Jump to content

Recurrent Malware Issue? Involuntary Backups?


Recommended Posts

Hello Ron L.

 

Could you help me fix this issue? Thanks for all of your help. Don't work too hard. Its a holiday :)

 

Recap: Involuntary backups? Seem to be storing something on my C drive and D drive? Also - a "Windows Update" is always holding up my computer from shutting down.

 

These "back-ups" turn my computer on at 3 am if it is sleeping. Also - sometimes folders come in around 1 pm. Lately, they seem to take up a fifth of a gig. It varies.

 

Thank you!

Link to post
Share on other sites
  • Replies 220
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

Hello,
 
Let me have you run the following please.
 
 
Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

When I click on the link, it gives me only the option to "save" the program. It saves in my downloads, and I can't move it to my desktop - I can only create a shortcut.

 

I clicked to run it - there was a window with green script that went through deleting and updating a bunch of files, and some red and green progress bars. It finished in a minute or so, and I can't find any log.

 

Before I did this, I went through my programs files to make sure I don't have a security program. I know I should have one. I was asking about recommendations for a security program in my post a couple of weeks ago - but he didn't give have any suggestions.

 

I also ran combo fix a couple of weeks ago, and it ran like it was supposed to.

 

I'm probably missing something simple here - you're working with an analog person.

