-07-10 08:06 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50 . 2013-07-10 08:06 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-07 03:22 . 2013-07-10 08:06 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-07 02:37 . 2013-07-10 08:06 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-06-05 03:34 . 2013-07-10 00:06 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 00:07 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 00:07 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1E5425B1-F8A2-41EF-9B67-6F6C4EBCB102}]
c:\users\Owner\AppData\Local\getsav-in\ie\getsav-in_1374417302.dll [bU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{d5e9b421-c309-41de-9014-800a2adcdeb0}]
c:\program files (x86)\FilmFanatic\bar\1.bin\paSrcAs.dll [bU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 130736 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrowserSafeguard"="c:\program files (x86)\Browsersafeguard\Browsersafeguard.exe" [2013-07-31 528896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-06-26 345144]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-21 27995640]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe /Startup [2011-3-14 2125472]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 hotcore3;Hotcore helper;c:\windows\system32\DRIVERS\hotcore3.sys;c:\windows\SYSNATIVE\DRIVERS\hotcore3.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [bU]
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-21 14:39]
.
2013-08-11 c:\windows\Tasks\BrowserSafeguard Update Task.job
- c:\program files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe [2013-08-11 16:45]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 01:14]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 01:14]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3809346749-867324117-2494245077-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-15 21:17]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3809346749-867324117-2494245077-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-15 21:17]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3809346749-867324117-2494245077-1007Core.job
- c:\users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-17 21:33]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3809346749-867324117-2494245077-1007UA.job
- c:\users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-17 21:33]
.
2013-07-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-07-25 17:44]
.
2013-07-25 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-07-25 17:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]
"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
"FilmFanatic Home Page Guard 64 bit"="c:\progra~2\FILMFA~2\bar\1.bin\AppIntegrator64.exe" [bU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:49173;https=127.0.0.1:49173
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: chase.com
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Driver Genius_is1 - c:\program files (x86)\Driver-Soft\DriverGenius\unins000.exe
AddRemove-{B482E758-D602-434C-80B9-DDEFEEAE4BCA}_is1 - c:\program files (x86)\mPlayer\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-12  19:03:08
ComboFix-quarantined-files.txt  2013-08-13 00:03
ComboFix2.txt  2013-08-12 22:40
ComboFix3.txt  2013-08-12 14:44
ComboFix4.txt  2013-08-12 14:05
ComboFix5.txt  2013-08-12 23:57
.
Pre-Run: 1,285,260,087,296 bytes free
Post-Run: 1,285,166,919,680 bytes free
.
- - End Of File - - A175F2C6179526FF6A3AA4DE1F41955D
D41D8CD98F00B204E9800998ECF8427E
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Link to post
Share on other sites
SweetMamaBR

SweetMamaBR

Posted
  • Author
Posted

OTL logfile created on: 8/14/2013 9:44:31 AM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16635)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

7.98 Gb Total Physical Memory | 6.58 Gb Available Physical Memory | 82.49% Memory free

15.96 Gb Paging File | 13.56 Gb Available in Paging File | 84.97% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 1384.98 Gb Total Space | 1196.58 Gb Free Space | 86.40% Space Free | Partition Type: NTFS

Drive I: | 931.51 Gb Total Space | 931.39 Gb Free Space | 99.99% Space Free | Partition Type: NTFS

Drive L: | 465.76 Gb Total Space | 175.40 Gb Free Space | 37.66% Space Free | Partition Type: NTFS

 

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/08/14 09:43:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL (1).exe

PRC - [2013/07/31 17:12:06 | 000,528,896 | ---- | M] (BrowserSafeguard) -- C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe

PRC - [2013/06/26 04:49:21 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2013/06/26 04:48:51 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2013/06/26 04:48:51 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2013/06/21 18:35:02 | 027,995,640 | ---- | M] (Dropbox, Inc.) -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2013/05/08 03:17:22 | 000,642,664 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

PRC - [2011/05/30 11:30:00 | 000,885,760 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe

PRC - [2011/03/14 11:22:06 | 002,125,472 | ---- | M] (Audible, Inc.) -- C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe

PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

PRC - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

PRC - [2010/09/13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/09/13 18:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/03/10 16:26:30 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/07/10 03:38:20 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\e937e3331234e8da935e71172e46ba17\IAStorUtil.ni.dll

MOD - [2013/07/10 03:38:20 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\34002b75cd0faab68bf8079299c1aa46\IAStorCommon.ni.dll

MOD - [2013/07/10 03:34:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\89fe719039385377f6b5ad8d0070aa6b\System.Runtime.Remoting.ni.dll

MOD - [2013/07/10 03:33:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll

MOD - [2013/07/10 03:33:42 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll

MOD - [2013/07/10 03:33:34 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll

MOD - [2013/07/10 03:33:31 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll

MOD - [2013/07/10 03:33:29 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll

