Jump to content
Sign in to follow this  
PeregrineKodiak

Recurrent Malware Issue? Involuntary Backups?

Recommended Posts

Hello Ron L.

 

Could you help me fix this issue? Thanks for all of your help. Don't work too hard. Its a holiday :)

 

Recap: Involuntary backups? Seem to be storing something on my C drive and D drive? Also - a "Windows Update" is always holding up my computer from shutting down.

 

These "back-ups" turn my computer on at 3 am if it is sleeping. Also - sometimes folders come in around 1 pm. Lately, they seem to take up a fifth of a gig. It varies.

 

Thank you!

Share this post


Link to post
Share on other sites

Hello,
 
Let me have you run the following please.
 
 
Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

Share this post


Link to post
Share on other sites

When I click on the link, it gives me only the option to "save" the program. It saves in my downloads, and I can't move it to my desktop - I can only create a shortcut.

 

I clicked to run it - there was a window with green script that went through deleting and updating a bunch of files, and some red and green progress bars. It finished in a minute or so, and I can't find any log.

 

Before I did this, I went through my programs files to make sure I don't have a security program. I know I should have one. I was asking about recommendations for a security program in my post a couple of weeks ago - but he didn't give have any suggestions.

 

I also ran combo fix a couple of weeks ago, and it ran like it was supposed to.

 

I'm probably missing something simple here - you're working with an analog person.