Link to post
Share on other sites

ComboFix 13-09-04.04 - Free Bird 09/04/2013  22:05:15.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.1972 [GMT -5:00]
Running from: c:\users\Free Bird\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-05 to 2013-09-05  )))))))))))))))))))))))))))))))
.
.
2013-09-05 03:16 . 2013-09-05 03:16    --------    d-----w-    c:\users\TEMP\AppData\Local\temp
2013-09-05 03:16 . 2013-09-05 03:16    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-09-04 17:43 . 2013-09-04 17:43    --------    d-----w-    c:\program files\Paint.NET
2013-09-04 17:43 . 2013-09-04 17:56    --------    d-----w-    c:\users\Free Bird\AppData\Local\Paint.NET
2013-09-04 17:42 . 2013-09-04 17:50    --------    d-----w-    c:\program files (x86)\MyPC Backup
2013-09-04 17:42 . 2013-09-04 17:43    --------    d-----w-    c:\users\Free Bird\AppData\Roaming\SmartPCFix
2013-08-22 18:44 . 2013-08-22 18:44    --------    d-----w-    c:\programdata\Kaspersky Lab
2013-08-20 20:20 . 2013-08-20 20:20    17737608    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-08-20 15:23 . 2013-08-20 15:23    --------    d-----w-    c:\windows\ERUNT
2013-08-20 15:06 . 2013-08-20 15:06    --------    d-----w-    c:\users\Free Bird\AppData\Local\AVG SafeGuard toolbar
2013-08-20 15:06 . 2013-08-20 15:05    45856    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-08-20 15:06 . 2013-08-20 15:06    --------    d-----w-    c:\programdata\AVG SafeGuard toolbar
2013-08-20 15:06 . 2013-08-20 15:06    --------    d-----w-    c:\program files (x86)\AVG SafeGuard toolbar
2013-08-20 15:05 . 2013-08-20 15:05    --------    d--h--w-    c:\programdata\Common Files
2013-08-15 16:14 . 2013-07-19 01:41    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-08-15 16:14 . 2013-07-19 01:58    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-08-14 22:20 . 2013-08-14 22:20    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-08-14 01:58 . 2013-07-09 05:52    224256    ----a-w-    c:\windows\system32\wintrust.dll
2013-08-14 01:58 . 2013-07-09 05:46    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-08-14 01:58 . 2013-07-09 05:46    1472512    ----a-w-    c:\windows\system32\crypt32.dll
2013-08-14 01:58 . 2013-07-09 05:46    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-08-14 01:58 . 2013-07-09 04:52    175104    ----a-w-    c:\windows\SysWow64\wintrust.dll
2013-08-14 01:58 . 2013-07-09 04:46    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-08-14 01:58 . 2013-07-09 04:46    1166848    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-08-14 01:58 . 2013-07-09 04:46    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-08-08 05:46 . 2013-08-17 15:53    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-08-08 05:46 . 2013-08-17 15:52    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-08-08 05:46 . 2013-08-17 15:42    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-22 12:52 . 2013-07-25 02:28    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-08-22 12:51 . 2013-07-25 02:27    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-08-22 12:41 . 2013-07-25 02:27    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-08-20 20:20 . 2012-11-17 15:17    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-20 20:20 . 2012-11-17 15:17    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-05 15:45 . 2013-08-05 15:45    98304    ----a-w-    c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
2013-08-05 15:45 . 2013-08-05 15:45    24576    ----a-w-    c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
2013-08-05 15:45 . 2013-08-05 15:45    1347584    ----a-w-    c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
2013-07-25 02:27 . 2013-07-25 02:27    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-07-09 04:45 . 2013-08-14 01:57    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-07-06 16:13 . 2013-07-06 16:13    94208    ----a-w-    c:\windows\system32\drivers\lgvzandnetndis64.sys
2013-06-25 08:04 . 2013-06-25 08:04    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-06-25 08:04 . 2013-06-25 08:04    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-06-25 08:04 . 2013-06-25 08:04    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-06-25 08:04 . 2013-06-25 08:04    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-06-25 08:04 . 2013-06-25 08:04    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-06-25 08:04 . 2013-06-25 08:04    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-06-25 08:04 . 2013-06-25 08:04    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-25 08:04 . 2013-06-25 08:04    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-06-25 08:04 . 2013-06-25 08:04    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-06-25 08:04 . 2013-06-25 08:04    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-06-25 08:04 . 2013-06-25 08:04    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-06-25 08:04 . 2013-06-25 08:04    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-06-25 08:04 . 2013-06-25 08:04    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-06-25 08:04 . 2013-06-25 08:04    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-06-25 08:04 . 2013-06-25 08:04    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-06-25 08:04 . 2013-06-25 08:04    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-06-25 08:04 . 2013-06-25 08:04    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-06-25 08:04 . 2013-06-25 08:04    441856    ----a-w-    c:\windows\system32\html.iec
2013-06-25 08:04 . 2013-06-25 08:04    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-06-25 08:04 . 2013-06-25 08:04    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-06-25 08:04 . 2013-06-25 08:04    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-06-25 08:04 . 2013-06-25 08:04    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-06-25 08:04 . 2013-06-25 08:04    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-06-25 08:04 . 2013-06-25 08:04    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-06-25 08:04 . 2013-06-25 08:04    235008    ----a-w-    c:\windows\system32\url.dll
2013-06-25 08:04 . 2013-06-25 08:04    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-06-25 08:04 . 2013-06-25 08:04    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-06-25 08:04 . 2013-06-25 08:04    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-06-25 08:04 . 2013-06-25 08:04    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-06-25 08:04 . 2013-06-25 08:04    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-06-25 08:04 . 2013-06-25 08:04    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-06-25 08:04 . 2013-06-25 08:04    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-06-25 08:04 . 2013-06-25 08:04    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-06-25 08:04 . 2013-06-25 08:04    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-06-25 08:04 . 2013-06-25 08:04    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-06-25 08:04 . 2013-06-25 08:04    149504    ----a-w-    c:\windows\system32\occache.dll
2013-06-25 08:04 . 2013-06-25 08:04    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-06-25 08:04 . 2013-06-25 08:04    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-06-25 08:04 . 2013-06-25 08:04    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-06-25 08:04 . 2013-06-25 08:04    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-06-25 08:04 . 2013-06-25 08:04    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-06-25 08:04 . 2013-06-25 08:04    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-06-25 08:04 . 2013-06-25 08:04    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-06-25 08:04 . 2013-06-25 08:04    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-06-25 08:04 . 2013-06-25 08:04    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-06-25 08:04 . 2013-06-25 08:04    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-06-25 08:04 . 2013-06-25 08:04    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-06-25 08:04 . 2013-06-25 08:04    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-25 08:04 . 2013-06-25 08:04    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-06-25 08:03 . 2013-06-25 08:03    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    648192    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-06-25 08:03 . 2013-06-25 08:03    604160    ----a-w-    c:\windows\SysWow64\d3d10level9.dll
2013-06-25 08:03 . 2013-06-25 08:03    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    522752    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2013-06-25 08:03 . 2013-06-25 08:03    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-06-25 08:03 . 2013-06-25 08:03    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-06-25 08:03 . 2013-06-25 08:03    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2013-06-25 08:03 . 2013-06-25 08:03    364544    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-25 08:03 . 2013-06-25 08:03    363008    ----a-w-    c:\windows\system32\dxgi.dll
2013-06-25 08:03 . 2013-06-25 08:03    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2013-06-25 08:03 . 2013-06-25 08:03    333312    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-06-25 08:03 . 2013-06-25 08:03    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    296960    ----a-w-    c:\windows\system32\d3d10core.dll
2013-06-25 08:03 . 2013-06-25 08:03    293376    ----a-w-    c:\windows\SysWow64\dxgi.dll
2013-06-25 08:03 . 2013-06-25 08:03    2776576    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2013-06-25 08:03 . 2013-06-25 08:03    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-06-25 08:03 . 2013-06-25 08:03    2560    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    249856    ----a-w-    c:\windows\SysWow64\d3d10_1core.dll
2013-06-25 08:03 . 2013-06-25 08:03    245248    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2013-06-25 08:03 . 2013-06-25 08:03    2284544    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2013-06-25 08:03 . 2013-06-25 08:03    221184    ----a-w-    c:\windows\system32\UIAnimation.dll
2013-06-25 08:03 . 2013-06-25 08:03    220160    ----a-w-    c:\windows\SysWow64\d3d10core.dll
2013-06-25 08:03 . 2013-06-25 08:03    207872    ----a-w-    c:\windows\SysWow64\WindowsCodecsExt.dll
2013-06-25 08:03 . 2013-06-25 08:03    1988096    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2013-06-25 08:03 . 2013-06-25 08:03    194560    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-06-25 08:03 . 2013-06-25 08:03    187392    ----a-w-    c:\windows\SysWow64\UIAnimation.dll
2013-06-25 08:03 . 2013-06-25 08:03    1682432    ----a-w-    c:\windows\system32\XpsPrint.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Free Bird\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-07-06 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"DellComms"="c:\program files (x86)\Dell\DellComms\bin\sprtcmd.exe" [2009-05-05 206064]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-05-12 623888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-03-01 295072]
.
c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AllChars.lnk - c:\program files (x86)\AllChars\AllChars.exe [2007-7-25 626688]
Desktop Manager.lnk - c:\program files (x86)\Research In Motion\BlackBerry\DesktopMgr.exe [2009-5-12 1701136]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\DRIVERS\lgvzandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetdiag64.sys [x]
R3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\DRIVERS\lgvzandnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetmdm64.sys [x]
R3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgvzandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetndis64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe;c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-02 20:44    1177552    ----a-w-    c:\program files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-17 20:20]
.
2013-09-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2374328083-628559870-3858990220-1000Core.job
- c:\users\Free Bird\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-06 13:40]
.
2013-09-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2374328083-628559870-3858990220-1000UA.job
- c:\users\Free Bird\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-06 13:40]
.
2013-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 01:53]
.
2013-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 01:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-09-16 357376]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-09 8158240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-04 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-04 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-04 408600]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Save the YouTube video as MP3 - c:\users\Free Bird\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Free Bird\AppData\Roaming\Mozilla\Firefox\Profiles\eciapt2f.default\
FF - prefs.js: keyword.URL -
FF - ExtSQL: 2013-08-05 09:48; jid1-RgQXqotzndApjg@jetpack; c:\users\Free Bird\AppData\Roaming\Mozilla\Firefox\Profiles\eciapt2f.default\extensions\jid1-RgQXqotzndApjg@jetpack
FF - ExtSQL: !HIDDEN! 2010-05-19 16:30; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-{D551E02B-7161-C34D-6485-6FB979997236} - c:\progra~3\INSTAL~2\{4FE0A~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\f*]