MOD - [2013/07/10 03:33:28 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll

MOD - [2013/07/10 03:33:24 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll

MOD - [2013/03/13 15:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\libcef.dll

MOD - [2012/11/13 18:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/05/30 11:30:00 | 000,885,760 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe

MOD - [2011/05/30 11:25:10 | 007,938,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll

MOD - [2011/05/30 11:25:10 | 002,225,664 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll

MOD - [2010/11/24 22:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll

MOD - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2011/04/19 20:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2013/06/26 04:49:21 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2013/06/26 04:48:51 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2013/06/12 09:39:09 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)

SRV - [2011/07/07 06:54:41 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/11/25 05:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)

SRV - [2010/11/25 05:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)

SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2010/09/13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013/08/03 17:25:41 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2013/04/03 13:52:33 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2013/04/03 13:52:33 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2013/04/03 13:52:33 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/04/19 20:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/04/19 19:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/03/18 01:58:44 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/16 18:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/11/17 05:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2010/10/15 20:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010/09/21 22:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/09/14 07:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/06/08 07:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)

DRV:64bit: - [2010/05/20 18:42:44 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2010/04/27 18:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)

DRV:64bit: - [2010/04/27 18:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)

DRV:64bit: - [2010/04/27 16:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)

DRV:64bit: - [2010/04/27 16:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)

DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009/02/11 20:23:06 | 000,037,392 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3)

DRV:64bit: - [2009/02/11 20:22:52 | 000,045,312 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)

DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)

DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_enUS448

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49490;https=127.0.0.1:49490

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found

FF - HKLM\Software\MozillaPlugins\@FilmFanatic.com/Plugin: C:\Program Files (x86)\FilmFanatic\bar\1.bin\NPpaStub.dll File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/17 14:34:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\paffxtbr@FilmFanatic.com: C:\Program Files (x86)\FilmFanatic\bar\1.bin

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/17 14:34:03 | 000,000,000 | ---D | M]

 

 

========== Chrome  ==========

 

CHR - default_search_provider: Search the web (Babylon) (Enabled)

CHR - default_search_provider: search_url = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100842&mntrId=de8a6ec000000000000068a3c4db608b

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll

 

O1 HOSTS File: ([2013/08/07 10:14:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (getsav-in 5.0) - {1E5425B1-F8A2-41EF-9B67-6F6C4EBCB102} - C:\Users\Owner\AppData\Local\getsav-in\ie\getsav-in_1374417302.dll File not found

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Search Assistant BHO) - {d5e9b421-c309-41de-9014-800a2adcdeb0} - C:\Program Files (x86)\FilmFanatic\bar\1.bin\paSrcAs.dll File not found

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()

O4:64bit: - HKLM..\Run: [FilmFanatic Home Page Guard 64 bit] "C:\PROGRA~2\FILMFA~2\bar\1.bin\AppIntegrator64.exe" File not found

O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)

O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)

O4:64bit: - HKLM..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)

O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)

O4 - HKLM..\Run: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)

O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [updReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)

O4 - HKCU..\Run: [browserSafeguard] C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe (BrowserSafeguard)

O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: chase.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C676C4F-BE7D-49BD-AD3F-9F80C503B4B2}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAC18A2B-1F4C-4CD1-A7CD-7E6AA9BE100C}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/08/14 09:42:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL (1).exe

[2013/08/14 05:15:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/08/12 08:55:44 | 005,102,975 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe

[2013/08/11 13:28:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RK_Quarantine

[2013/08/11 11:45:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileOpenerPro

[2013/08/11 11:45:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard

[2013/08/11 11:45:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Browsersafeguard

[2013/08/11 11:21:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt

[2013/08/11 11:01:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/08/07 10:12:37 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/08/06 11:19:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/08/06 11:19:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/08/06 11:19:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/08/06 10:28:35 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/08/06 10:28:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/08/03 17:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

[2013/08/01 14:25:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\rkill

[2013/08/01 14:24:52 | 001,847,424 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Owner\Desktop\rkill.com

[2013/08/01 13:55:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ElevatedDiagnostics

[2013/08/01 13:46:45 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2013/07/28 15:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2013/07/27 14:36:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Samsung

[2013/07/25 16:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KingsIsle Entertainment

[2013/07/25 16:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\KingsIsle Entertainment

[2013/07/25 14:36:47 | 000,274,432 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Windows\TLCUninstall.exe

[2013/07/25 14:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Living Books

[2013/07/25 14:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Living Books

[2013/07/23 17:58:54 | 000,000,000 | ---D | C] -- C:\Windows\Lhsp

[2013/07/23 17:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\QuickTime

[2013/07/23 17:56:34 | 000,000,000 | ---D | C] -- C:\ProgramData\The Learning Company

[2013/07/23 17:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Learning Company

[2013/07/23 17:55:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Learning Company

[2013/07/23 17:54:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NZRVR

[2013/07/23 17:54:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Connection Wizard

[2013/07/21 10:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius

[2013/07/21 09:33:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mPlayer

[2013/07/21 09:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart PC Cleaner

[2013/07/21 09:32:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius

[2013/07/21 09:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!