Share this post


Link to post
Share on other sites

ComboFix 13-09-04.04 - Free Bird 09/04/2013  22:05:15.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.1972 [GMT -5:00]
Running from: c:\users\Free Bird\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-05 to 2013-09-05  )))))))))))))))))))))))))))))))
.
.
2013-09-05 03:16 . 2013-09-05 03:16    --------    d-----w-    c:\users\TEMP\AppData\Local\temp
2013-09-05 03:16 . 2013-09-05 03:16    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-09-04 17:43 . 2013-09-04 17:43    --------    d-----w-    c:\program files\Paint.NET
2013-09-04 17:43 . 2013-09-04 17:56    --------    d-----w-    c:\users\Free Bird\AppData\Local\Paint.NET
2013-09-04 17:42 . 2013-09-04 17:50    --------    d-----w-    c:\program files (x86)\MyPC Backup
2013-09-04 17:42 . 2013-09-04 17:43    --------    d-----w-    c:\users\Free Bird\AppData\Roaming\SmartPCFix
2013-08-22 18:44 . 2013-08-22 18:44    --------    d-----w-    c:\programdata\Kaspersky Lab
2013-08-20 20:20 . 2013-08-20 20:20    17737608    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-08-20 15:23 . 2013-08-20 15:23    --------    d-----w-    c:\windows\ERUNT
2013-08-20 15:06 . 2013-08-20 15:06    --------    d-----w-    c:\users\Free Bird\AppData\Local\AVG SafeGuard toolbar
2013-08-20 15:06 . 2013-08-20 15:05    45856    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-08-20 15:06 . 2013-08-20 15:06    --------    d-----w-    c:\programdata\AVG SafeGuard toolbar
2013-08-20 15:06 . 2013-08-20 15:06    --------    d-----w-    c:\program files (x86)\AVG SafeGuard toolbar
2013-08-20 15:05 . 2013-08-20 15:05    --------    d--h--w-    c:\programdata\Common Files
2013-08-15 16:14 . 2013-07-19 01:41    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-08-15 16:14 . 2013-07-19 01:58    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-08-14 22:20 . 2013-08-14 22:20    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-08-14 01:58 . 2013-07-09 05:52    224256    ----a-w-    c:\windows\system32\wintrust.dll
2013-08-14 01:58 . 2013-07-09 05:46    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-08-14 01:58 . 2013-07-09 05:46    1472512    ----a-w-    c:\windows\system32\crypt32.dll
2013-08-14 01:58 . 2013-07-09 05:46    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-08-14 01:58 . 2013-07-09 04:52    175104    ----a-w-    c:\windows\SysWow64\wintrust.dll
2013-08-14 01:58 . 2013-07-09 04:46    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-08-14 01:58 . 2013-07-09 04:46    1166848    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-08-14 01:58 . 2013-07-09 04:46    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-08-08 05:46 . 2013-08-17 15:53    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-08-08 05:46 . 2013-08-17 15:52    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-08-08 05:46 . 2013-08-17 15:42    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-22 12:52 . 2013-07-25 02:28    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-08-22 12:51 . 2013-07-25 02:27    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-08-22 12:41 . 2013-07-25 02:27    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-08-20 20:20 . 2012-11-17 15:17    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-20 20:20 . 2012-11-17 15:17    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-05 15:45 . 2013-08-05 15:45    98304    ----a-w-    c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
2013-08-05 15:45 . 2013-08-05 15:45    24576    ----a-w-    c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
2013-08-05 15:45 . 2013-08-05 15:45    1347584    ----a-w-    c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
2013-07-25 02:27 . 2013-07-25 02:27    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-07-09 04:45 . 2013-08-14 01:57    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-07-06 16:13 . 2013-07-06 16:13    94208    ----a-w-    c:\windows\system32\drivers\lgvzandnetndis64.sys
2013-06-25 08:04 . 2013-06-25 08:04    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-06-25 08:04 . 2013-06-25 08:04    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-06-25 08:04 . 2013-06-25 08:04    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-06-25 08:04 . 2013-06-25 08:04    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-06-25 08:04 . 2013-06-25 08:04    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-06-25 08:04 . 2013-06-25 08:04    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-06-25 08:04 . 2013-06-25 08:04    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-25 08:04 . 2013-06-25 08:04    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-06-25 08:04 . 2013-06-25 08:04    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-06-25 08:04 . 2013-06-25 08:04    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-06-25 08:04 . 2013-06-25 08:04    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-06-25 08:04 . 2013-06-25 08:04    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-06-25 08:04 . 2013-06-25 08:04    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-06-25 08:04 . 2013-06-25 08:04    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-06-25 08:04 . 2013-06-25 08:04    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-06-25 08:04 . 2013-06-25 08:04    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-06-25 08:04 . 2013-06-25 08:04    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-06-25 08:04 . 2013-06-25 08:04    441856    ----a-w-    c:\windows\system32\html.iec
2013-06-25 08:04 . 2013-06-25 08:04    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-06-25 08:04 . 2013-06-25 08:04    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-06-25 08:04 . 2013-06-25 08:04    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-06-25 08:04 . 2013-06-25 08:04    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-06-25 08:04 . 2013-06-25 08:04    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-06-25 08:04 . 2013-06-25 08:04    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-06-25 08:04 . 2013-06-25 08:04    235008    ----a-w-    c:\windows\system32\url.dll
2013-06-25 08:04 . 2013-06-25 08:04    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-06-25 08:04 . 2013-06-25 08:04    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-06-25 08:04 . 2013-06-25 08:04    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-06-25 08:04 . 2013-06-25 08:04    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-06-25 08:04 . 2013-06-25 08:04    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-06-25 08:04 . 2013-06-25 08:04    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-06-25 08:04 . 2013-06-25 08:04    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-06-25 08:04 . 2013-06-25 08:04    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-06-25 08:04 . 2013-06-25 08:04    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-06-25 08:04 . 2013-06-25 08:04    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-06-25 08:04 . 2013-06-25 08:04    149504    ----a-w-    c:\windows\system32\occache.dll