@=multi:"?\02??????http://www.microsoft.com/\00???\00H\00??\01\00\00????????\06\04?\05\00\04\00\01\00???\00??:RTM.1.1;:#RTM.1.1\00??\0c??NDP40-KB2518870.msp\00?\00???\00z\00??\01\00\00???? ????\00\00?\01\01\00\00\00????\00\00??????\18 \00\00\00\00\00\00?\00\17\00???????????n??? ????\00\00??\00\00\00\00????\02\00??????\00 \00\00\0a\00N\00?\00\0c\00???????????\01???????\02N\00??\01\00\01??g????{00BB5F5C-4A20-4FD6-8900-4699F989BF01}\00G?????????\05\04?\00\00\04\00\01????????????\08???\008\00??\01\00\00????\01???????\00P\00??\01\00\00????????\01???\01???????????\0f\01?\01\00\03\00\01????????1??????????????????????4.0.30319\00???????????\0d&\00??\01\00\01\00???????????\0e\14\00??\01\00\01U???????t???????\09\04?\00\00\04\00\01\00???????L???????\06\04?\05\00\04\00\01????????\04\10\00??\03\00\01????`???\06\04?\05\00\04\00\01???????? ????\00\00??\00\00\00\00????\01\00???G??\00 \00\00\06\00\04\00??\05\00??????n;1;d:\\4f330366dd525ac60a532998ee8840e1\\\00\00??? ????\00\00??\00\00\00\00????\01\00??????\00 \00\00\18\00@\00\00\00 \00???????????????????\0c@\00??\01\00\01\00??????????????? ???a\00\00?Iz\00\00\00????\00\00??????\10\00\00\00\00\00\00\00\00\00\02\00?\00\00\00???\01?????????\00\00\00\00\00\00\00\00\00\00\00??? ???a\00\00??\01\00\00\00?i??\02\00?g?G??\0a \00\00\1c\00:\00\02\00\0a\00???????????\01???????????\00?\00??\01\00\00?\08\00?????\01???????\06\04?\05\00\04\00\01?????x?? ???a\00\00?I\01\00\00\00?U??\03\00???H??\02\00\00\00\18\00\04\00?gW\00???????????????????????????????????????????????\08\04?\01\00\04\00\01????????\0c\04?\01\00\04\00\01????????????????????\0bx\00??\01\00\01C?????eA\00??? ????\00\00??\00\00\00\00????\08\00??????\00 \00\00\1a\004\00?? \00???????????????????\00.\00??\01\00\00?\08\00?????\06\04?\05\00\04\00\01????`x?? ???a\00\00?I\01\00\00\00????\01\00???H??\02\00\00\00\0c\00\04\00??U\00??????????????????????????????????????????? ??? ???a\00\00??\01\00\00\00????\00\00??????\0e\00\00\00\00\00\00\00??\07\00???????\04\04?\03\00\04\00\017???????\0a\04?\00\00\04\00\01??????\00?\08???\00H\00??\01\00\00????\06\04?\05\00\04\00\01????????????????????\00P\00??\01\00\00???\07\00?????????\00?\00????????????????????????????????????????????? ?????????? ? ? ? ???????????????? ???????????????? ?????????? ???\00\00\01\00\01\00\01\00\02\00?????????\00?\00????????? ?????????? ? ? ? ???????????????? ???????????????????????????? ??\00\00\00\00\00\00?????????\00?\00??????????? ?????????? ? ? ? ???????????????? ???????????????????????????? ??\00\00\02\00\01\00\04\00\02\00\03\00\06\00?????????\00?\00????????????????????? ?????????? ? ? ? ???????????????? ???????????????? ?????????? ???\00\00\02\00\01\00\04\00\02\00\02\00\05\00?????????\00?\00??????? ?????????? ? ? ? ???????????????? ???????????????????????????? ??\00\00\01\00\01\00\02\00\03\00\02\00?????????\00?\00???????????????? ?????????? ? ? ? ???????????????? ???????????????? ?????????? ???\00\00\02\00\01\00\04\00\01\00\02\00?????????\00?\00??????????????????? ?????????? ? ? ? ???????????????? ???????????????????????????? ??\00\00\03\00\01\00\02\00\04\00\00\00????? ???A\00\00??\00\00\00\00????\0a\00???G??\00 \00\00 \00N\00cr \00???????????????????\09N\00??\01\00\01 ????Dle\00??{C8B8456C-6A12-3725-95A8-1C9FBE1E3141}\00??U???????????????\01?????????'????? ???a\00\00??\01\00\00\00????\02\00?I?G??\0a \00\00\1c\00R\00??\0a\00??????Sy??v2.0.50727\00??????\06\04?\05\00\04\00\01H???H???O?e????6.1\00\00\00??20110616\00???? ????\00\00??\01\00\00\00????\00\00??????\10\00\00\00\00\00\00\00\00\00\08\00??????? W??a\00\00??\01\00\00\00????\00\00??????\06\00\00\00\00\00\00\00\00\00\08\00???????\01???????\00?\00??\01\00\00???????????c:\\Windows\\Installer\\aad5a3.msp\00\01e??? ê\00??\01\00\01???????????????????Microsoft Corporation\00???\08\04?\00\00\04\00\017???????'?'?????\01???????O?e?????\09,\00??\01\00\01????????????\00j\00??\01\00\00???????????? ???a\00\00??\02\00\00\00????\00\00??????\06\00\00\00\00\00\00\00??\07\00???????\0eR\00??\02\00\01\00???????????\"??????? ???a\00\00??\02\00\00\00????\00\00??????\04\00\00\00\00\00\00\00\00\00\08\00??????? ????\00\00??\01\00\00\00????\00\00???G??\14 \00\00\00\00\00\00?? \00???????????????????\01???????? \00\00\00\00\00\00\00\00\00\00\00??? ????\00\00?\01\02\00\00\00????\00\00??????\10 \00\00\00\00\00\00 ?\03\00?? ???? ????\00\00??\00\00\00\00????\02\00??????\00 \00\00\0a\00N\00??\07\00??????{EACA24FF-236C-401D-A1E7-B3D5267B8A50}\00ati???\05\04?\03\00\04\00\01s??x=??????0,???\08?\00??\03\00\01u??????\15\00\00\00???\00\00\00\00\00???\00????????????????????\05\00??\0c\00??a\00\00?\13\00??\00\00??8\00??\00\00??\00\00??\07\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00?\00\00\00???\00\00\00\00\00???\00????\00\00??\00\00\00\00\00\00\00\00a\00\00? \00\00\00¨\00\00\00<QueryList><Query Id=\"0\" Path=\"Application\"><Select Path=\"Application\">*[system[Provider[@Name=Microsoft-Windows-CEIP] and EventID=1007]]</Select></Query></QueryList>\00???\00\00\00\00\00\00\00\00\00\00\00\00?\00\00\00???\00????\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00?\00\00\00??\00\00\00\00\00\00A\00\01\00?\00\00\00?????\01????X?(zx%1vfio6%~Kdl!r37Uj[]_*hKLm4KMgS$%Bi0uM7&8F&'US5+MgonWiCS[p,l'jnphH8z0NI,~n019\02Servicing_Key\00\00?\00??42\00ˆ?????\01??????????????? &\00??\01\00\01b???????????????????\0b(\00??\01\00\01???????????? ????\00\00??\00\00\00\00????\02\00??????\00 \00\00\0a\00N\00??\08\00???????\02???????????\02N\00??\01\00\01???????{7F9C951C-D364-4B70-8D07-D2C9B7F76E35}\00??????\05\04?\00\00\04\00\01????????\03\04?;\00\01\00\01????????\0e6\00??\02\00\01????????????\03\16\00??\01\00\019????x?? ????\00\00?ý\01\00\00\00????\01\00???I??\06 \00\00\00\00\08\00?iT\00??????????????????????????????????????????\00\00???\0e\01?\01\00\03\00\01\00???????????i??????? ????\00\00?'\00\00\00\00????\00\00??????\00 \00\00\00\00\00\00??&\00??????????????????????? ????\00\00?'\00\00\00\00????\04\00??????\00 \00\00\16\00C\00??&\00??????????????????? ???\04d\00??\01\00\01???????\\Microsoft\\Windows\\Multimedia\\SystemSoundsService\00??? ????\00\00?\01\01\00\00\00????\00\00??????& \00\00\00\00\00\00??\0a\00??????????? ????\00\00??\00\00\00\00????\02\00??????\00 \00\00\0a\00N\00\00\00\13\00???????????????\01???????\02N\00??\01\00\01???????{2470470F-2634-478E-B181-571E98A789BB}\00 ?????\05\04?\02\00\04\00\01???x\00??????\0d\00???\08C\00??\03\00\01???????\15\00\00\00???\00\00\00\00\00???\00????????????????????\04\00??\10\00???\00\00? \00?\00\00\00??8\00??\00\00??\00\00??\07\00\00\00\00\00\00\00\00\00\00\00\00\00up\00\00\00\00?\00\00\00???\00\00\00\00\00???\00????\00\00??\00\00\00\00\00\00\00\00\01\00\00\00\00\00\03\00????? ???\01??????? ????\00\00?g\01\00\00\00????\00\00???G??\0e\00\00\00\00\00\00\00??\0f\00???????y???\03?g???I????????????? ???A\00\00??\1a\00\00\00????\06\00???G???\00\00\00*\00\08\00? \07\00???????\01???????\09\04???\03\00\01???????? ??? ????\00\00??\02\00\00\00?I??\00\00???G??\02\00\00\00\00\00\00\00\00\01?\00???????????????????????????????`??????????? ????\00\00??\01\00\00\00????\00\00???G??\1c\00\00\00\00\00\00\00??\01\00??????REG_SZ???\01???????\02??2\00??4\00??? ???a\00\00?\12\00\00\00\00????\01\00?\11?G??\00\00\00\00\"\00\08\00 ?\09\00??????????{3605B612-C3CF-4ab4-A426-2D853391DB2E}\00??????\12?\00 ?\03\00\01???????????????? ???a\00\00??\06\00\00\00????\00\00???G?? \00\00\00\00\00\00\00\00\00\07\00???g???\05??????????????O????????????????\0d\12\00?I\01\00\01????????????\09\04?\01\00\04\00\01????????????\0a\04?\01\00\04\00\01????????????\10\04?\01\00\04\00\01????????????\09\04?\04\00\04\00\01????????????????????????????'???\13\04?\00\00\04\00\01??????????Z?????\14\04?\03\00\04\00\01????????????????\04\10\00?I\03\00\01????????\0c\04?P\00\04\00\01????????????\0f?\00??\01\00\01\00???????U???5\04?\02\00\04\00\01????????????????????????????????????????\0b\12\00??\01\00\01??????r?????\0a\04?\00\00\04\00\01???????????????pP\08\00?????????????\09\04?0\00\01\00\01u??????????????????4.0.30319.1001\00??????\08\04?\01\00\04\00\01???????WindowsUpdateAgent\00??????5\04?\02\00\04\00\01o???????????????????????????????O???????????????????\09?\00??\03\00\01????????????\0e\16\00??\01\00\01\00???????\00??v2.0.50727\00\00\012???\01???????????????????????\02?\\???e????System,2.0.0.0,,b77a5c561934e089\00\00???\14\02?\00\00\01\00\01I???????????\0c???\0c\02?\00\00\01\00\01\00???????????\01???????\01????X?y?CweepH-4c0GgRbuNkOJdVX0WA,Q7gxikdVf+=tm~DaANrww4CP%Pn2Qc!D7z'S6oPFP4WZ0UMtgPXl\02Servicing_Key\00\00?\0a???\06\04?\08\00\04\00\01/???????\0a\04??\00\04\00\01\00?????\00?????\0b4\00??\01\00\01????????????????????????????\00???\01???????????????????7\04?\02\00\04\00\01E???????????????????????????0???\04\04?\03\00\04\00\019???????\01????\08\00?????\07\04?\01\00\04\00\01????????9\04?P\03\04\00\01-????????????????????????????0??????'?'?'??? ????\00\00??\00\00\00\00????\01\00???G??\00 \00\00@\00Ô\00\02? \00???????????????????'?'?????\01???????\01???\01???\01???\14\02?\00\00\01\00\01\00???????????\15??? ???a\00\00?I\01\00\00\00????\00\00??????\10\00\00\00\00\00\00\00??\08\00???????\0bT\00??\01\00\01\00???????????5\04?\02\00\04\00\013???????????????????????????????\08\04?\00\00\04\00\017???????\01?'????????? ????\00\00??\00\00\00\00????\01\00?U?G??\00 \00\00\06\00\04\00??\05\00??a\00??10323\00???\08?\00??\01\00\01\00????0?02:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636\\ReleaseType\00n??? Ô\00??\01\00\01.????????????????\08\00?????\01???????\01????\08\00????KB2518870\00??? ???a\00\00??\01\00\00\00????\07\00?L????$\00\00\00\1c\00B\00 ?\02\00???????\0c\04?p\00\04\00\017???????\08???\00?\00??\07\00\00???? ???a\00\00??\00\00\00\00????&\00??????\00\00\00\00(\00\02\00??\12\00???????????????\09\12\00??\01\00\01????????????\01???????\03\04?;\00\01\00\01????????\05\04?\03\00\04\00\01\00??x\00???\08I\00??\03\00\01\00??????\15\00\00\00???\00\00\00\00\00???\00????I???????????????\05\00??\0c\00??a\00\00?\13\00??\00\00??\00\00???\00\00\00???\00\00\00\00\00???\00????\00\00??\00\00\00\00\00\00\00\00\01\00\00\00\00\00\03\00?\00\00\00???\00????\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00??\01\00\01\00\00\00A\00\01\00\00\00\00\00\00\00??? ????\00\00?'\00\00\00\00????\00\00??????\00 \00\00\00\00\00\00\00\00&\00???????????????????\00??? ????\00\00?'\00\00\00\00????\04\00??????\00 \00\00\16\00?\00\00\00&\00???????????????????\00???\04>\00??\01\00\01\00??\00\00??\\Microsoft\\Windows\\RAC\\RacTask\00\00\00\00???\02N\00??\01\00\01\00?\00\00\00\08\00\00\00?????\00\00\00\00\00\00\00\00\00\00\00??? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\0e\00???????\00??? ????\00\00??\00\00\00\00????\01\00???G??\00\00\00\00\1c\00I\00\00\00\01\001\00\00\00???\01??1\00???\0eI\00??\01\00\01\00???????\00??c:\\Windows\\assembly\\GAC_64\\Policy.1.0.Microsoft.Interop.Security.AzRoles\\6.1.7600.16385__31bf3856ad364e35\\Microsoft.Interop.Security.AzRoles.config\00\00\00??????? ????\00\00??\02\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00?\00???????????????????????????????5??? ????\00\00??\01\00\00\00????\00\00???G??\1c\00\00\00\00\00\00\00\00\00\01\004\00\00\00???\01??????? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\0e\00???????\00???\01??????? ????\00\00??\00\00\00\00????\01\00???G??\00\00\00\00\1c\00l\00\00\00\01\002\00\00\00???\01??2\00???\0el\00??\01\00\01\00???????\00??c:\\Windows\\assembly\\GAC_64\\Policy.1.2.Microsoft.Interop.Security.AzRoles\\6.1.7600.16385__31bf3856ad364e35\\Policy.1.2.Microsoft.Interop.Security.AzRoles.config\00\00\00\00??????? ????\00\00??\02\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00*\00?????????????????????\00\00\00???\01|??????\01??7\00??????? ????\00\00??\01\00\00\00????\00\00???G??\0e\00\00\00\00\00\00\00\00\00\01\004\00\00\00???\01??????? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\07\00???0???\01??????? ????\00\00??\00\00\00\00????\01\00???G??\00\00\00\00\1c\00Ü\00\00\00\01\003\00\00\00???\01??3\00???\0eÜ\00??\01\00\01\00???????\00@?c:\\Windows\\assembly\\GAC_64\\Policy.6.0.Microsoft.Ink\\6.1.0.0__31bf3856ad364e35\\Policy.6.0.Microsoft.Ink.config\00??????? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00*\00?????????????????????\00\00\00??? ????\00\00??\01\00\00\00????\00\00???G??\0e\00\00\00\00\00\00\00\00\00\01\002\00\00\00???\01??2\00??? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\07\00???0???\01??????? ????\00\00??\00\00\00\00????\01\00???G??\00\00\00\00\1c\00Ü\00\00\00\01\004\00\00\00???\01??4\00???\0eÜ\00??\01\00\01\00???????\00@?c:\\Windows\\assembly\\GAC_32\\Policy.1.0.Microsoft.Ink\\6.1.0.0__31bf3856ad364e35\\Policy.1.0.Microsoft.Ink.config\00??????? ????\00\00??\01\00\00\00????\00\00???G??\1c\00\00\00\00\00\00\00\00\00\01\002\00\00\00??? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\0e\00???????\00???\01??????? ????\00\00??\00\00\00\00????\01\00???G??\00\00\00\00\1c\00I\00\00\00\01\005\00\00\00???\01??5\00???\0eI\00??\01\00\01\00???????\00??c:\\Windows\\assembly\\GAC_32\\Policy.1.0.Microsoft.Interop.Security.AzRoles\\6.1.7600.16385__31bf3856ad364e35\\Microsoft.Interop.Security.AzRoles.config\00\00\00??????? ????\00\00??\01\00\00\00????\00\00???G??\1c\00\00\00\00\00\00\00\00\00\01\002\00\00\00??? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\0e\00???????\00??? ????\00\00??\00\00\00\00????\01\00@??G??\00\00\00\00\1c\00l\00\00\00\01\006\00\00\00???\01??6\00???\0el\00 ?\01\00\01\00???????\00??????? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00*\00?????????????????????\00\00\00???\0eC\00??\01\00\01????????????????????????\01U?2\00??????\00??\00\00\00\00\00\00\00\00\00\00\00??c:\\Windows\\assembly\\GAC_32\\Policy.1.2.Microsoft.Interop.Security.AzRoles\\6.1.7600.16385__31bf3856ad364e35\\Policy.1.2.Microsoft.Interop.Security.AzRoles.config\00\00\00\00??? ????\00\00H?\01\00\00\00????\00\00???G??\0e\00\00\00\00\00\00\00\00\00\01\002\00\00\00??? ????\00\00U?\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\07\00???0??? ????\00\00|?\00\00\00\00????\01\00???G??\00\00\00\00\1c\00Ü\00\00\00\01\007\00\00\00???\0eÜ\00??\01\00\01\00???????\00@?c:\\Windows\\assembly\\GAC_32\\Policy.1.7.Microsof"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-04  22:54:08
ComboFix-quarantined-files.txt  2013-09-05 03:53
.
Pre-Run: 4,008,722,432 bytes free
Post-Run: 4,057,612,288 bytes free
.
- - End Of File - - 84D548013F1AF52E98AAB45EB2C32495
A36C5E4F47E84449FF07ED3517B43A31
 