[2013/07/16 03:01:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT

[2012/03/18 12:01:04 | 021,741,656 | ---- | C] (Symantec Corporation                                        ) -- C:\Users\Owner\15.0.0.124b_D20111223T112127-NUesd.exe

 

========== Files - Modified Within 30 Days ==========

 

[2013/08/14 09:43:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL (1).exe

[2013/08/14 09:32:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/08/12 19:19:16 | 000,026,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/08/12 19:19:16 | 000,026,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/08/12 19:16:03 | 003,438,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/08/12 19:16:03 | 001,062,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/08/12 19:16:03 | 000,006,422 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/08/12 19:11:32 | 2133,676,031 | -HS- | M] () -- C:\hiberfil.sys

[2013/08/12 08:55:59 | 005,102,975 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe

[2013/08/11 11:45:36 | 000,000,698 | ---- | M] () -- C:\Windows\tasks\BrowserSafeguard Update Task.job

[2013/08/11 11:15:20 | 000,001,409 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2013/08/10 19:17:00 | 000,001,469 | ---- | M] () -- C:\Users\Owner\Desktop\iexplore.exe - Shortcut.lnk

[2013/08/09 16:52:10 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/08/07 10:14:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/08/03 17:25:41 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2013/08/01 14:25:05 | 001,847,424 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Owner\Desktop\rkill.com

[2013/07/31 18:42:06 | 000,002,368 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk

[2013/07/28 15:39:36 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2013/07/25 16:33:01 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\Play Wizard101.lnk

[2013/07/25 16:29:47 | 000,423,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/07/25 16:26:29 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/07/25 16:26:28 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3809346749-867324117-2494245077-1007UA.job

[2013/07/25 16:26:28 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3809346749-867324117-2494245077-1000UA.job

[2013/07/25 16:26:28 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3809346749-867324117-2494245077-1000Core.job

[2013/07/25 16:26:28 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/07/25 14:37:07 | 000,000,000 | ---- | M] () -- C:\Windows\SETUP32.INI

[2013/07/25 14:30:09 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/07/25 10:13:08 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2013/07/25 10:08:32 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3809346749-867324117-2494245077-1007Core.job

[2013/07/23 17:57:16 | 000,000,900 | ---- | M] () -- C:\Users\Public\Desktop\Kid Pix Deluxe 4.lnk

[2013/07/23 17:54:16 | 000,000,027 | ---- | M] () -- C:\KP.cfg

[2013/07/21 09:32:54 | 000,001,209 | ---- | M] () -- C:\Users\Owner\Desktop\Driver Genius.lnk

 

========== Files Created - No Company Name ==========

 

[2013/08/11 11:45:36 | 000,000,698 | ---- | C] () -- C:\Windows\tasks\BrowserSafeguard Update Task.job

[2013/08/11 11:15:20 | 000,001,415 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2013/08/11 11:15:20 | 000,001,409 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2013/08/10 19:17:00 | 000,001,469 | ---- | C] () -- C:\Users\Owner\Desktop\iexplore.exe - Shortcut.lnk

[2013/08/09 16:52:10 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/08/06 11:19:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/08/06 11:19:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/08/06 11:19:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/08/06 11:19:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/08/06 11:19:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/08/03 17:25:41 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2013/07/28 15:39:36 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2013/07/25 16:33:01 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\Play Wizard101.lnk

[2013/07/25 14:37:07 | 000,000,000 | ---- | C] () -- C:\Windows\SETUP32.INI

[2013/07/23 17:57:16 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\Kid Pix Deluxe 4.lnk

[2013/07/23 17:54:16 | 000,000,027 | ---- | C] () -- C:\KP.cfg

[2013/07/21 09:32:54 | 000,001,209 | ---- | C] () -- C:\Users\Owner\Desktop\Driver Genius.lnk

[2013/07/12 08:23:52 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp

[2013/07/12 08:23:36 | 000,202,178 | ---- | C] () -- C:\ProgramData\1.jpg

[2012/04/04 14:09:42 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

[2012/02/05 19:16:53 | 000,000,632 | RHS- | C] () -- C:\Users\Owner\ntuser.pol

[2011/09/06 10:33:59 | 003,414,392 | ---- | C] () -- C:\Users\Owner\NET NANNY USER GUIDE.pdf

[2011/08/17 19:41:46 | 000,005,243 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png