2013-06-25 08:04 . 2013-06-25 08:04    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-06-25 08:04 . 2013-06-25 08:04    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-06-25 08:04 . 2013-06-25 08:04    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-06-25 08:04 . 2013-06-25 08:04    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-06-25 08:04 . 2013-06-25 08:04    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-06-25 08:04 . 2013-06-25 08:04    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-06-25 08:04 . 2013-06-25 08:04    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-06-25 08:04 . 2013-06-25 08:04    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-06-25 08:04 . 2013-06-25 08:04    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-06-25 08:04 . 2013-06-25 08:04    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-06-25 08:04 . 2013-06-25 08:04    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-06-25 08:04 . 2013-06-25 08:04    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-25 08:04 . 2013-06-25 08:04    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-06-25 08:03 . 2013-06-25 08:03    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    648192    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-06-25 08:03 . 2013-06-25 08:03    604160    ----a-w-    c:\windows\SysWow64\d3d10level9.dll
2013-06-25 08:03 . 2013-06-25 08:03    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    522752    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2013-06-25 08:03 . 2013-06-25 08:03    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-06-25 08:03 . 2013-06-25 08:03    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-06-25 08:03 . 2013-06-25 08:03    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2013-06-25 08:03 . 2013-06-25 08:03    364544    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-25 08:03 . 2013-06-25 08:03    363008    ----a-w-    c:\windows\system32\dxgi.dll
2013-06-25 08:03 . 2013-06-25 08:03    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2013-06-25 08:03 . 2013-06-25 08:03    333312    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-06-25 08:03 . 2013-06-25 08:03    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    296960    ----a-w-    c:\windows\system32\d3d10core.dll
2013-06-25 08:03 . 2013-06-25 08:03    293376    ----a-w-    c:\windows\SysWow64\dxgi.dll
2013-06-25 08:03 . 2013-06-25 08:03    2776576    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2013-06-25 08:03 . 2013-06-25 08:03    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-06-25 08:03 . 2013-06-25 08:03    2560    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    249856    ----a-w-    c:\windows\SysWow64\d3d10_1core.dll
2013-06-25 08:03 . 2013-06-25 08:03    245248    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2013-06-25 08:03 . 2013-06-25 08:03    2284544    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2013-06-25 08:03 . 2013-06-25 08:03    221184    ----a-w-    c:\windows\system32\UIAnimation.dll
2013-06-25 08:03 . 2013-06-25 08:03    220160    ----a-w-    c:\windows\SysWow64\d3d10core.dll
2013-06-25 08:03 . 2013-06-25 08:03    207872    ----a-w-    c:\windows\SysWow64\WindowsCodecsExt.dll
2013-06-25 08:03 . 2013-06-25 08:03    1988096    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2013-06-25 08:03 . 2013-06-25 08:03    194560    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-06-25 08:03 . 2013-06-25 08:03    187392    ----a-w-    c:\windows\SysWow64\UIAnimation.dll
2013-06-25 08:03 . 2013-06-25 08:03    1682432    ----a-w-    c:\windows\system32\XpsPrint.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Free Bird\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-07-06 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"DellComms"="c:\program files (x86)\Dell\DellComms\bin\sprtcmd.exe" [2009-05-05 206064]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-05-12 623888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-03-01 295072]
.
c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AllChars.lnk - c:\program files (x86)\AllChars\AllChars.exe [2007-7-25 626688]
Desktop Manager.lnk - c:\program files (x86)\Research In Motion\BlackBerry\DesktopMgr.exe [2009-5-12 1701136]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\DRIVERS\lgvzandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetdiag64.sys [x]
R3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\DRIVERS\lgvzandnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetmdm64.sys [x]
R3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgvzandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetndis64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe;c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-02 20:44    1177552    ----a-w-    c:\program files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-17 20:20]
.
2013-09-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2374328083-628559870-3858990220-1000Core.job
- c:\users\Free Bird\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-06 13:40]
.
2013-09-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2374328083-628559870-3858990220-1000UA.job
- c:\users\Free Bird\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-06 13:40]
.
2013-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 01:53]
.
2013-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 01:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-09-16 357376]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-09 8158240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-04 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-04 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-04 408600]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Save the YouTube video as MP3 - c:\users\Free Bird\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Free Bird\AppData\Roaming\Mozilla\Firefox\Profiles\eciapt2f.default\
FF - prefs.js: keyword.URL -
FF - ExtSQL: 2013-08-05 09:48; jid1-RgQXqotzndApjg@jetpack; c:\users\Free Bird\AppData\Roaming\Mozilla\Firefox\Profiles\eciapt2f.default\extensions\jid1-RgQXqotzndApjg@jetpack
FF - ExtSQL: !HIDDEN! 2010-05-19 16:30; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-{D551E02B-7161-C34D-6485-6FB979997236} - c:\progra~3\INSTAL~2\{4FE0A~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\f*]