Link to post
Share on other sites

After running combo fix this time, my computer is trying to restart. One of my problems lately is that my computer often can't restart because it's always "Installing Update 1 of 1". Does the malware do that to keep my computer on, so that it can download more files? Sometimes I'll run ARO and I won't have this problem for a day or so. It always comes back.

 

Anyhow, its installing an update. Should I manually turn it off? That's what I've been doing, just turning it off.

Link to post
Share on other sites

ComboFix 13-09-04.04 - Free Bird 09/05/2013   6:59.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.2185 [GMT -5:00]
Running from: c:\users\Free Bird\Downloads\ComboFix.exe
Command switches used :: c:\users\Free Bird\Downloads\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2374328083-628559870-3858990220-1000Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2374328083-628559870-3858990220-1000UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vToolbarUpdater15.4.0
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-05 to 2013-09-05  )))))))))))))))))))))))))))))))
.
.
2013-09-05 12:08 . 2013-09-05 12:08    --------    d-----w-    c:\users\TEMP\AppData\Local\temp
2013-09-05 12:08 . 2013-09-05 12:08    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-09-04 17:43 . 2013-09-04 17:43    --------    d-----w-    c:\program files\Paint.NET
2013-09-04 17:43 . 2013-09-04 17:56    --------    d-----w-    c:\users\Free Bird\AppData\Local\Paint.NET
2013-09-04 17:42 . 2013-09-04 17:50    --------    d-----w-    c:\program files (x86)\MyPC Backup
2013-09-04 17:42 . 2013-09-04 17:43    --------    d-----w-    c:\users\Free Bird\AppData\Roaming\SmartPCFix
2013-08-22 18:44 . 2013-08-22 18:44    --------    d-----w-    c:\programdata\Kaspersky Lab
2013-08-20 20:20 . 2013-08-20 20:20    17737608    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-08-20 15:23 . 2013-08-20 15:23    --------    d-----w-    c:\windows\ERUNT
2013-08-20 15:06 . 2013-08-20 15:06    --------    d-----w-    c:\users\Free Bird\AppData\Local\AVG SafeGuard toolbar
2013-08-20 15:06 . 2013-08-20 15:05    45856    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-08-20 15:06 . 2013-08-20 15:06    --------    d-----w-    c:\programdata\AVG SafeGuard toolbar
2013-08-20 15:06 . 2013-08-20 15:06    --------    d-----w-    c:\program files (x86)\AVG SafeGuard toolbar
2013-08-20 15:05 . 2013-08-20 15:05    --------    d--h--w-    c:\programdata\Common Files
2013-08-15 16:14 . 2013-07-19 01:41    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-08-15 16:14 . 2013-07-19 01:58    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-08-14 22:20 . 2013-08-14 22:20    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-08-14 01:58 . 2013-07-09 05:52    224256    ----a-w-    c:\windows\system32\wintrust.dll
2013-08-14 01:58 . 2013-07-09 05:46    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-08-14 01:58 . 2013-07-09 05:46    1472512    ----a-w-    c:\windows\system32\crypt32.dll
2013-08-14 01:58 . 2013-07-09 05:46    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-08-14 01:58 . 2013-07-09 04:52    175104    ----a-w-    c:\windows\SysWow64\wintrust.dll
2013-08-14 01:58 . 2013-07-09 04:46    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-08-14 01:58 . 2013-07-09 04:46    1166848    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-08-14 01:58 . 2013-07-09 04:46    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-08-08 05:46 . 2013-09-05 04:29    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-08-08 05:46 . 2013-09-05 04:28    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-08-08 05:46 . 2013-09-05 04:28    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-22 12:52 . 2013-07-25 02:28    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-08-22 12:51 . 2013-07-25 02:27    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-08-22 12:41 . 2013-07-25 02:27    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-08-20 20:20 . 2012-11-17 15:17    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-20 20:20 . 2012-11-17 15:17    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-05 15:45 . 2013-08-05 15:45    98304    ----a-w-    c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
2013-08-05 15:45 . 2013-08-05 15:45    24576    ----a-w-    c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
2013-08-05 15:45 . 2013-08-05 15:45    1347584    ----a-w-    c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
2013-07-25 02:27 . 2013-07-25 02:27    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-07-09 04:45 . 2013-08-14 01:57    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-07-06 16:13 . 2013-07-06 16:13    94208    ----a-w-    c:\windows\system32\drivers\lgvzandnetndis64.sys
2013-06-25 08:04 . 2013-06-25 08:04    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-06-25 08:04 . 2013-06-25 08:04    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-06-25 08:04 . 2013-06-25 08:04    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-06-25 08:04 . 2013-06-25 08:04    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-06-25 08:04 . 2013-06-25 08:04    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-06-25 08:04 . 2013-06-25 08:04    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-06-25 08:04 . 2013-06-25 08:04    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-25 08:04 . 2013-06-25 08:04    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-06-25 08:04 . 2013-06-25 08:04    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-06-25 08:04 . 2013-06-25 08:04    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-06-25 08:04 . 2013-06-25 08:04    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-06-25 08:04 . 2013-06-25 08:04    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-06-25 08:04 . 2013-06-25 08:04    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-06-25 08:04 . 2013-06-25 08:04    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-06-25 08:04 . 2013-06-25 08:04    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-06-25 08:04 . 2013-06-25 08:04    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-06-25 08:04 . 2013-06-25 08:04    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-06-25 08:04 . 2013-06-25 08:04    441856    ----a-w-    c:\windows\system32\html.iec
2013-06-25 08:04 . 2013-06-25 08:04    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-06-25 08:04 . 2013-06-25 08:04    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-06-25 08:04 . 2013-06-25 08:04    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-06-25 08:04 . 2013-06-25 08:04    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-06-25 08:04 . 2013-06-25 08:04    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-06-25 08:04 . 2013-06-25 08:04    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-06-25 08:04 . 2013-06-25 08:04    235008    ----a-w-    c:\windows\system32\url.dll
2013-06-25 08:04 . 2013-06-25 08:04    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-06-25 08:04 . 2013-06-25 08:04    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-06-25 08:04 . 2013-06-25 08:04    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-06-25 08:04 . 2013-06-25 08:04    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-06-25 08:04 . 2013-06-25 08:04    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-06-25 08:04 . 2013-06-25 08:04    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-06-25 08:04 . 2013-06-25 08:04    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-06-25 08:04 . 2013-06-25 08:04    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-06-25 08:04 . 2013-06-25 08:04    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-06-25 08:04 . 2013-06-25 08:04    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-06-25 08:04 . 2013-06-25 08:04    149504    ----a-w-    c:\windows\system32\occache.dll
2013-06-25 08:04 . 2013-06-25 08:04    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-06-25 08:04 . 2013-06-25 08:04    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-06-25 08:04 . 2013-06-25 08:04    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-06-25 08:04 . 2013-06-25 08:04    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-06-25 08:04 . 2013-06-25 08:04    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-06-25 08:04 . 2013-06-25 08:04    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-06-25 08:04 . 2013-06-25 08:04    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-06-25 08:04 . 2013-06-25 08:04    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-06-25 08:04 . 2013-06-25 08:04    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-06-25 08:04 . 2013-06-25 08:04    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-06-25 08:04 . 2013-06-25 08:04    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-06-25 08:04 . 2013-06-25 08:04    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-25 08:04 . 2013-06-25 08:04    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-06-25 08:03 . 2013-06-25 08:03    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    648192    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-06-25 08:03 . 2013-06-25 08:03    604160    ----a-w-    c:\windows\SysWow64\d3d10level9.dll