[2011/08/17 14:55:17 | 000,220,631 | ---- | C] () -- C:\Windows\hpoins35.dat

[2011/08/17 14:55:17 | 000,000,778 | ---- | C] () -- C:\Windows\hpomdl35.dat

[2011/08/17 14:31:45 | 000,208,685 | ---- | C] () -- C:\Windows\hpoins41.dat

[2011/08/17 14:31:45 | 000,001,112 | ---- | C] () -- C:\Windows\hpomdl41.dat

[2011/08/15 21:09:49 | 000,053,248 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

========== ZeroAccess Check ==========

 

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2011/09/03 16:51:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Activision

[2012/02/13 08:21:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Blackberry Desktop

[2013/08/14 05:20:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox

[2011/08/14 14:57:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Fingertapps

[2011/08/14 14:57:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech

[2011/08/17 07:23:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PCDr

[2011/09/25 22:30:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Research In Motion

[2013/07/04 22:25:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Samsung

[2013/05/15 11:51:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:07F6D9E4

 

< End of report >

 

Link to post
Share on other sites
SweetMamaBR

SweetMamaBR

Posted
  • Author
Posted
The Forum would not let me post in the same message. The following is the Extra:

 

 

 

OTL Extras logfile created on: 8/14/2013 9:44:31 AM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16635)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

7.98 Gb Total Physical Memory | 6.58 Gb Available Physical Memory | 82.49% Memory free

15.96 Gb Paging File | 13.56 Gb Available in Paging File | 84.97% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 1384.98 Gb Total Space | 1196.58 Gb Free Space | 86.40% Space Free | Partition Type: NTFS

Drive I: | 931.51 Gb Total Space | 931.39 Gb Free Space | 99.99% Space Free | Partition Type: NTFS

Drive L: | 465.76 Gb Total Space | 175.40 Gb Free Space | 37.66% Space Free | Partition Type: NTFS

 

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML.7EN4MNORB2B6Y3ZI3KSMTBZGKM] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

========== Firewall Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0D040F61-2592-4C63-9C7E-8BDE717382B2}" = lport=139 | protocol=6 | dir=in | app=system | 

"{0DAC9B7B-0157-41FA-8081-1356FBE40453}" = rport=138 | protocol=17 | dir=out | app=system | 

"{0EBB53A6-FCC8-4B38-B669-AB609095C09E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 

"{146E08DF-D218-483D-860B-4B96FFB44419}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 

"{15578462-58FB-4F4C-A658-2C5C7D132E26}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe | 

"{1D53262A-3938-47B2-97C3-793B4FDFDBEE}" = lport=137 | protocol=17 | dir=in | app=system | 

"{20683566-71F2-48F3-AB96-1916641D4F20}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{23052586-9D94-4365-9E13-921A2CC8B5B1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{3D9BF7AC-5B33-4B51-8C32-041B589B40AF}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{5798F9AD-3807-43B9-859E-ACB262420F02}" = rport=445 | protocol=6 | dir=out | app=system | 

"{593EF1E5-2F60-4676-B21D-79F3D2C9EC5F}" = rport=137 | protocol=17 | dir=out | app=system | 

"{5C2B9082-DB9D-4458-AD86-C2AE185DB8B8}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 

"{5E0B2F0C-770C-46BF-B524-F6D6448156C7}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{6C2CC718-AD5F-4659-B3F1-78CCE9AC80B6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 

"{7BAC355B-88C5-405B-A983-D7267669FA6A}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 

"{7FC92696-AC0E-4A8B-8CD2-7D6673BB3A9B}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 

"{831715CC-B91C-4F81-AAE3-220E72C16B65}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 

"{93CD20F7-424F-4961-8419-BB59C79085E9}" = rport=139 | protocol=6 | dir=out | app=system | 

"{98801DD0-58B9-4227-BE5C-055DCEF4E073}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 

"{AC32DD64-D7F9-49F7-843E-45C278F1525A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{B24E680B-EFCC-45A1-BEA4-1E9EAFC80EC7}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe | 

"{B375B28F-9DFC-46DA-95F7-0FB36F94D45E}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 

"{C343E161-9B1B-4268-9313-2A0B4AE4CFCF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{C5D94525-42A6-40B1-9ADD-3478F114FEB9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{CEC5A003-8839-4368-B9F1-87CE74A8BFEC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{D160DE66-B207-4806-A38F-54BE52491F25}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{D65B1D1B-1923-4BBC-A720-AA3CE142D047}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{E39BE3C4-4D8D-47BD-93D7-3BB24795FB7D}" = lport=445 | protocol=6 | dir=in | app=system | 

"{E4515EF2-085B-4309-A2B2-8CF35B5B6B65}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{EB5580B5-9277-4C7D-86E3-50C7F4A343D3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{EC6C3E41-E7E5-4B15-AFE8-1236FDCB4549}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 

"{EC9BE97D-2C45-4D33-991A-3A47B2F5E64F}" = lport=138 | protocol=17 | dir=in | app=system | 