@=multi:"?\02??????http://www.microsoft.com/\00???\00H\00??\01\00\00????????\06\04?\05\00\04\00\01\00???\00??:RTM.1.1;:#RTM.1.1\00??\0c??NDP40-KB2518870.msp\00?\00???\00z\00??\01\00\00???? ????\00\00?\01\01\00\00\00????\00\00??????\18 \00\00\00\00\00\00?\00\17\00???????????n??? ????\00\00??\00\00\00\00????\02\00??????\00 \00\00\0a\00N\00?\00\0c\00???????????\01???????\02N\00??\01\00\01??g????{00BB5F5C-4A20-4FD6-8900-4699F989BF01}\00G?????????\05\04?\00\00\04\00\01????????????\08???\008\00??\01\00\00????\01???????\00P\00??\01\00\00????????\01???\01???????????\0f\01?\01\00\03\00\01????????1??????????????????????4.0.30319\00???????????\0d&\00??\01\00\01\00???????????\0e\14\00??\01\00\01U???????t???????\09\04?\00\00\04\00\01\00???????L???????\06\04?\05\00\04\00\01????????\04\10\00??\03\00\01????`???\06\04?\05\00\04\00\01???????? ????\00\00??\00\00\00\00????\01\00???G??\00 \00\00\06\00\04\00??\05\00??????n;1;d:\\4f330366dd525ac60a532998ee8840e1\\\00\00??? ????\00\00??\00\00\00\00????\01\00??????\00 \00\00\18\00@\00\00\00 \00???????????????????\0c@\00??\01\00\01\00??????????????? ???a\00\00?Iz\00\00\00????\00\00??????\10\00\00\00\00\00\00\00\00\00\02\00?\00\00\00???\01?????????\00\00\00\00\00\00\00\00\00\00\00??? ???a\00\00??\01\00\00\00?i??\02\00?g?G??\0a \00\00\1c\00:\00\02\00\0a\00???????????\01???????????\00?\00??\01\00\00?\08\00?????\01???????\06\04?\05\00\04\00\01?????x?? ???a\00\00?I\01\00\00\00?U??\03\00???H??\02\00\00\00\18\00\04\00?gW\00???????????????????????????????????????????????\08\04?\01\00\04\00\01????????\0c\04?\01\00\04\00\01????????????????????\0bx\00??\01\00\01C?????eA\00??? ????\00\00??\00\00\00\00????\08\00??????\00 \00\00\1a\004\00?? \00???????????????????\00.\00??\01\00\00?\08\00?????\06\04?\05\00\04\00\01????`x?? ???a\00\00?I\01\00\00\00????\01\00???H??\02\00\00\00\0c\00\04\00??U\00??????????????????????????????????????????? ??? ???a\00\00??\01\00\00\00????\00\00??????\0e\00\00\00\00\00\00\00??\07\00???????\04\04?\03\00\04\00\017???????\0a\04?\00\00\04\00\01??????\00?\08???\00H\00??\01\00\00????\06\04?\05\00\04\00\01????????????????????\00P\00??\01\00\00???\07\00?????????\00?\00????????????????????????????????????????????? ?????????? ? ? ? ???????????????? ???????????????? ?????????? ???\00\00\01\00\01\00\01\00\02\00?????????\00?\00????????? ?????????? ? ? ? ???????????????? ???????????????????????????? ??\00\00\00\00\00\00?????????\00?\00??????????? ?????????? ? ? ? ???????????????? ???????????????????????????? ??\00\00\02\00\01\00\04\00\02\00\03\00\06\00?????????\00?\00????????????????????? ?????????? ? ? ? ???????????????? ???????????????? ?????????? ???\00\00\02\00\01\00\04\00\02\00\02\00\05\00?????????\00?\00??????? ?????????? ? ? ? ???????????????? ???????????????????????????? ??\00\00\01\00\01\00\02\00\03\00\02\00?????????\00?\00???????????????? ?????????? ? ? ? ???????????????? ???????????????? ?????????? ???\00\00\02\00\01\00\04\00\01\00\02\00?????????\00?\00??????????????????? ?????????? ? ? ? ???????????????? ???????????????????????????? ??\00\00\03\00\01\00\02\00\04\00\00\00????? ???A\00\00??\00\00\00\00????\0a\00???G??\00 \00\00 \00N\00cr \00???????????????????\09N\00??\01\00\01 ????Dle\00??{C8B8456C-6A12-3725-95A8-1C9FBE1E3141}\00??U???????????????\01?????????'????? ???a\00\00??\01\00\00\00????\02\00?I?G??\0a \00\00\1c\00R\00??\0a\00??????Sy??v2.0.50727\00??????\06\04?\05\00\04\00\01H???H???O?e????6.1\00\00\00??20110616\00???? ????\00\00??\01\00\00\00????\00\00??????\10\00\00\00\00\00\00\00\00\00\08\00??????? W??a\00\00??\01\00\00\00????\00\00??????\06\00\00\00\00\00\00\00\00\00\08\00???????\01???????\00?\00??\01\00\00???????????c:\\Windows\\Installer\\aad5a3.msp\00\01e??? ê\00??\01\00\01???????????????????Microsoft Corporation\00???\08\04?\00\00\04\00\017???????'?'?????\01???????O?e?????\09,\00??\01\00\01????????????\00j\00??\01\00\00???????????? ???a\00\00??\02\00\00\00????\00\00??????\06\00\00\00\00\00\00\00??\07\00???????\0eR\00??\02\00\01\00???????????\"??????? ???a\00\00??\02\00\00\00????\00\00??????\04\00\00\00\00\00\00\00\00\00\08\00??????? ????\00\00??\01\00\00\00????\00\00???G??\14 \00\00\00\00\00\00?? \00???????????????????\01???????? \00\00\00\00\00\00\00\00\00\00\00??? ????\00\00?\01\02\00\00\00????\00\00??????\10 \00\00\00\00\00\00 ?\03\00?? ???? ????\00\00??\00\00\00\00????\02\00??????\00 \00\00\0a\00N\00??\07\00??????{EACA24FF-236C-401D-A1E7-B3D5267B8A50}\00ati???\05\04?\03\00\04\00\01s??x=??????0,???\08?\00??\03\00\01u??????\15\00\00\00???\00\00\00\00\00???\00????????????????????\05\00??\0c\00??a\00\00?\13\00??\00\00??8\00??\00\00??\00\00??\07\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00?\00\00\00???\00\00\00\00\00???\00????\00\00??\00\00\00\00\00\00\00\00a\00\00? \00\00\00¨\00\00\00<QueryList><Query Id=\"0\" Path=\"Application\"><Select Path=\"Application\">*[system[Provider[@Name=Microsoft-Windows-CEIP] and EventID=1007]]</Select></Query></QueryList>\00???\00\00\00\00\00\00\00\00\00\00\00\00?\00\00\00???\00????\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00?\00\00\00??\00\00\00\00\00\00A\00\01\00?\00\00\00?????\01????X?(zx%1vfio6%~Kdl!r37Uj[]_*hKLm4KMgS$%Bi0uM7&8F&'US5+MgonWiCS[p,l'jnphH8z0NI,~n019\02Servicing_Key\00\00?\00??42\00ˆ?????\01??????????????? &\00??\01\00\01b???????????????????\0b(\00??\01\00\01???????????? ????\00\00??\00\00\00\00????\02\00??????\00 \00\00\0a\00N\00??\08\00???????\02???????????\02N\00??\01\00\01???????{7F9C951C-D364-4B70-8D07-D2C9B7F76E35}\00??????\05\04?\00\00\04\00\01????????\03\04?;\00\01\00\01????????\0e6\00??\02\00\01????????????\03\16\00??\01\00\019????x?? ????\00\00?ý\01\00\00\00????\01\00???I??\06 \00\00\00\00\08\00?iT\00??????????????????????????????????????????\00\00???\0e\01?\01\00\03\00\01\00???????????i??????? ????\00\00?'\00\00\00\00????\00\00??????\00 \00\00\00\00\00\00??&\00??????????????????????? ????\00\00?'\00\00\00\00????\04\00??????\00 \00\00\16\00C\00??&\00??????????????????? ???\04d\00??\01\00\01???????\\Microsoft\\Windows\\Multimedia\\SystemSoundsService\00??? ????\00\00?\01\01\00\00\00????\00\00??????& \00\00\00\00\00\00??\0a\00??????????? ????\00\00??\00\00\00\00????\02\00??????\00 \00\00\0a\00N\00\00\00\13\00???????????????\01???????\02N\00??\01\00\01???????{2470470F-2634-478E-B181-571E98A789BB}\00 ?????\05\04?\02\00\04\00\01???x\00??????\0d\00???\08C\00??\03\00\01???????\15\00\00\00???\00\00\00\00\00???\00????????????????????\04\00??\10\00???\00\00? \00?\00\00\00??8\00??\00\00??\00\00??\07\00\00\00\00\00\00\00\00\00\00\00\00\00up\00\00\00\00?\00\00\00???\00\00\00\00\00???\00????\00\00??\00\00\00\00\00\00\00\00\01\00\00\00\00\00\03\00????? ???\01??????? ????\00\00?g\01\00\00\00????\00\00???G??\0e\00\00\00\00\00\00\00??\0f\00???????y???\03?g???I????????????? ???A\00\00??\1a\00\00\00????\06\00???G???\00\00\00*\00\08\00? \07\00???????\01???????\09\04???\03\00\01???????? ??? ????\00\00??\02\00\00\00?I??\00\00???G??\02\00\00\00\00\00\00\00\00\01?\00???????????????????????????????`??????????? ????\00\00??\01\00\00\00????\00\00???G??\1c\00\00\00\00\00\00\00??\01\00??????REG_SZ???\01???????\02??2\00??4\00??? ???a\00\00?\12\00\00\00\00????\01\00?\11?G??\00\00\00\00\"\00\08\00 ?\09\00??????????{3605B612-C3CF-4ab4-A426-2D853391DB2E}\00??????\12?\00 ?\03\00\01???????????????? ???a\00\00??\06\00\00\00????\00\00???G?? \00\00\00\00\00\00\00\00\00\07\00???g???