2013-06-25 08:03 . 2013-06-25 08:03    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    522752    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2013-06-25 08:03 . 2013-06-25 08:03    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-06-25 08:03 . 2013-06-25 08:03    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-06-25 08:03 . 2013-06-25 08:03    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2013-06-25 08:03 . 2013-06-25 08:03    364544    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-25 08:03 . 2013-06-25 08:03    363008    ----a-w-    c:\windows\system32\dxgi.dll
2013-06-25 08:03 . 2013-06-25 08:03    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2013-06-25 08:03 . 2013-06-25 08:03    333312    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-06-25 08:03 . 2013-06-25 08:03    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    296960    ----a-w-    c:\windows\system32\d3d10core.dll
2013-06-25 08:03 . 2013-06-25 08:03    293376    ----a-w-    c:\windows\SysWow64\dxgi.dll
2013-06-25 08:03 . 2013-06-25 08:03    2776576    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2013-06-25 08:03 . 2013-06-25 08:03    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-06-25 08:03 . 2013-06-25 08:03    2560    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    249856    ----a-w-    c:\windows\SysWow64\d3d10_1core.dll
2013-06-25 08:03 . 2013-06-25 08:03    245248    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2013-06-25 08:03 . 2013-06-25 08:03    2284544    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2013-06-25 08:03 . 2013-06-25 08:03    221184    ----a-w-    c:\windows\system32\UIAnimation.dll
2013-06-25 08:03 . 2013-06-25 08:03    220160    ----a-w-    c:\windows\SysWow64\d3d10core.dll
2013-06-25 08:03 . 2013-06-25 08:03    207872    ----a-w-    c:\windows\SysWow64\WindowsCodecsExt.dll
2013-06-25 08:03 . 2013-06-25 08:03    1988096    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2013-06-25 08:03 . 2013-06-25 08:03    194560    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-06-25 08:03 . 2013-06-25 08:03    187392    ----a-w-    c:\windows\SysWow64\UIAnimation.dll
2013-06-25 08:03 . 2013-06-25 08:03    1682432    ----a-w-    c:\windows\system32\XpsPrint.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"DellComms"="c:\program files (x86)\Dell\DellComms\bin\sprtcmd.exe" [2009-05-05 206064]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-05-12 623888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-03-01 295072]
.
c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AllChars.lnk - c:\program files (x86)\AllChars\AllChars.exe [2007-7-25 626688]
Desktop Manager.lnk - c:\program files (x86)\Research In Motion\BlackBerry\DesktopMgr.exe [2009-5-12 1701136]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\DRIVERS\lgvzandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetdiag64.sys [x]
R3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\DRIVERS\lgvzandnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetmdm64.sys [x]
R3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgvzandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetndis64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe;c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-02 20:44    1177552    ----a-w-    c:\program files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-17 20:20]
.
2013-09-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2374328083-628559870-3858990220-1000Core.job
- c:\users\Free Bird\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-06 13:40]
.
2013-09-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2374328083-628559870-3858990220-1000UA.job
- c:\users\Free Bird\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-06 13:40]
.
2013-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 01:53]
.
2013-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 01:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-09-16 357376]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-09 8158240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-04 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-04 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-04 408600]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Save the YouTube video as MP3 - c:\users\Free Bird\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Free Bird\AppData\Roaming\Mozilla\Firefox\Profiles\eciapt2f.default\
FF - prefs.js: keyword.URL -
FF - ExtSQL: 2013-08-05 09:48; jid1-RgQXqotzndApjg@jetpack; c:\users\Free Bird\AppData\Roaming\Mozilla\Firefox\Profiles\eciapt2f.default\extensions\jid1-RgQXqotzndApjg@jetpack
FF - ExtSQL: !HIDDEN! 2010-05-19 16:30; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-{D551E02B-7161-C34D-6485-6FB979997236} - c:\progra~3\INSTAL~2\{4FE0A~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\f*]
@=multi:"?\02??????http://www.microsoft.com/\00???\00H\00??\01\00\00????????\06\04?\05\00\04\00\01\00???\00??:RTM.1.1;:#RTM.1.1\00??\0c??NDP40-KB2518870.msp\00?\00???\00z\00??\01\00\00???? ????\00\00?\01\01\00\00\00????\00\00??????\18 \00\00\00\00\00\00?\00\17\00???????????n??? ????\00\00??\00\00\00\00????\02\00??????\00 \00\00\0a\00N\00?\00\0c\00???????????\01???????\02N\00??\01\00\01??g????{00BB5F5C-4A20-4FD6-8900-4699F989BF01}\00G?????????\05\04?\00\00\04\00\01????????????\08???\008\00??\01\00\00????\01???????\00P\00??\01\00\00????????\01???\01???????????\0f\01?\01\00\03\00\01????????1??????????????????????4.0.30319\00???????????\0d&\00??\01\00\01\00???????????\0e\14\00??\01\00\01U???????t???????\09\04?\00\00\04\00\01\00???????L???????\06\04?\05\00\04\00\01????????\04\10\00??\03\00\01????`???\06\04?\05\00\04\00\01???????? ????\00\00??\00\00\00\00????\01\00???G??\00 \00\00\06\00\04\00??\05\00??????n;1;d:\\4f330366dd525ac60a532998ee8840e1\\\00\00??? ????\00\00??\00\00\00\00????\01\00??????\00 \00\00\18\00@\00\00\00 \00???????????????????\0c@\00??\01\00\01\00??????????????? ???a\00\00?Iz\00\00\00????\00\00??????\10\00\00\00\00\00\00\00\00\00\02\00?\00\00\00???\01?????????\00\00\00\00\00\00\00\00\00\00\00??? ???a\00\00??\01\00\00\00?i??\02\00?g?G??\0a \00\00\1c\00:\00\02\00\0a\00???????????\01???????????\00?\00??\01\00\00?\08\00?????\01???????\06\04?\05\00\04\00\01?????x?? ???a\00\00?I\01\00\00\00?U??\03\00???H??\02\00\00\00\18\00\04\00?gW\00???????????????????????????????????????????????\08\04?\01\00\04\00\01????????\0c\04?\01\00\04\00\01????????????????????\0bx\00??\01\00\01C?????eA\00??? ????\00\00??\00\00\00\00????\08\00??????\00 \00\00\1a\004\00?? \00???????????????????\00.\00??\01\00\00?\08\00?????\06\04?\05\00\04\00\01????`x?? ???a\00\00?I\01\00\00\00????\01\00???H??\02\00\00\00\0c\00\04\00??U\00??????????????????????????????????????????? ??? ???a\00\00??\01\00\00\00????\00\00??????\0e\00\00\00\00\00\00\00??\07\00???????\04\04?\03\00\04\00\017???????\0a\04?\00\00\04\00\01??????\00?\08???\00H\00??\01\00\00????\06\04?\05\00\04\00\01????????????????????\00P\00??\01\00\00???\07\00?????????\00?\00????????????????????????????????????????????? ?????????? ? ? ? ???????????????? ???????????????? ?????????? ???\00\00\01\00\01\00\01\00\02\00?????????\00?\00????????? ?????????? ? ? ? ???????????????? ???????????????????????????? ??\00\00\00\00\00\00?????????\00?\00??????????? ?????????? ? ? ? ???????????????? ???????????????????????????? ??\00\00\02\00\01\00\04\00\02\00\03\00\06\00?????????\00?\00????????????????????? ?????????? ? ? ? ???????????????? ???????????????? ?????????? ???\00\00\02\00\01\00\04\00\02\00\02\00\05\00?????????\00?\00??????? ?????????? ? ? ? ???????????????? ???????????????????????????? ??\00\00\01\00\01\00\02\00\03\00\02\00?????????\00?\00???????????????? ?????????? ? ? ? ???????????????? ???????????????? ?????????? ???\00\00\02\00\01\00\04\00\01\00\02\00?????????\00?\00??????????????????? ?????????? ? ? ? ???????????????? ???????????????????????????? ??\00\00\03\00\01\00\02\00\04\00\00\00????? ???A\00\00??\00\00\00\00????\0a\00???G??\00 \00\00 \00N\00cr \00???????????????????\09N\00??\01\00\01 ????Dle\00??{C8B8456C-6A12-3725-95A8-1C9FBE1E3141}\00??U???????????????\01?????????'????? ???a\00\00??\01\00\00\00????\02\00?I?G??\0a \00\00\1c\00R\00??\0a\00??????Sy??v2.0.50727\00??????\06\04?\05\00\04\00\01H???H???O?e????6.1\00\00\00??20110616\00???? ????\00\00??\01\00\00\00????\00\00??????\10\00\00\00\00\00\00\00\00\00\08\00??????? W??a\00\00??\01\00\00\00????\00\00??????\06\00\00\00\00\00\00\00\00\00\08\00???????\01???????\00?\00??\01\00\00???????????c:\\Windows\\Installer\\aad5a3.msp\00\01e??? ê\00??\01\00\01???????????????????Microsoft Corporation\00???\08\04?\00\00\04\00\017???????'?'?????\01???????O?e?????\09,\00??\01\00\01????????????\00j\00??\01\00\00???????????? ???a\00\00??\02\00\00\00????\00\00??????\06\00\00\00\00\00\00\00??\07\00???????\0eR\00??\02\00\01\00???????????\"??????? ???a\00\00??\02\00\00\00????\00\00??????\04\00\00\00\00\00\00\00\00\00\08\00??????? ????\00\00??\01\00\00\00????\00\00???G??\14 \00\00\00\00\00\00?? \00???????????????????\01???????? \00\00\00\00\00\00\00\00\00\00\00??? ????\00\00?\01\02\00\00\00????\00\00??????\10 \00\00\00\00\00\00 ?\03\00?? ???? ????\00\00??\00\00\00\00????\02\00??????\00 \00\00\0a\00N\00??\07\00??????{EACA24FF-236C-401D-A1E7-B3D5267B8A50}\00ati???\05\04?\03\00\04\00\01s??x=??????0,???\08?\00??\03\00\01u??????\15\00\00\00???\00\00\00\00\00???\00????????????????????\05\00??\0c\00??a\00\00?\13\00??\00\00??8\00??\00\00??\00\00??\07\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00?\00\00\00???\00\00\00\00\00???\00????\00\00??