"{EF12C78D-4F52-448C-B930-5980BA03F479}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{F722CFB3-79EE-463D-A3C0-878894DE584E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{F89B46DC-98D5-4BF0-B504-F92BC0F0A92D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{FAA63AC2-3255-4616-B3EA-DE8B15A9B079}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0459066D-85BF-4302-A97B-2D34302904F3}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 

"{082B029B-A938-4D0F-AA4F-8436E69D99F7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 

"{095FB9AC-8253-4A55-9D33-AA16DE98F126}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | 

"{160DE31C-20D7-4C39-941E-B53A9B1D2BD0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{20716364-D25A-441A-A927-E0D6D2B4B797}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 

"{29BEA5C6-9296-4507-9810-AA90728AB869}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe | 

"{2A446300-8AE7-4B99-AD55-557209A2D69A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{2D33520F-2EFC-4A6D-B91D-4DC1DD50F27E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 

"{2F22A1D0-C469-46A4-987B-C9BCA09CEA08}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 

"{2FE5CB57-E8BE-449C-AA9F-68612C19F5C4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 

"{3109EB0A-07B3-4D8D-8A2F-7E71A180D6A4}" = dir=in | app=c:\users\owner\appdata\local\temp\7zs3c0f\setup\hpznui40.exe | 

"{32602709-4D8A-491E-8E2A-12510F0C0159}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 

"{3687B62A-B4E9-4CE5-B661-1CF177734542}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{3723A7FE-8634-4096-952F-AD98FF0CA181}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{37AFA46E-66B9-46B5-B8C5-94F2D09A8A91}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{39B9808D-CAD2-4DEE-A5F1-C866DFE85460}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 

"{3E72370B-F5B9-4743-AE1D-D6B240D76029}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{3E7DBA3D-B5FF-40A1-BD0E-A112363685EC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 

"{3EFB79F2-B9B3-4926-9935-3A2E587412FD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{44DDC1C2-9931-4CEA-A4A1-85A4862A2812}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 

"{46C95498-1FEE-47D4-BE10-8E0403C6E51E}" = protocol=6 | dir=in | app=c:\program files (x86)\easy downloads\easydownloads.exe | 

"{491C42CE-500A-4A3B-B02E-C514B1F4649A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{49C98E28-E0F7-41D2-AC41-B7C0A8B490A6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 

"{4A73C33F-E44E-4F6D-A5BB-32640278AC53}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 

"{4DAFE675-AD67-41A4-86A7-7B9FF0307EC5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{511CDF58-E82F-42A2-BDD1-F5BF4706AAF1}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 

"{5140834A-71EF-412F-B140-CC363FF5E768}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 

"{54095D7D-F1C3-4DFF-811D-5F3DCBF03885}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 

"{542AF533-6780-474E-92D4-25C944B64DDF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{561957BD-0FFF-4AFE-965A-4F5F22AA46D7}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 

"{5763F7EA-3E2D-4C24-82B9-E42F19538492}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe | 

"{5AB80662-4D0F-4D4F-9629-F7D413EE9905}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe | 

"{5D6D38A6-6B97-495C-A5A7-86E390D93694}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 

"{65A3C9C4-AB41-48AB-BD39-C4D5EBD6F754}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{6B58BC66-BCDF-4F75-8C5E-CB1DF7D6CB3D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 

"{6E5CEA18-4DBD-4BAD-94BC-EF591868061A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 

"{720EE05E-A9BB-483E-B4DE-736E233854AC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 

"{77709408-7A23-42E1-88F0-05E4080F37B0}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe | 

"{789CC106-8990-4FBB-AE44-D5623BD623AE}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 

"{7B7372E7-EA2A-4852-B12B-872542D5475F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{828DC196-E978-48D7-BB25-BEE93CB136AB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{8A54F983-BB3D-4932-A1DE-60678F9BAEDB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{9AF5A2D9-05E1-46CB-95BC-34CF38CF8D45}" = protocol=17 | dir=in | app=c:\program files (x86)\easy downloads\easydownloads.exe | 

"{9EC15696-7D46-4E8D-ABE1-9400D5910866}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 

"{9EC7CD41-049E-4C23-8A45-F411BEE2D61D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{A1E8220F-B19E-41CC-936E-BE73047B28F4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{A23534CE-99F7-4915-B22F-A97B69F5675B}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | 

"{AA29EBEC-EFEA-40F4-AF55-FB852AE94E89}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 

"{AEAA243D-0F63-46E0-BF41-3F2D70C0DD47}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{B04D8269-E19C-4676-9236-0F92F7E3C3D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{BBDB5B96-592B-4F55-8DDB-7ECFB401265B}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\transformers - revenge of the fallen\transformers2.exe | 

"{C3A0179C-C216-4767-991A-3D7BC142FC44}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\transformers - revenge of the fallen\transformers2.exe | 