\05??????????????O????????????????\0d\12\00?I\01\00\01????????????\09\04?\01\00\04\00\01????????????\0a\04?\01\00\04\00\01????????????\10\04?\01\00\04\00\01????????????\09\04?\04\00\04\00\01????????????????????????????'???\13\04?\00\00\04\00\01??????????Z?????\14\04?\03\00\04\00\01????????????????\04\10\00?I\03\00\01????????\0c\04?P\00\04\00\01????????????\0f?\00??\01\00\01\00???????U???5\04?\02\00\04\00\01????????????????????????????????????????\0b\12\00??\01\00\01??????r?????\0a\04?\00\00\04\00\01???????????????pP\08\00?????????????\09\04?0\00\01\00\01u??????????????????4.0.30319.1001\00??????\08\04?\01\00\04\00\01???????WindowsUpdateAgent\00??????5\04?\02\00\04\00\01o???????????????????????????????O???????????????????\09?\00??\03\00\01????????????\0e\16\00??\01\00\01\00???????\00??v2.0.50727\00\00\012???\01???????????????????????\02?\\???e????System,2.0.0.0,,b77a5c561934e089\00\00???\14\02?\00\00\01\00\01I???????????\0c???\0c\02?\00\00\01\00\01\00???????????\01???????\01????X?y?CweepH-4c0GgRbuNkOJdVX0WA,Q7gxikdVf+=tm~DaANrww4CP%Pn2Qc!D7z'S6oPFP4WZ0UMtgPXl\02Servicing_Key\00\00?\0a???\06\04?\08\00\04\00\01/???????\0a\04??\00\04\00\01\00?????\00?????\0b4\00??\01\00\01????????????????????????????\00???\01???????????????????7\04?\02\00\04\00\01E???????????????????????????0???\04\04?\03\00\04\00\019???????\01????\08\00?????\07\04?\01\00\04\00\01????????9\04?P\03\04\00\01-????????????????????????????0??????'?'?'??? ????\00\00??\00\00\00\00????\01\00???G??\00 \00\00@\00Ô\00\02? \00???????????????????'?'?????\01???????\01???\01???\01???\14\02?\00\00\01\00\01\00???????????\15??? ???a\00\00?I\01\00\00\00????\00\00??????\10\00\00\00\00\00\00\00??\08\00???????\0bT\00??\01\00\01\00???????????5\04?\02\00\04\00\013???????????????????????????????\08\04?\00\00\04\00\017???????\01?'????????? ????\00\00??\00\00\00\00????\01\00?U?G??\00 \00\00\06\00\04\00??\05\00??a\00??10323\00???\08?\00??\01\00\01\00????0?02:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636\\ReleaseType\00n??? Ô\00??\01\00\01.????????????????\08\00?????\01???????\01????\08\00????KB2518870\00??? ???a\00\00??\01\00\00\00????\07\00?L????$\00\00\00\1c\00B\00 ?\02\00???????\0c\04?p\00\04\00\017???????\08???\00?\00??\07\00\00???? ???a\00\00??\00\00\00\00????&\00??????\00\00\00\00(\00\02\00??\12\00???????????????\09\12\00??\01\00\01????????????\01???????\03\04?;\00\01\00\01????????\05\04?\03\00\04\00\01\00??x\00???\08I\00??\03\00\01\00??????\15\00\00\00???\00\00\00\00\00???\00????I???????????????\05\00??\0c\00??a\00\00?\13\00??\00\00??\00\00???\00\00\00???\00\00\00\00\00???\00????\00\00??\00\00\00\00\00\00\00\00\01\00\00\00\00\00\03\00?\00\00\00???\00????\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00??\01\00\01\00\00\00A\00\01\00\00\00\00\00\00\00??? ????\00\00?'\00\00\00\00????\00\00??????\00 \00\00\00\00\00\00\00\00&\00???????????????????\00??? ????\00\00?'\00\00\00\00????\04\00??????\00 \00\00\16\00?\00\00\00&\00???????????????????\00???\04>\00??\01\00\01\00??\00\00??\\Microsoft\\Windows\\RAC\\RacTask\00\00\00\00???\02N\00??\01\00\01\00?\00\00\00\08\00\00\00?????\00\00\00\00\00\00\00\00\00\00\00??? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\0e\00???????\00??? ????\00\00??\00\00\00\00????\01\00???G??\00\00\00\00\1c\00I\00\00\00\01\001\00\00\00???\01??1\00???\0eI\00??\01\00\01\00???????\00??c:\\Windows\\assembly\\GAC_64\\Policy.1.0.Microsoft.Interop.Security.AzRoles\\6.1.7600.16385__31bf3856ad364e35\\Microsoft.Interop.Security.AzRoles.config\00\00\00??????? ????\00\00??\02\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00?\00???????????????????????????????5??? ????\00\00??\01\00\00\00????\00\00???G??\1c\00\00\00\00\00\00\00\00\00\01\004\00\00\00???\01??????? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\0e\00???????\00???\01??????? ????\00\00??\00\00\00\00????\01\00???G??\00\00\00\00\1c\00l\00\00\00\01\002\00\00\00???\01??2\00???\0el\00??\01\00\01\00???????\00??c:\\Windows\\assembly\\GAC_64\\Policy.1.2.Microsoft.Interop.Security.AzRoles\\6.1.7600.16385__31bf3856ad364e35\\Policy.1.2.Microsoft.Interop.Security.AzRoles.config\00\00\00\00??????? ????\00\00??\02\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00*\00?????????????????????\00\00\00???\01|??????\01??7\00??????? ????\00\00??\01\00\00\00????\00\00???G??\0e\00\00\00\00\00\00\00\00\00\01\004\00\00\00???\01??????? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\07\00???0???\01??????? ????\00\00??\00\00\00\00????\01\00???G??\00\00\00\00\1c\00Ü\00\00\00\01\003\00\00\00???\01??3\00???\0eÜ\00??\01\00\01\00???????\00@?c:\\Windows\\assembly\\GAC_64\\Policy.6.0.Microsoft.Ink\\6.1.0.0__31bf3856ad364e35\\Policy.6.0.Microsoft.Ink.config\00??????? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00*\00?????????????????????\00\00\00??? ????\00\00??\01\00\00\00????\00\00???G??\0e\00\00\00\00\00\00\00\00\00\01\002\00\00\00???\01??2\00??? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\07\00???0???\01??????? ????\00\00??\00\00\00\00????\01\00???G??\00\00\00\00\1c\00Ü\00\00\00\01\004\00\00\00???\01??4\00???\0eÜ\00??\01\00\01\00???????\00@?c:\\Windows\\assembly\\GAC_32\\Policy.1.0.Microsoft.Ink\\6.1.0.0__31bf3856ad364e35\\Policy.1.0.Microsoft.Ink.config\00??????? ????\00\00??\01\00\00\00????\00\00???G??\1c\00\00\00\00\00\00\00\00\00\01\002\00\00\00??? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\0e\00???????\00???\01??????? ????\00\00??\00\00\00\00????\01\00???G??\00\00\00\00\1c\00I\00\00\00\01\005\00\00\00???\01??5\00???\0eI\00??\01\00\01\00???????\00??c:\\Windows\\assembly\\GAC_32\\Policy.1.0.Microsoft.Interop.Security.AzRoles\\6.1.7600.16385__31bf3856ad364e35\\Microsoft.Interop.Security.AzRoles.config\00\00\00??????? ????\00\00??\01\00\00\00????\00\00???G??\1c\00\00\00\00\00\00\00\00\00\01\002\00\00\00??? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\0e\00???????\00??? ????\00\00??\00\00\00\00????\01\00@??G??\00\00\00\00\1c\00l\00\00\00\01\006\00\00\00???\01??6\00???\0el\00 ?\01\00\01\00???????\00??????? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00*\00?????????????????????\00\00\00???\0eC\00??\01\00\01????????????????????????\01U?2\00??????\00??\00\00\00\00\00\00\00\00\00\00\00??c:\\Windows\\assembly\\GAC_32\\Policy.1.2.Microsoft.Interop.Security.AzRoles\\6.1.7600.16385__31bf3856ad364e35\\Policy.1.2.Microsoft.Interop.Security.AzRoles.config\00\00\00\00??? ????\00\00H?\01\00\00\00????\00\00???G??\0e\00\00\00\00\00\00\00\00\00\01\002\00\00\00??? ????\00\00U?\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\07\00???0??? ????\00\00|?\00\00\00\00????\01\00???G??\00\00\00\00\1c\00Ü\00\00\00\01\007\00\00\00???\0eÜ\00??\01\00\01\00???????\00@?c:\\Windows\\assembly\\GAC_32\\Policy.1.7.Microsof"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-04  22:54:08
ComboFix-quarantined-files.txt  2013-09-05 03:53
.
Pre-Run: 4,008,722,432 bytes free
Post-Run: 4,057,612,288 bytes free
.
- - End Of File - - 84D548013F1AF52E98AAB45EB2C32495
A36C5E4F47E84449FF07ED3517B43A31
 