\00\00\00\00\00\00\00\00a\00\00? \00\00\00¨\00\00\00<QueryList><Query Id=\"0\" Path=\"Application\"><Select Path=\"Application\">*[system[Provider[@Name=Microsoft-Windows-CEIP] and EventID=1007]]</Select></Query></QueryList>\00???\00\00\00\00\00\00\00\00\00\00\00\00?\00\00\00???\00????\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00?\00\00\00??\00\00\00\00\00\00A\00\01\00?\00\00\00?????\01????X?(zx%1vfio6%~Kdl!r37Uj[]_*hKLm4KMgS$%Bi0uM7&8F&'US5+MgonWiCS[p,l'jnphH8z0NI,~n019\02Servicing_Key\00\00?\00??42\00ˆ?????\01??????????????? &\00??\01\00\01b???????????????????\0b(\00??\01\00\01???????????? ????\00\00??\00\00\00\00????\02\00??????\00 \00\00\0a\00N\00??\08\00???????\02???????????\02N\00??\01\00\01???????{7F9C951C-D364-4B70-8D07-D2C9B7F76E35}\00??????\05\04?\00\00\04\00\01????????\03\04?;\00\01\00\01????????\0e6\00??\02\00\01????????????\03\16\00??\01\00\019????x?? ????\00\00?ý\01\00\00\00????\01\00???I??\06 \00\00\00\00\08\00?iT\00??????????????????????????????????????????\00\00???\0e\01?\01\00\03\00\01\00???????????i??????? ????\00\00?'\00\00\00\00????\00\00??????\00 \00\00\00\00\00\00??&\00??????????????????????? ????\00\00?'\00\00\00\00????\04\00??????\00 \00\00\16\00C\00??&\00??????????????????? ???\04d\00??\01\00\01???????\\Microsoft\\Windows\\Multimedia\\SystemSoundsService\00??? ????\00\00?\01\01\00\00\00????\00\00??????& \00\00\00\00\00\00??\0a\00??????????? ????\00\00??\00\00\00\00????\02\00??????\00 \00\00\0a\00N\00\00\00\13\00???????????????\01???????\02N\00??\01\00\01???????{2470470F-2634-478E-B181-571E98A789BB}\00 ?????\05\04?\02\00\04\00\01???x\00??????\0d\00???\08C\00??\03\00\01???????\15\00\00\00???\00\00\00\00\00???\00????????????????????\04\00??\10\00???\00\00? \00?\00\00\00??8\00??\00\00??\00\00??\07\00\00\00\00\00\00\00\00\00\00\00\00\00up\00\00\00\00?\00\00\00???\00\00\00\00\00???\00????\00\00??\00\00\00\00\00\00\00\00\01\00\00\00\00\00\03\00????? ???\01??????? ????\00\00?g\01\00\00\00????\00\00???G??\0e\00\00\00\00\00\00\00??\0f\00???????y???\03?g???I????????????? ???A\00\00??\1a\00\00\00????\06\00???G???\00\00\00*\00\08\00? \07\00???????\01???????\09\04???\03\00\01???????? ??? ????\00\00??\02\00\00\00?I??\00\00???G??\02\00\00\00\00\00\00\00\00\01?\00???????????????????????????????`??????????? ????\00\00??\01\00\00\00????\00\00???G??\1c\00\00\00\00\00\00\00??\01\00??????REG_SZ???\01???????\02??2\00??4\00??? ???a\00\00?\12\00\00\00\00????\01\00?\11?G??\00\00\00\00\"\00\08\00 ?\09\00??????????{3605B612-C3CF-4ab4-A426-2D853391DB2E}\00??????\12?\00 ?\03\00\01???????????????? ???a\00\00??\06\00\00\00????\00\00???G?? \00\00\00\00\00\00\00\00\00\07\00???g???\05??????????????O????????????????\0d\12\00?I\01\00\01????????????\09\04?\01\00\04\00\01????????????\0a\04?\01\00\04\00\01????????????\10\04?\01\00\04\00\01????????????\09\04?\04\00\04\00\01????????????????????????????'???\13\04?\00\00\04\00\01??????????Z?????\14\04?\03\00\04\00\01????????????????\04\10\00?I\03\00\01????????\0c\04?P\00\04\00\01????????????\0f?\00??\01\00\01\00???????U???5\04?\02\00\04\00\01????????????????????????????????????????\0b\12\00??\01\00\01??????r?????\0a\04?\00\00\04\00\01???????????????pP\08\00?????????????\09\04?0\00\01\00\01u??????????????????4.0.30319.1001\00??????\08\04?\01\00\04\00\01???????WindowsUpdateAgent\00??????5\04?\02\00\04\00\01o???????????????????????????????O???????????????????\09?\00??\03\00\01????????????\0e\16\00??\01\00\01\00???????\00??v2.0.50727\00\00\012???\01???????????????????????\02?\\???e????System,2.0.0.0,,b77a5c561934e089\00\00???\14\02?\00\00\01\00\01I???????????\0c???\0c\02?\00\00\01\00\01\00???????????\01???????\01????X?y?CweepH-4c0GgRbuNkOJdVX0WA,Q7gxikdVf+=tm~DaANrww4CP%Pn2Qc!D7z'S6oPFP4WZ0UMtgPXl\02Servicing_Key\00\00?\0a???\06\04?\08\00\04\00\01/???????\0a\04??\00\04\00\01\00?????\00?????\0b4\00??\01\00\01????????????????????????????\00???\01???????????????????7\04?\02\00\04\00\01E???????????????????????????0???\04\04?\03\00\04\00\019???????\01????\08\00?????\07\04?\01\00\04\00\01????????9\04?P\03\04\00\01-????????????????????????????0??????'?'?'??? ????\00\00??\00\00\00\00????\01\00???G??\00 \00\00@\00Ô\00\02? \00???????????????????'?'?????\01???????\01???\01???\01???\14\02?\00\00\01\00\01\00???????????\15??? ???a\00\00?I\01\00\00\00????\00\00??????\10\00\00\00\00\00\00\00??\08\00???????\0bT\00??\01\00\01\00???????????5\04?\02\00\04\00\013???????????????????????????????\08\04?\00\00\04\00\017???????\01?'????????? ????\00\00??\00\00\00\00????\01\00?U?G??\00 \00\00\06\00\04\00??\05\00??a\00??10323\00???\08?\00??\01\00\01\00????0?02:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636\\ReleaseType\00n??? Ô\00??\01\00\01.????????????????\08\00?????\01???????\01????\08\00????KB2518870\00??? ???a\00\00??\01\00\00\00????\07\00?L????$\00\00\00\1c\00B\00 ?\02\00???????\0c\04?p\00\04\00\017???????\08???\00?\00??\07\00\00???? ???a\00\00??\00\00\00\00????&\00??????\00\00\00\00(\00\02\00??\12\00???????????????\09\12\00??\01\00\01????????????\01???????\03\04?;\00\01\00\01????????\05\04?\03\00\04\00\01\00??x\00???\08I\00??\03\00\01\00??????\15\00\00\00???\00\00\00\00\00???\00????I???????????????\05\00??\0c\00??a\00\00?\13\00??\00\00??\00\00???\00\00\00???\00\00\00\00\00???\00????\00\00??\00\00\00\00\00\00\00\00\01\00\00\00\00\00\03\00?\00\00\00???\00????\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00??\01\00\01\00\00\00A\00\01\00\00\00\00\00\00\00??? ????\00\00?'\00\00\00\00????\00\00??????\00 \00\00\00\00\00\00\00\00&\00???????????????????\00??? ????\00\00?'\00\00\00\00????\04\00??????\00 \00\00\16\00?\00\00\00&\00???????????????????\00???\04>\00??\01\00\01\00??\00\00??\\Microsoft\\Windows\\RAC\\RacTask\00\00\00\00???\02N\00??\01\00\01\00?\00\00\00\08\00\00\00?????\00\00\00\00\00\00\00\00\00\00\00??? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\0e\00???????\00??? ????\00\00??\00\00\00\00????\01\00???G??\00\00\00\00\1c\00I\00\00\00\01\001\00\00\00???\01??1\00???\0eI\00??\01\00\01\00???????\00??c:\\Windows\\assembly\\GAC_64\\Policy.1.0.Microsoft.Interop.Security.AzRoles\\6.1.7600.16385__31bf3856ad364e35\\Microsoft.Interop.Security.AzRoles.config\00\00\00??????? ????\00\00??\02\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00?\00???????????????????????????????5??? ????\00\00??\01\00\00\00????\00\00???G??\1c\00\00\00\00\00\00\00\00\00\01\004\00\00\00???\01??????? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\0e\00???????\00???\01??????? ????\00\00??\00\00\00\00????\01\00???G??\00\00\00\00\1c\00l\00\00\00\01\002\00\00\00???\01??2\00???\0el\00??\01\00\01\00???????\00??c:\\Windows\\assembly\\GAC_64\\Policy.1.2.Microsoft.Interop.Security.AzRoles\\6.1.7600.16385__31bf3856ad364e35\\Policy.1.2.Microsoft.Interop.Security.AzRoles.config\00\00\00\00??????? ????\00\00??\02\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00*\00?????????????????????\00\00\00???\01|??????\01??7\00??????? ????\00\00??\01\00\00\00????\00\00???G??\0e\00\00\00\00\00\00\00\00\00\01\004\00\00\00???\01??????? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\07\00???0???\01??????? ????\00\00??\00\00\00\00????\01\00???G??\00\00\00\00\1c\00Ü\00\00\00\01\003\00\00\00???\01??3\00???\0eÜ\00??\01\00\01\00???????\00@?c:\\Windows\\assembly\\GAC_64\\Policy.6.0.Microsoft.Ink\\6.1.0.0__31bf3856ad364e35\\Policy.6.0.Microsoft.Ink.config\00??????? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00*\00?????????????????????\00\00\00??? ????\00\00??\01\00\00\00????\00\00???G??\0e\00\00\00\00\00\00\00\00\00\01\002\00\00\00???\01??2\00??? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\07\00???0???\01??????? ????\00\00??\00\00\00\00????\01\00???G??\00\00\00\00\1c\00Ü\00\00\00\01\004\00\00\00???\01??4\00???\0eÜ\00??\01\00\01\00???????\00@?c:\\Windows\\assembly\\GAC_32\\Policy.1.0.Microsoft.Ink\\6.1.0.0__31bf3856ad364e35\\Policy.1.0.Microsoft.Ink.config\00??????? ????\00\00??\01\00\00\00????\00\00???G??\1c\00\00\00\00\00\00\00\00\00\01\002\00\00\00??? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\0e\00???????\00???\01??????? ????\00\00??\00\00\00\00????\01\00???G??\00\00\00\00\1c\00I\00\00\00\01\005\00\00\00???\01??5\00???\0eI\00??\01\00\01\00???????\00??c:\\Windows\\assembly\\GAC_32\\Policy.1.0.Microsoft.Interop.Security.AzRoles\\6.1.7600.16385__31bf3856ad364e35\\Microsoft.Interop.Security.AzRoles.config\00\00\00??????? ????\00\00??\01\00\00\00????\00\00???G??\1c\00\00\00\00\00\00\00\00\00\01\002\00\00\00??? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\0e\00???????\00??? ????\00\00??\00\00\00\00????\01\00@??G??\00\00\00\00\1c\00l\00\00\00\01\006\00\00\00???\01??6\00???\0el\00 ?\01\00\01\00???????\00??????? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00*\00?????????????????????\00\00\00???\0eC\00??\01\00\01????????????????????????\01U?2\00??????\00??\00\00\00\00\00\00\00\00\00\00\00??c:\\Windows\\assembly\\GAC_32\\Policy.1.2.Microsoft.Interop.Security.AzRoles\\6.1.7600.16385__31bf3856ad364e35\\Policy.1.2.Microsoft.Interop.Security.AzRoles.config\00\00\00\00??? ????\00\00H?\01\00\00\00????\00\00???G??\0e\00\00\00\00\00\00\00\00\00\01\002\00\00\00??? ????\00\00U?\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\07\00???0??? ????\00\00|?\00\00\00\00????\01\00???G??\00\00\00\00\1c\00Ü\00\00\00\01\007\00\00\00???\0eÜ\00??\01\00\01\00???????\00@?c:\\Windows\\assembly\\GAC_32\\Policy.1.7.Microsof"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2013-09-05  09:17:20 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-05 14:17
ComboFix2.txt  2013-09-05 03:56
.
Pre-Run: 4,060,160,000 bytes free
Post-Run: 3,795,431,424 bytes free
.
- - End Of File - - 99CCE788C8A84312062497157A468A0F
A36C5E4F47E84449FF07ED3517B43A31
 