"{C4358ABD-1BD4-4E7E-BE0B-36E98D942997}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | 

"{C516E84C-4BCF-4E87-8899-5FAC36DEFCF0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 

"{C621D4FC-8F11-4B10-9930-E2FDB8858A41}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 

"{CC192CB1-DFDE-4958-B8F3-46D8A55A22D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{D3188C0A-B4DB-40C3-8516-E56E61780F37}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe | 

"{D64E58DB-2584-4758-B475-EB934818914A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 

"{D6B014FE-BF3D-4BB3-8234-033B040E8FE7}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe | 

"{D88EEB79-404B-4FEE-8DDD-91BB50D9CB2E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 

"{D8D36CD7-8418-40DD-8D8D-E175AF208F8A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{DA18D4FA-2B3C-4203-B192-93E773A4CBC0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 

"{DD3CC2C2-DDC1-4B0F-8289-0B409E9D8073}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{E2EF6D16-9229-4236-9367-015F01E52448}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{E746713D-79E9-4E71-BC33-B2E8100286C2}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 

"{E80C6B62-BE55-49F5-B10B-EDF3B99C3F60}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{EAB71F5C-8F07-43EE-BE18-908BA901F7AF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 

"{EC7A0FFE-24A8-4F1C-85E8-D6765A3C45C5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 

"{F5ECF30D-D471-4E9C-81F4-34E73E781EB2}" = protocol=6 | dir=out | app=system | 

"{F809A0A2-0247-423F-B43B-A8A94441B652}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | 

"{FF4833AB-C160-431D-804E-997719A931B5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"TCP Query User{4B1E644A-8D41-4343-B38F-9D901FE6DE0F}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 

"TCP Query User{5EF777C4-8EBA-4E71-9AB4-5BF143C2B919}C:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe | 

"TCP Query User{E4D89567-BD1B-4276-B83C-27916F3314E6}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 

"UDP Query User{0C2634AB-BFC3-4F98-AEE0-87A2DBB4E6C5}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 

"UDP Query User{43C54778-1F96-46B3-B858-A0F546FD8A43}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 

"UDP Query User{9ACDE36F-0451-4F18-8085-F9657975FB66}C:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe | 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java 6 Update 24 (64-bit)

"{2F2FB795-02E4-C0B7-4C7E-33F5DBBBC299}" = ccc-utility64

"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support

"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{71C4F928-136A-4222-A191-310E081FB96B}" = HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 5

"{72E244E5-ABBF-4905-B29C-4A8BA9190A9C}" = ATI AVIVO64 Codecs

"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{CCD42CCF-9AFF-4BC5-862A-38CCD3C8E8F8}" = HP Photosmart Premium C309g-m All-in-One Driver Software 14.0 Rel. 6

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{E73155E5-E75F-D09E-30C0-C18E3C3A1FA3}" = ATI Catalyst Install Manager

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F8013DD1-574B-4921-A473-88A2F7A34D16}" = Avanquest Perfect Image 12 

"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app

"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer

"Dell Support Center" = Dell Support Center

"DW WLAN Card" = DW WLAN Card

"HP Imaging Device Functions" = HP Imaging Device Functions 14.0

"HP Photosmart Essential" = HP Photosmart Essential 3.5

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0

"HPExtendedCapabilities" = HP Customer Participation Program 14.0

"HPOCR" = OCR Software by I.R.I.S. 14.0

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Shop for HP Supplies" = Shop for HP Supplies

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{08F173A8-AB81-4760-AEB0-CE91F3B05AEF}" = Activision®

"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0C39C9B6-2DD9-A78C-DB11-D542912480BE}" = CCC Help Spanish

"{0D98F04D-11A1-4B64-A406-43292B9EEE90}" = Dell PhotoStage

"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater

"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery

"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant

"{16D3E1ED-6F49-CE9E-93C5-0303D0D16196}" = CCC Help Dutch

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{23F80A0D-95AA-5001-B4C6-A42E4B3D6615}" = CCC Help Greek

"{25B30DCB-97E2-7A3A-F159-D970B73B71A5}" = CCC Help Italian

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{26D7162F-9D1B-CA6D-15C3-1114F551F9A6}" = CCC Help Polish

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{2BD9E081-9383-1E4B-D33F-6A6D6DCADBCF}" = CCC Help Hungarian

"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status

"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{33E2517D-E262-EA4A-842C-0BE9B1263AC8}" = CCC Help French

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{36ADF0B5-55B8-C2F6-387D-3A6715055B51}" = CCC Help Korean

"{37D4213E-49E9-DCCF-5C64-7E090A456C9A}" = CCC Help Czech

"{382F1842-0E6C-4782-B920-D96ED5165F03}" = Catalyst Control Center - Branding

"{39D06E77-8921-4056-8901-36D0035BAECA}" = Dell Stage

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader

"{44743861-8050-E256-42DE-57DD79BE88FC}" = CCC Help Thai

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5778D89F-205C-6575-1EB8-A9C6BA6C4143}" = CCC Help Swedish