Share this post


Link to post
Share on other sites

Please save the attached file CFScript.txt to the same location as Combofix.exe and then close all open programs and drag and drop CFScript.txt onto Combofix to run it.

 

Then post back the new log when it's done.

 

CFScript.txt

Share this post


Link to post
Share on other sites

After running combo fix this time, my computer is trying to restart. One of my problems lately is that my computer often can't restart because it's always "Installing Update 1 of 1". Does the malware do that to keep my computer on, so that it can download more files? Sometimes I'll run ARO and I won't have this problem for a day or so. It always comes back.

 

Anyhow, its installing an update. Should I manually turn it off? That's what I've been doing, just turning it off.

Share this post


Link to post
Share on other sites

ComboFix 13-09-04.04 - Free Bird 09/05/2013   6:59.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.2185 [GMT -5:00]
Running from: c:\users\Free Bird\Downloads\ComboFix.exe
Command switches used :: c:\users\Free Bird\Downloads\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2374328083-628559870-3858990220-1000Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2374328083-628559870-3858990220-1000UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vToolbarUpdater15.4.0
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-05 to 2013-09-05  )))))))))))))))))))))))))))))))
.
.
2013-09-05 12:08 . 2013-09-05 12:08    --------    d-----w-    c:\users\TEMP\AppData\Local\temp
2013-09-05 12:08 . 2013-09-05 12:08    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-09-04 17:43 . 2013-09-04 17:43    --------    d-----w-    c:\program files\Paint.NET
2013-09-04 17:43 . 2013-09-04 17:56    --------    d-----w-    c:\users\Free Bird\AppData\Local\Paint.NET
2013-09-04 17:42 . 2013-09-04 17:50    --------    d-----w-    c:\program files (x86)\MyPC Backup
2013-09-04 17:42 . 2013-09-04 17:43    --------    d-----w-    c:\users\Free Bird\AppData\Roaming\SmartPCFix
2013-08-22 18:44 . 2013-08-22 18:44    --------    d-----w-    c:\programdata\Kaspersky Lab
2013-08-20 20:20 . 2013-08-20 20:20    17737608    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-08-20 15:23 . 2013-08-20 15:23    --------    d-----w-    c:\windows\ERUNT
2013-08-20 15:06 . 2013-08-20 15:06    --------    d-----w-    c:\users\Free Bird\AppData\Local\AVG SafeGuard toolbar
2013-08-20 15:06 . 2013-08-20 15:05    45856    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-08-20 15:06 . 2013-08-20 15:06    --------    d-----w-    c:\programdata\AVG SafeGuard toolbar
2013-08-20 15:06 . 2013-08-20 15:06    --------    d-----w-    c:\program files (x86)\AVG SafeGuard toolbar
2013-08-20 15:05 . 2013-08-20 15:05    --------    d--h--w-    c:\programdata\Common Files
2013-08-15 16:14 . 2013-07-19 01:41    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-08-15 16:14 . 2013-07-19 01:58    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-08-14 22:20 . 2013-08-14 22:20    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-08-14 01:58 . 2013-07-09 05:52    224256    ----a-w-    c:\windows\system32\wintrust.dll
2013-08-14 01:58 . 2013-07-09 05:46    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-08-14 01:58 . 2013-07-09 05:46    1472512    ----a-w-    c:\windows\system32\crypt32.dll
2013-08-14 01:58 . 2013-07-09 05:46    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-08-14 01:58 . 2013-07-09 04:52    175104    ----a-w-    c:\windows\SysWow64\wintrust.dll
2013-08-14 01:58 . 2013-07-09 04:46    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-08-14 01:58 . 2013-07-09 04:46    1166848    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-08-14 01:58 . 2013-07-09 04:46    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-08-08 05:46 . 2013-09-05 04:29    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-08-08 05:46 . 2013-09-05 04:28    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-08-08 05:46 . 2013-09-05 04:28    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-22 12:52 . 2013-07-25 02:28    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-08-22 12:51 . 2013-07-25 02:27    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-08-22 12:41 . 2013-07-25 02:27    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-08-20 20:20 . 2012-11-17 15:17    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-20 20:20 . 2012-11-17 15:17    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-05 15:45 . 2013-08-05 15:45    98304    ----a-w-    c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
2013-08-05 15:45 . 2013-08-05 15:45    24576    ----a-w-    c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
2013-08-05 15:45 . 2013-08-05 15:45    1347584    ----a-w-    c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
2013-07-25 02:27 . 2013-07-25 02:27    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-07-09 04:45 . 2013-08-14 01:57    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-07-06 16:13 . 2013-07-06 16:13    94208    ----a-w-    c:\windows\system32\drivers\lgvzandnetndis64.sys
2013-06-25 08:04 . 2013-06-25 08:04    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-06-25 08:04 . 2013-06-25 08:04    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-06-25 08:04 . 2013-06-25 08:04    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-06-25 08:04 . 2013-06-25 08:04    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-06-25 08:04 . 2013-06-25 08:04    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-06-25 08:04 . 2013-06-25 08:04    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-06-25 08:04 . 2013-06-25 08:04    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-25 08:04 . 2013-06-25 08:04    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-06-25 08:04 . 2013-06-25 08:04    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-06-25 08:04 . 2013-06-25 08:04    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-06-25 08:04 . 2013-06-25 08:04    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-06-25 08:04 . 2013-06-25 08:04    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-06-25 08:04 . 2013-06-25 08:04    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-06-25 08:04 . 2013-06-25 08:04    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-06-25 08:04 . 2013-06-25 08:04    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-06-25 08:04 . 2013-06-25 08:04    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-06-25 08:04 . 2013-06-25 08:04    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-06-25 08:04 . 2013-06-25 08:04    441856    ----a-w-    c:\windows\system32\html.iec
2013-06-25 08:04 . 2013-06-25 08:04    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-06-25 08:04 . 2013-06-25 08:04    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-06-25 08:04 . 2013-06-25 08:04    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-06-25 08:04 . 2013-06-25 08:04    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-06-25 08:04 . 2013-06-25 08:04    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-06-25 08:04 . 2013-06-25 08:04    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-06-25 08:04 . 2013-06-25 08:04    235008    ----a-w-    c:\windows\system32\url.dll
2013-06-25 08:04 . 2013-06-25 08:04    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-06-25 08:04 . 2013-06-25 08:04    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-06-25 08:04 . 2013-06-25 08:04    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-06-25 08:04 . 2013-06-25 08:04    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-06-25 08:04 . 2013-06-25 08:04    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-06-25 08:04 . 2013-06-25 08:04    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-06-25 08:04 . 2013-06-25 08:04    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-06-25 08:04 . 2013-06-25 08:04    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-06-25 08:04 . 2013-06-25 08:04    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-06-25 08:04 . 2013-06-25 08:04    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-06-25 08:04 . 2013-06-25 08:04    149504    ----a-w-    c:\windows\system32\occache.dll