Link to post
Share on other sites
  • Root Admin

Can you please start REGEDIT.EXE and then browse to this key and then right click and choose EXPORT

In the Save-As type please choose Registry Hive Files *.* and save it as HKLM_UserData.TXT

 

HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData

 

Then attach it to your next reply.   It's not really a text file but we want the board to allow it to be uploaded so use the "More Reply Options" button and choose to attach it when ready.

 

Thanks

Link to post
Share on other sites
  • Root Admin

Okay this fix is going to be a bit more involved. 

 

I need you to do the following please.

 

STEP 1

Make a new ERUNT Registry Backup.

 

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
STEP 2

Create a new System Restore Point

How to Create a System Restore Point in Windows 7

 

 

STEP 3

Now open REGEDIT.EXE and browse to the following location.

 

HKEY_LOCAL_MACHINE\_Kodiak\S-1-5-18\Components

 

Then if you highlight any key just below that you can then press the F key on the keyboard and it will automatically walk down to the keys starting with the letter F

 

 

Then scroll all the way down to the bottom entry of the Components section and you'll notice there are 2 strange named characters there that are like in another language.

 

I want you to highlight each one and delete it.  Then reboot the computer and run Combofix again and post back the new log.

 

If you look in the current log from your last Combofix run you'll see an entry that starts like this below and I believe it is due to those 2 bad entries in the Registry.

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\f*]

@=multi:"?\02??????http://www.microsoft.com/\00???\00H\00??\01\00\00????????\06\04?\05\00\04\00\01\00???\00??:RTM.1.1;:#RTM.1.1\00??\0c??NDP40-KB2518870.msp\00?\00???\00z\00??\01\00\00???? ????\00\00?\01\01\00\00\00????\00\00??????\18 \00\00\00\00\00\00?\00\17\00???????????n??? ????\00\00??\00\00\00\00????\02\00??????\00 \00\00\0a\00N\00?\00\0c\00???????????\01???????\02N\00??\01\00\01??g????{00BB5F5C-4A20-4FD6-8900-4699F989BF01}\00G?????????\05\04?\00\00\04\00\01????????????\08???\008\00??\01\00\00????\01???????\00P\00??\01\00\00????????

 

 

If you have any questions please let me know.

Link to post
Share on other sites
  • Root Admin

System Restore is not a backup and only monitors certain files.  If you're not already backing up your files to an external USB drive or some sort of online backup then I would highly suggest that you do start backing up to an external drive.  Do not keep the drive connected all the time though, only while backing up. If the computer were to get infected with the backup drive connected then that data could very easily be compromised as well.  Never connect the backup drive to the computer if you think it may be infected, get it cleaned first.

 

Let me know once you've fixed that Registry entry please.

Link to post
Share on other sites

OK, I deleted the two keys with the strange alphabet names. Now I'm going to do the combo fix. Question - all of those F, FF, and FFF keys - Is that where I'm losing space on my harddrive? Are those the folders that are being saved automatically in my C drive? You didn't tell me to delete them, so I've left everything alone, other than the two keys that were down at the bottom of the list.

 

Thanks.

Link to post
Share on other sites

Looks better!

 