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{59E44523-0F0F-4454-9F37-E951BBA55B84}" = C309a

"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack

"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support

"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter

"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011

"{654AC5F1-A109-6CA6-090E-D848AF7749C4}" = CCC Help Japanese

"{65DB503C-C379-2F23-C24D-232586D0E479}" = CCC Help Chinese Standard

"{662140BE-138C-4DC1-B4CD-B62C6C855A25}" = Pirate101

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6B94DEB7-98DB-1C8D-85D5-A315A2407C3E}" = CCC Help Portuguese

"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter

"{6F73FF67-09CE-F7B6-551D-5A4EA4CAA4CB}" = CCC Help German

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1

"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7D10390B-B895-8DCA-F140-C951B3110731}" = Catalyst Control Center InstallProxy

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{81E4A484-448D-4F69-9E48-CD9419D36C72}" = CCC Help Finnish

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert

"{855945E0-69F8-EE59-257E-271AD70EBB18}" = CCC Help Turkish

"{86C1A488-24AD-42F0-BCEF-FDB11FC2BEFA}" = NetZero For Riverdeep

"{8B0682D6-D608-2430-F3A8-492C91F4F892}" = Catalyst Control Center Localization All

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage

"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{938D5F72-6759-4C4A-0CF6-203C4C377717}" = CCC Help Chinese Traditional

"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth

"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update

"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack

"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply

"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch

"{AC76BA86-1033-F400-7760-000000000004}_955" = Adobe Acrobat 9.5.5 - CPSID_83708

"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI

"{ACCDD881-A880-58EF-D6C8-1B962297C7FA}" = CCC Help Russian

"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime

"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin

"{B3350D7C-9D1B-44B3-A5A1-EDADC0D66109}" = Kid Pix Deluxe 4

"{B482E758-D602-434C-80B9-DDEFEEAE4BCA}_is1" = mPlayer version 1.0

"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime

"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C70F962E-EABC-8FB5-16FD-89B01378214A}" = CCC Help Danish

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport

"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga

"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential

"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel

"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage 

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E27CA8FE-3A09-E040-711C-397A97D85DA3}" = CCC Help English

"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage

"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine

"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer

"{E54120CB-FA9C-7037-71C9-342761EBC5FF}" = CCC Help Norwegian

"{E6319C60-D4DF-4D4D-A077-9F46D656E4FB}" = C309g-m

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EE177519-70E3-4A94-B8DB-FD0B78D1A47E}" = PS_AIO_06_C309g-m_SW_Min

"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper

"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter

"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F9EE9A09-99B7-B29E-53C3-BBAD0ECB8A78}" = Catalyst Control Center

"{FA0E7183-6B11-4899-B25F-2C490543967E}" = PS_AIO_05_C309_Software_Min

"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm

"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset

"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app

"{FC65A49B-D0F4-4CFE-9304-4C6B4412433F}" = TurboTax 2011 wlaiper

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"AudibleDownloadManager" = Audible Download Manager

"Avira AntiVir Desktop" = Avira Free Antivirus

"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1

"Browsersafeguard" = BrowserSafeguard

"Driver Genius_is1" = Driver Genius

"fileopenerpro" = File Opener Pro

"FilmFanaticbar Uninstall Firefox" = FilmFanatic Firefox Toolbar

"FilmFanaticbar Uninstall Internet Explorer" = FilmFanatic Internet Explorer Toolbar

"HP Photo Creations" = HP Photo Creations

"InstallShield_{08F173A8-AB81-4760-AEB0-CE91F3B05AEF}" = Transformers - Revenge of the Fallen

"InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader

"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga

"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage 

"LHTTSSPE" = L&H TTS3000 Español

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)

"Office14.SingleImage" = Microsoft Office Home and Business 2010

"The Cat in the Hat" = The Cat in the Hat

"TurboTax 2011" = TurboTax 2011

"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine

"WinLiveSuite" = Windows Live Essentials

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Software Update" = Yahoo! Software Update

"YTdetect" = Yahoo! Detect

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Adobe Connect Add-in" = Adobe Connect Add-in

"Dropbox" = Dropbox

"Google Chrome" = Google Chrome

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 8/12/2013 2:52:59 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 10000

 

Error - 8/12/2013 2:53:00 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 8/12/2013 2:53:00 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 10999

 

Error - 8/12/2013 2:53:00 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 10999

 

Error - 8/12/2013 2:53:01 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 8/12/2013 2:53:01 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 11997

 

Error - 8/12/2013 2:53:01 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 11997

 

Error - 8/12/2013 8:13:21 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 8/12/2013 8:16:00 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012

Description = The performance strings in the Performance registry value is corrupted

 when process Performance extension counter provider. The BaseIndex value from the

 Performance registry is the first DWORD in the Data section, LastCounter value 

is the second DWORD in the Data section, and LastHelp value is the third DWORD in

 the Data section.