2013-06-25 08:04 . 2013-06-25 08:04    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-06-25 08:04 . 2013-06-25 08:04    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-06-25 08:04 . 2013-06-25 08:04    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-06-25 08:04 . 2013-06-25 08:04    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-06-25 08:04 . 2013-06-25 08:04    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-06-25 08:04 . 2013-06-25 08:04    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-06-25 08:04 . 2013-06-25 08:04    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-06-25 08:04 . 2013-06-25 08:04    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-06-25 08:04 . 2013-06-25 08:04    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-06-25 08:04 . 2013-06-25 08:04    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-06-25 08:04 . 2013-06-25 08:04    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-06-25 08:04 . 2013-06-25 08:04    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-25 08:04 . 2013-06-25 08:04    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-06-25 08:03 . 2013-06-25 08:03    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    648192    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-06-25 08:03 . 2013-06-25 08:03    604160    ----a-w-    c:\windows\SysWow64\d3d10level9.dll
2013-06-25 08:03 . 2013-06-25 08:03    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    522752    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2013-06-25 08:03 . 2013-06-25 08:03    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-06-25 08:03 . 2013-06-25 08:03    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-06-25 08:03 . 2013-06-25 08:03    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2013-06-25 08:03 . 2013-06-25 08:03    364544    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-25 08:03 . 2013-06-25 08:03    363008    ----a-w-    c:\windows\system32\dxgi.dll
2013-06-25 08:03 . 2013-06-25 08:03    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2013-06-25 08:03 . 2013-06-25 08:03    333312    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-06-25 08:03 . 2013-06-25 08:03    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    296960    ----a-w-    c:\windows\system32\d3d10core.dll
2013-06-25 08:03 . 2013-06-25 08:03    293376    ----a-w-    c:\windows\SysWow64\dxgi.dll
2013-06-25 08:03 . 2013-06-25 08:03    2776576    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2013-06-25 08:03 . 2013-06-25 08:03    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-06-25 08:03 . 2013-06-25 08:03    2560    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    249856    ----a-w-    c:\windows\SysWow64\d3d10_1core.dll
2013-06-25 08:03 . 2013-06-25 08:03    245248    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2013-06-25 08:03 . 2013-06-25 08:03    2284544    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2013-06-25 08:03 . 2013-06-25 08:03    221184    ----a-w-    c:\windows\system32\UIAnimation.dll
2013-06-25 08:03 . 2013-06-25 08:03    220160    ----a-w-    c:\windows\SysWow64\d3d10core.dll
2013-06-25 08:03 . 2013-06-25 08:03    207872    ----a-w-    c:\windows\SysWow64\WindowsCodecsExt.dll
2013-06-25 08:03 . 2013-06-25 08:03    1988096    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2013-06-25 08:03 . 2013-06-25 08:03    194560    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-06-25 08:03 . 2013-06-25 08:03    187392    ----a-w-    c:\windows\SysWow64\UIAnimation.dll
2013-06-25 08:03 . 2013-06-25 08:03    1682432    ----a-w-    c:\windows\system32\XpsPrint.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"DellComms"="c:\program files (x86)\Dell\DellComms\bin\sprtcmd.exe" [2009-05-05 206064]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-05-12 623888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-03-01 295072]
.
c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AllChars.lnk - c:\program files (x86)\AllChars\AllChars.exe [2007-7-25 626688]
Desktop Manager.lnk - c:\program files (x86)\Research In Motion\BlackBerry\DesktopMgr.exe [2009-5-12 1701136]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\DRIVERS\lgvzandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetdiag64.sys [x]
R3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\DRIVERS\lgvzandnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetmdm64.sys [x]
R3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgvzandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetndis64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe;c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-02 20:44    1177552    ----a-w-    c:\program files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-17 20:20]
.
2013-09-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2374328083-628559870-3858990220-1000Core.job
- c:\users\Free Bird\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-06 13:40]
.
2013-09-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2374328083-628559870-3858990220-1000UA.job
- c:\users\Free Bird\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-06 13:40]
.
2013-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 01:53]
.
2013-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 01:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-09-16 357376]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-09 8158240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-04 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-04 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-04 408600]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Save the YouTube video as MP3 - c:\users\Free Bird\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Free Bird\AppData\Roaming\Mozilla\Firefox\Profiles\eciapt2f.default\
FF - prefs.js: keyword.URL -
FF - ExtSQL: 2013-08-05 09:48; jid1-RgQXqotzndApjg@jetpack; c:\users\Free Bird\AppData\Roaming\Mozilla\Firefox\Profiles\eciapt2f.default\extensions\jid1-RgQXqotzndApjg@jetpack
FF - ExtSQL: !HIDDEN! 2010-05-19 16:30; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-{D551E02B-7161-C34D-6485-6FB979997236} - c:\progra~3\INSTAL~2\{4FE0A~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\f*]
@=multi:"?\02??????http://www.microsoft.com/\00???\00H\00??\01\00\00????????\06\04?\05\00\04\00\01\00???\00??:RTM.1.1;:#RTM.1.1\00??\0c??NDP40-KB2518870.msp\00?\00???\00z\00??\01\00\00???? ????\00\00?\01\01\00\00\00????\00\00??????\18 \00\00\00\00\00\00?\00\17\00???????????n??? ????\00\00??\00\00\00\00????\02\00??????\00 \00\00\0a\00N\00?\00\0c\00???????????\01???????\02N\00??\01\00\01??g????{00BB5F5C-4A20-4FD6-8900-4699F989BF01}\00G?????????\05\04?\00\00\04\00\01????????????\08???\008\00??\01\00\00????\01???????\00P\00??\01\00\00????????\01???\01???????????\0f\01?\01\00\03\00\01????????1??????????????????????4.0.30319\00???????????\0d&\00??\01\00\01\00???????????\0e\14\00??\01\00\01U???????t???????\09\04?\00\00\04\00\01\00???????L???????\06\04?\05\00\04\00\01????????\04\10\00??\03\00\01????`???\06\04?\05\00\04\00\01???????? ????\00\00??\00\00\00\00????\01\00???G??\00 \00\00\06\00\04\00??\05\00??????n;1;d:\\4f330366dd525ac60a532998ee8840e1\\\00\00??? ????\00\00??\00\00\00\00????\01\00??????\00 \00\00\18\00@\00\00\00 \00???????????????????\0c@\00??\01\00\01\00??????????????? ???a\00\00?Iz\00\00\00????\00\00??????\10\00\00\00\00\00\00\00\00\00\02\00?\00\00\00???\01?????????\00\00\00\00\00\00\00\00\00\00\00??? ???a\00\00??\01\00\00\00?i??\02\00?g?G??\0a \00\00\1c\00:\00\02\00\0a\00???????????\01???????????\00?\00??\01\00\00?\08\00?????\01???????\06\04?\05\00\04\00\01?????x?? ???a\00\00?I\01\00\00\00?U??\03\00???H??\02\00\00\00\18\00\04\00?gW\00???????????????????????????????????????????????\08\04?\01\00\04\00\01????????\0c\04?\01\00\04\00\01????????????????????\0bx\00??\01\00\01C?????eA\00??? ????\00\00??\00\00\00\00????\08\00??????\00 \00\00\1a\004\00?? \00???????????????????\00.\00??\01\00\00?\08\00?????\06\04?\05\00\04\00\01????`x?? ???a\00\00?I\01\00\00\00????\01\00???H??\02\00\00\00\0c\00\04\00??U\00??????????????????????????????????????????? ??? ???a\00\00??\01\00\00\00????\00\00??????\0e\00\00\00\00\00\00\00??\07\00???????\04\04?\03\00\04\00\017???????\0a\04?\00\00\04\00\01??????\00?\08???\00H\00??\01\00\00????\06\04?\05\00\04\00\01????????????????????\00P\00??\01\00\00???\07\00?????????\00?\00????????????????????????????????????????????? ?????????? ? ? ? ???????????????? ???????????????? ?????????? ???\00\00\01\00\01\00\01\00\02\00?????????\00?\00????????? ?????????? ? ? ? ???????????????? ???????????????????????????? ??\00\00\00\00\00\00?????????\00?\00??????????? ?????????? ? ? ? ???????????????? ???????????????????????????? ??