ComboFix 13-09-06.01 - Free Bird 09/06/2013  23:12:59.4.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.2601 [GMT -5:00]
Running from: c:\users\Free Bird\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-07 to 2013-09-07  )))))))))))))))))))))))))))))))
.
.
2013-09-07 04:25 . 2013-09-07 04:25    --------    d-----w-    c:\users\TEMP\AppData\Local\temp
2013-09-07 04:25 . 2013-09-07 04:25    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-09-06 14:17 . 2013-09-06 14:17    --------    d-----w-    c:\program files (x86)\ERUNT
2013-09-04 17:43 . 2013-09-04 17:43    --------    d-----w-    c:\program files\Paint.NET
2013-09-04 17:43 . 2013-09-04 17:56    --------    d-----w-    c:\users\Free Bird\AppData\Local\Paint.NET
2013-09-04 17:42 . 2013-09-04 17:50    --------    d-----w-    c:\program files (x86)\MyPC Backup
2013-09-04 17:42 . 2013-09-04 17:43    --------    d-----w-    c:\users\Free Bird\AppData\Roaming\SmartPCFix
2013-08-22 18:44 . 2013-08-22 18:44    --------    d-----w-    c:\programdata\Kaspersky Lab
2013-08-20 20:20 . 2013-08-20 20:20    17737608    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-08-20 15:23 . 2013-08-20 15:23    --------    d-----w-    c:\windows\ERUNT
2013-08-20 15:06 . 2013-08-20 15:06    --------    d-----w-    c:\users\Free Bird\AppData\Local\AVG SafeGuard toolbar
2013-08-20 15:06 . 2013-08-20 15:05    45856    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-08-20 15:06 . 2013-08-20 15:06    --------    d-----w-    c:\programdata\AVG SafeGuard toolbar
2013-08-20 15:06 . 2013-08-20 15:06    --------    d-----w-    c:\program files (x86)\AVG SafeGuard toolbar
2013-08-20 15:05 . 2013-08-20 15:05    --------    d--h--w-    c:\programdata\Common Files
2013-08-15 16:14 . 2013-07-19 01:41    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-08-15 16:14 . 2013-07-19 01:58    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-08-14 22:20 . 2013-08-14 22:20    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-08-14 01:58 . 2013-07-09 05:52    224256    ----a-w-    c:\windows\system32\wintrust.dll
2013-08-14 01:58 . 2013-07-09 05:46    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-08-14 01:58 . 2013-07-09 05:46    1472512    ----a-w-    c:\windows\system32\crypt32.dll
2013-08-14 01:58 . 2013-07-09 05:46    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-08-14 01:58 . 2013-07-09 04:52    175104    ----a-w-    c:\windows\SysWow64\wintrust.dll
2013-08-14 01:58 . 2013-07-09 04:46    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-08-14 01:58 . 2013-07-09 04:46    1166848    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-08-14 01:58 . 2013-07-09 04:46    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-08-08 05:46 . 2013-09-05 04:29    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-08-08 05:46 . 2013-09-05 04:28    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-08-08 05:46 . 2013-09-05 04:28    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-22 12:52 . 2013-07-25 02:28    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-08-22 12:51 . 2013-07-25 02:27    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-08-22 12:41 . 2013-07-25 02:27    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-08-20 20:20 . 2012-11-17 15:17    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-20 20:20 . 2012-11-17 15:17    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-05 15:45 . 2013-08-05 15:45    98304    ----a-w-    c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
2013-08-05 15:45 . 2013-08-05 15:45    24576    ----a-w-    c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
2013-08-05 15:45 . 2013-08-05 15:45    1347584    ----a-w-    c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
2013-07-25 02:27 . 2013-07-25 02:27    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-07-09 04:45 . 2013-08-14 01:57    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-07-06 16:13 . 2013-07-06 16:13    94208    ----a-w-    c:\windows\system32\drivers\lgvzandnetndis64.sys
2013-06-25 08:04 . 2013-06-25 08:04    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-06-25 08:04 . 2013-06-25 08:04    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-06-25 08:04 . 2013-06-25 08:04    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-06-25 08:04 . 2013-06-25 08:04    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-06-25 08:04 . 2013-06-25 08:04    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-06-25 08:04 . 2013-06-25 08:04    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-06-25 08:04 . 2013-06-25 08:04    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-25 08:04 . 2013-06-25 08:04    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-06-25 08:04 . 2013-06-25 08:04    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-06-25 08:04 . 2013-06-25 08:04    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-06-25 08:04 . 2013-06-25 08:04    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-06-25 08:04 . 2013-06-25 08:04    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-06-25 08:04 . 2013-06-25 08:04    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-06-25 08:04 . 2013-06-25 08:04    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-06-25 08:04 . 2013-06-25 08:04    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-06-25 08:04 . 2013-06-25 08:04    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-06-25 08:04 . 2013-06-25 08:04    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-06-25 08:04 . 2013-06-25 08:04    441856    ----a-w-    c:\windows\system32\html.iec
2013-06-25 08:04 . 2013-06-25 08:04    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-06-25 08:04 . 2013-06-25 08:04    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-06-25 08:04 . 2013-06-25 08:04    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-06-25 08:04 . 2013-06-25 08:04    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-06-25 08:04 . 2013-06-25 08:04    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-06-25 08:04 . 2013-06-25 08:04    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-06-25 08:04 . 2013-06-25 08:04    235008    ----a-w-    c:\windows\system32\url.dll
2013-06-25 08:04 . 2013-06-25 08:04    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-06-25 08:04 . 2013-06-25 08:04    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-06-25 08:04 . 2013-06-25 08:04    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-06-25 08:04 . 2013-06-25 08:04    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-06-25 08:04 . 2013-06-25 08:04    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-06-25 08:04 . 2013-06-25 08:04    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-06-25 08:04 . 2013-06-25 08:04    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-06-25 08:04 . 2013-06-25 08:04    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-06-25 08:04 . 2013-06-25 08:04    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-06-25 08:04 . 2013-06-25 08:04    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-06-25 08:04 . 2013-06-25 08:04    149504    ----a-w-    c:\windows\system32\occache.dll
2013-06-25 08:04 . 2013-06-25 08:04    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-06-25 08:04 . 2013-06-25 08:04    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-06-25 08:04 . 2013-06-25 08:04    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-06-25 08:04 . 2013-06-25 08:04    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-06-25 08:04 . 2013-06-25 08:04    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-06-25 08:04 . 2013-06-25 08:04    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-06-25 08:04 . 2013-06-25 08:04    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-06-25 08:04 . 2013-06-25 08:04    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-06-25 08:04 . 2013-06-25 08:04    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-06-25 08:04 . 2013-06-25 08:04    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-06-25 08:04 . 2013-06-25 08:04    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-06-25 08:04 . 2013-06-25 08:04    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-25 08:04 . 2013-06-25 08:04    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-06-25 08:03 . 2013-06-25 08:03    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    648192    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-06-25 08:03 . 2013-06-25 08:03    604160    ----a-w-    c:\windows\SysWow64\d3d10level9.dll
2013-06-25 08:03 . 2013-06-25 08:03    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    522752    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2013-06-25 08:03 . 2013-06-25 08:03    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-06-25 08:03 . 2013-06-25 08:03    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-06-25 08:03 . 2013-06-25 08:03    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2013-06-25 08:03 . 2013-06-25 08:03    364544    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-25 08:03 . 2013-06-25 08:03    363008    ----a-w-    c:\windows\system32\dxgi.dll
2013-06-25 08:03 . 2013-06-25 08:03    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2013-06-25 08:03 . 2013-06-25 08:03    333312    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-06-25 08:03 . 2013-06-25 08:03    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    296960    ----a-w-    c:\windows\system32\d3d10core.dll
2013-06-25 08:03 . 2013-06-25 08:03    293376    ----a-w-    c:\windows\SysWow64\dxgi.dll
2013-06-25 08:03 . 2013-06-25 08:03    2776576    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2013-06-25 08:03 . 2013-06-25 08:03    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-06-25 08:03 . 2013-06-25 08:03    2560    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    249856    ----a-w-    c:\windows\SysWow64\d3d10_1core.dll
2013-06-25 08:03 . 2013-06-25 08:03    245248    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2013-06-25 08:03 . 2013-06-25 08:03    2284544    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2013-06-25 08:03 . 2013-06-25 08:03    221184    ----a-w-    c:\windows\system32\UIAnimation.dll
2013-06-25 08:03 . 2013-06-25 08:03    220160    ----a-w-    c:\windows\SysWow64\d3d10core.dll
2013-06-25 08:03 . 2013-06-25 08:03    207872    ----a-w-    c:\windows\SysWow64\WindowsCodecsExt.dll
2013-06-25 08:03 . 2013-06-25 08:03    1988096    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2013-06-25 08:03 . 2013-06-25 08:03    194560    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-06-25 08:03 . 2013-06-25 08:03    187392    ----a-w-    c:\windows\SysWow64\UIAnimation.dll
2013-06-25 08:03 . 2013-06-25 08:03    1682432    ----a-w-    c:\windows\system32\XpsPrint.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"DellComms"="c:\program files (x86)\Dell\DellComms\bin\sprtcmd.exe" [2009-05-05 206064]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-05-12 623888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-03-01 295072]
.
c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AllChars.lnk - c:\program files (x86)\AllChars\AllChars.exe [2007-7-25 626688]
Desktop Manager.lnk - c:\program files (x86)\Research In Motion\BlackBerry\DesktopMgr.exe [2009-5-12 1701136]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\DRIVERS\lgvzandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetdiag64.sys [x]
R3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\DRIVERS\lgvzandnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetmdm64.sys [x]
R3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgvzandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetndis64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe;c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-06 19:43    1177552    ----a-w-    c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-17 20:20]
.
2013-09-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2374328083-628559870-3858990220-1000Core.job
- c:\users\Free Bird\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-06 13:40]
.
2013-09-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2374328083-628559870-3858990220-1000UA.job
- c:\users\Free Bird\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-06 13:40]
.
2013-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 01:53]
.
2013-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 01:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-09-16 357376]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-09 8158240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-04 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-04 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-04 408600]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Save the YouTube video as MP3 - c:\users\Free Bird\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Free Bird\AppData\Roaming\Mozilla\Firefox\Profiles\eciapt2f.default\
FF - prefs.js: keyword.URL -
FF - ExtSQL: 2013-08-05 09:48; jid1-RgQXqotzndApjg@jetpack; c:\users\Free Bird\AppData\Roaming\Mozilla\Firefox\Profiles\eciapt2f.default\extensions\jid1-RgQXqotzndApjg@jetpack
FF - ExtSQL: !HIDDEN! 2010-05-19 16:30; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-{D551E02B-7161-C34D-6485-6FB979997236} - c:\progra~3\INSTAL~2\{4FE0A~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-07  00:03:54
ComboFix-quarantined-files.txt  2013-09-07 05:03
ComboFix2.txt  2013-09-05 14:17
ComboFix3.txt  2013-09-05 03:56
.
Pre-Run: 3,662,528,512 bytes free
Post-Run: 3,618,914,304 bytes free
.
- - End Of File - - 313545FE2C9348D0DC03744C701F15AD
A36C5E4F47E84449FF07ED3517B43A31
 

Link to post
Share on other sites
  • Root Admin

Great, okay lets run another antivirus scan.
 
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
Link to post
Share on other sites

Also, out of curiosity, why not delete this one too? I notice that this is in my C drive, but I also have a folder in my D drive that appeared called "$RECYCLE.BIN" that showed up right around the same time that other recent problems showed up:

 

C:\$RECYCLE.BIN\S-1-5-21-2374328083-628559870-3858990220-1000\$RNJR638.exe    a variant of Win32/Soft32Downloader.D application

 

Also, I have a program folder called "ffshow". What is that?

Link to post
Share on other sites
  • Root Admin

If it will let you you can delete it. 

 

ffdshow is DirectShow and VFW codec for decoding/encoding many video and audio formats, including DivX and XviD movies

 

 

How is the computer running otherwise?

Are there still any signs of an infection or can we look at closing up here?

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.