 

Error - 8/12/2013 8:16:00 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011

Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)

 failed. The first DWORD in the Data section contains the error code.

 

[ System Events ]

Error - 8/12/2013 6:38:19 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service.  However,

 the system is configured to not allow interactive services.  This service may not

 function properly.

 

Error - 8/12/2013 6:39:53 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service.  However,

 the system is configured to not allow interactive services.  This service may not

 function properly.

 

Error - 8/12/2013 7:57:02 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7034

Description = The hpqcxs08 service terminated unexpectedly.  It has done this 4 

time(s).

 

Error - 8/12/2013 8:00:24 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service.  However,

 the system is configured to not allow interactive services.  This service may not

 function properly.

 

Error - 8/12/2013 8:02:07 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service.  However,

 the system is configured to not allow interactive services.  This service may not

 function properly.

 

Error - 8/12/2013 8:10:57 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10010

Description = 

 

Error - 8/12/2013 8:12:59 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10016

Description = 

 

Error - 8/14/2013 6:15:04 AM | Computer Name = Owner-PC | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk7\DR7.

 

Error - 8/14/2013 6:15:07 AM | Computer Name = Owner-PC | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk7\DR7.

 

Error - 8/14/2013 10:32:09 AM | Computer Name = Owner-PC | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk7\DR7.

 

 

< End of report >
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

First, please uninstall this application: FilmFanatic Firefox Toolbar and then:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    CHR - default_search_provider: Search the web (Babylon) (Enabled)

    CHR - default_search_provider: search_url = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100842&mntrId=de8a6ec000000000000068a3c4db608b

    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll

    O2 - BHO: (getsav-in 5.0) - {1E5425B1-F8A2-41EF-9B67-6F6C4EBCB102} - C:\Users\Owner\AppData\Local\getsav-in\ie\getsav-in_1374417302.dll File not found

    O4:64bit: - HKLM..\Run: [FilmFanatic Home Page Guard 64 bit] "C:\PROGRA~2\FILMFA~2\bar\1.bin\AppIntegrator64.exe" File not found

    [2013/07/21 09:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart PC Cleaner

    :files

    C:\Users\Owner\AppData\Local\getsav-in

    C:\PROGRA~2\FILMFA~2

    ipconfig /flushdns /c

    :Commands

    [emptytemp]

    [clearallrestorepoints]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.
Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
Link to post
Share on other sites
SweetMamaBR

SweetMamaBR

Posted
  • Author
Posted

First attempt to run OTL fix: disabled AVIRA antivirus, ran OTL with prescribed fix, Windows error popped up:

   Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now.

 

OTL continued to run for that one minute, when rebooted could not locate the txt log.

 

Second attempt to run OTL fix: ran smoothly.

 

 

All processes killed
========== OTL ==========
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
File C:\Users\Owner\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E5425B1-F8A2-41EF-9B67-6F6C4EBCB102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E5425B1-F8A2-41EF-9B67-6F6C4EBCB102}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FilmFanatic Home Page Guard 64 bit not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart PC Cleaner\ not found.
========== FILES ==========
File\Folder C:\Users\Owner\AppData\Local\getsav-in not found.
File\Folder C:\PROGRA~2\FILMFA~2 not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Ashleigh
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Carole P
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Elise
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Helen
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 19646409 bytes
->Java cache emptied: 37874 bytes
->Flash cache emptied: 30555 bytes
 
User: Justin
->Temp folder emptied: 108369 bytes
->Temporary Internet Files folder emptied: 516773187 bytes
->Java cache emptied: 181470 bytes
->Google Chrome cache emptied: 383605236 bytes
->Flash cache emptied: 5035 bytes
 
User: Owner
->Temp folder emptied: 4105449 bytes
->Temporary Internet Files folder emptied: 367574070 bytes
->Java cache emptied: 24528 bytes
->Google Chrome cache emptied: 180582853 bytes
->Flash cache emptied: 5321702 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: William
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 240913346 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 9446 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42341 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42310724 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1,680.00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 08142013_121657
 
Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
Link to post
Share on other sites
SweetMamaBR

SweetMamaBR

Posted
  • Author
Posted

Things seem to be working fine on the computer now.

 

Thank you! Thank you!

 

Do you have any recommendations for making sure this doesn't happen again? We use the free Avira antivirus and have now put the Malware monitoring on.

 

Also, there are a few users set for children (8yrs - 12 yrs). Any recommendations for parental monitoring or settings in Windows 7?

 

Thanks again for alllll of your help!

Link to post
Share on other sites