\00\00\02\00\01\00\04\00\02\00\03\00\06\00?????????\00?\00????????????????????? ?????????? ? ? ? ???????????????? ???????????????? ?????????? ???\00\00\02\00\01\00\04\00\02\00\02\00\05\00?????????\00?\00??????? ?????????? ? ? ? ???????????????? ???????????????????????????? ??\00\00\01\00\01\00\02\00\03\00\02\00?????????\00?\00???????????????? ?????????? ? ? ? ???????????????? ???????????????? ?????????? ???\00\00\02\00\01\00\04\00\01\00\02\00?????????\00?\00??????????????????? ?????????? ? ? ? ???????????????? ???????????????????????????? ??\00\00\03\00\01\00\02\00\04\00\00\00????? ???A\00\00??\00\00\00\00????\0a\00???G??\00 \00\00 \00N\00cr \00???????????????????\09N\00??\01\00\01 ????Dle\00??{C8B8456C-6A12-3725-95A8-1C9FBE1E3141}\00??U???????????????\01?????????'????? ???a\00\00??\01\00\00\00????\02\00?I?G??\0a \00\00\1c\00R\00??\0a\00??????Sy??v2.0.50727\00??????\06\04?\05\00\04\00\01H???H???O?e????6.1\00\00\00??20110616\00???? ????\00\00??\01\00\00\00????\00\00??????\10\00\00\00\00\00\00\00\00\00\08\00??????? W??a\00\00??\01\00\00\00????\00\00??????\06\00\00\00\00\00\00\00\00\00\08\00???????\01???????\00?\00??\01\00\00???????????c:\\Windows\\Installer\\aad5a3.msp\00\01e??? ê\00??\01\00\01???????????????????Microsoft Corporation\00???\08\04?\00\00\04\00\017???????'?'?????\01???????O?e?????\09,\00??\01\00\01????????????\00j\00??\01\00\00???????????? ???a\00\00??\02\00\00\00????\00\00??????\06\00\00\00\00\00\00\00??\07\00???????\0eR\00??\02\00\01\00???????????\"??????? ???a\00\00??\02\00\00\00????\00\00??????\04\00\00\00\00\00\00\00\00\00\08\00??????? ????\00\00??\01\00\00\00????\00\00???G??\14 \00\00\00\00\00\00?? \00???????????????????\01???????? \00\00\00\00\00\00\00\00\00\00\00??? ????\00\00?\01\02\00\00\00????\00\00??????\10 \00\00\00\00\00\00 ?\03\00?? ???? ????\00\00??\00\00\00\00????\02\00??????\00 \00\00\0a\00N\00??\07\00??????{EACA24FF-236C-401D-A1E7-B3D5267B8A50}\00ati???\05\04?\03\00\04\00\01s??x=??????0,???\08?\00??\03\00\01u??????\15\00\00\00???\00\00\00\00\00???\00????????????????????\05\00??\0c\00??a\00\00?\13\00??\00\00??8\00??\00\00??\00\00??\07\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00?\00\00\00???\00\00\00\00\00???\00????\00\00??\00\00\00\00\00\00\00\00a\00\00? \00\00\00¨\00\00\00<QueryList><Query Id=\"0\" Path=\"Application\"><Select Path=\"Application\">*[system[Provider[@Name=Microsoft-Windows-CEIP] and EventID=1007]]</Select></Query></QueryList>\00???\00\00\00\00\00\00\00\00\00\00\00\00?\00\00\00???\00????\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00?\00\00\00??\00\00\00\00\00\00A\00\01\00?\00\00\00?????\01????X?(zx%1vfio6%~Kdl!r37Uj[]_*hKLm4KMgS$%Bi0uM7&8F&'US5+MgonWiCS[p,l'jnphH8z0NI,~n019\02Servicing_Key\00\00?\00??42\00ˆ?????\01??????????????? &\00??\01\00\01b???????????????????\0b(\00??\01\00\01???????????? ????\00\00??\00\00\00\00????\02\00??????\00 \00\00\0a\00N\00??\08\00???????\02???????????\02N\00??\01\00\01???????{7F9C951C-D364-4B70-8D07-D2C9B7F76E35}\00??????\05\04?\00\00\04\00\01????????\03\04?;\00\01\00\01????????\0e6\00??\02\00\01????????????\03\16\00??\01\00\019????x?? ????\00\00?ý\01\00\00\00????\01\00???I??\06 \00\00\00\00\08\00?iT\00??????????????????????????????????????????\00\00???\0e\01?\01\00\03\00\01\00???????????i??????? ????\00\00?'\00\00\00\00????\00\00??????\00 \00\00\00\00\00\00??&\00??????????????????????? ????\00\00?'\00\00\00\00????\04\00??????\00 \00\00\16\00C\00??&\00??????????????????? ???\04d\00??\01\00\01???????\\Microsoft\\Windows\\Multimedia\\SystemSoundsService\00??? ????\00\00?\01\01\00\00\00????\00\00??????& \00\00\00\00\00\00??\0a\00??????????? ????\00\00??\00\00\00\00????\02\00??????\00 \00\00\0a\00N\00\00\00\13\00???????????????\01???????\02N\00??\01\00\01???????{2470470F-2634-478E-B181-571E98A789BB}\00 ?????\05\04?\02\00\04\00\01???x\00??????\0d\00???\08C\00??\03\00\01???????\15\00\00\00???\00\00\00\00\00???\00????????????????????\04\00??\10\00???\00\00? \00?\00\00\00??8\00??\00\00??\00\00??\07\00\00\00\00\00\00\00\00\00\00\00\00\00up\00\00\00\00?\00\00\00???\00\00\00\00\00???\00????\00\00??\00\00\00\00\00\00\00\00\01\00\00\00\00\00\03\00????? ???\01??????? ????\00\00?g\01\00\00\00????\00\00???G??\0e\00\00\00\00\00\00\00??\0f\00???????y???\03?g???I????????????? ???A\00\00??\1a\00\00\00????\06\00???G???\00\00\00*\00\08\00? \07\00???????\01???????\09\04???\03\00\01???????? ??? ????\00\00??\02\00\00\00?I??\00\00???G??\02\00\00\00\00\00\00\00\00\01?\00???????????????????????????????`??????????? ????\00\00??\01\00\00\00????\00\00???G??\1c\00\00\00\00\00\00\00??\01\00??????REG_SZ???\01???????\02??2\00??4\00??? ???a\00\00?\12\00\00\00\00????\01\00?\11?G??\00\00\00\00\"\00\08\00 ?\09\00??????????{3605B612-C3CF-4ab4-A426-2D853391DB2E}\00??????\12?\00 ?\03\00\01???????????????? ???a\00\00??\06\00\00\00????\00\00???G?? \00\00\00\00\00\00\00\00\00\07\00???g???\05??????????????O????????????????\0d\12\00?I\01\00\01????????????\09\04?\01\00\04\00\01????????????\0a\04?\01\00\04\00\01????????????\10\04?\01\00\04\00\01????????????\09\04?\04\00\04\00\01????????????????????????????'???\13\04?\00\00\04\00\01??????????Z?????\14\04?\03\00\04\00\01????????????????\04\10\00?I\03\00\01????????\0c\04?P\00\04\00\01????????????\0f?\00??\01\00\01\00???????U???5\04?\02\00\04\00\01????????????????????????????????????????\0b\12\00??\01\00\01??????r?????\0a\04?\00\00\04\00\01???????????????pP\08\00?????????????\09\04?0\00\01\00\01u??????????????????4.0.30319.1001\00??????\08\04?\01\00\04\00\01???????WindowsUpdateAgent\00??????5\04?\02\00\04\00\01o???????????????????????????????O???????????????????\09?\00??\03\00\01????????????\0e\16\00??\01\00\01\00???????\00??v2.0.50727\00\00\012???\01???????????????????????\02?\\???e????System,2.0.0.0,,b77a5c561934e089\00\00???\14\02?\00\00\01\00\01I???????????\0c???\0c\02?\00\00\01\00\01\00???????????\01???????\01????X?y?CweepH-4c0GgRbuNkOJdVX0WA,Q7gxikdVf+=tm~DaANrww4CP%Pn2Qc!D7z'S6oPFP4WZ0UMtgPXl\02Servicing_Key\00\00?\0a???\06\04?\08\00\04\00\01/???????\0a\04??\00\04\00\01\00?????\00?????\0b4\00??\01\00\01????????????????????????????\00???\01???????????????????7\04?\02\00\04\00\01E???????????????????????????0???\04\04?\03\00\04\00\019???????\01????\08\00?????\07\04?\01\00\04\00\01????????9\04?P\03\04\00\01-????????????????????????????0??????'?'?'??? ????\00\00??\00\00\00\00????\01\00???G??\00 \00\00@\00Ô\00\02? \00???????????????????'?'?????\01???????\01???\01???\01???\14\02?\00\00\01\00\01\00???????????\15??? ???a\00\00?I\01\00\00\00????\00\00??????\10\00\00\00\00\00\00\00??\08\00???????\0bT\00??\01\00\01\00???????????5\04?\02\00\04\00\013???????????????????????????????\08\04?\00\00\04\00\017???????\01?'????????? ????\00\00??\00\00\00\00????\01\00?U?G??\00 \00\00\06\00\04\00??\05\00??a\00??10323\00???\08?\00??\01\00\01\00????0?02:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636\\ReleaseType\00n??? Ô\00??\01\00\01.????????????????\08\00?????\01???????\01????\08\00????KB2518870\00??? ???a\00\00??\01\00\00\00????\07\00?L????$\00\00\00\1c\00B\00 ?\02\00???????\0c\04?p\00\04\00\017???????\08???\00?\00??\07\00\00???? ???a\00\00??\00\00\00\00????&\00??????\00\00\00\00(\00\02\00??\12\00???????????????\09\12\00??\01\00\01????????????\01???????\03\04?;\00\01\00\01????????\05\04?\03\00\04\00\01\00??x\00???\08I\00??\03\00\01\00??????\15\00\00\00???\00\00\00\00\00???\00????I???????????????\05\00??\0c\00??a\00\00?\13\00??\00\00??\00\00???\00\00\00???\00\00\00\00\00???\00????\00\00??\00\00\00\00\00\00\00\00\01\00\00\00\00\00\03\00?\00\00\00???\00????\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00??\01\00\01\00\00\00A\00\01\00\00\00\00\00\00\00??? ????\00\00?'\00\00\00\00????\00\00??????\00 \00\00\00\00\00\00\00\00&\00???????????????????\00??? ????\00\00?'\00\00\00\00????\04\00??????\00 \00\00\16\00?\00\00\00&\00???????????????????\00???\04>\00??\01\00\01\00??\00\00??\\Microsoft\\Windows\\RAC\\RacTask\00\00\00\00???\02N\00??\01\00\01\00?\00\00\00\08\00\00\00?????\00\00\00\00\00\00\00\00\00\00\00??? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\0e\00???????\00??? ????\00\00??\00\00\00\00????\01\00???G??\00\00\00\00\1c\00I\00\00\00\01\001\00\00\00???\01??1\00???\0eI\00??\01\00\01\00???????\00??c:\\Windows\\assembly\\GAC_64\\Policy.1.0.Microsoft.Interop.Security.AzRoles\\6.1.7600.16385__31bf3856ad364e35\\Microsoft.Interop.Security.AzRoles.config\00\00\00??????? ????\00\00??\02\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00?\00???????????????????????????????5??? ????\00\00??\01\00\00\00????\00\00???G??\1c\00\00\00\00\00\00\00\00\00\01\004\00\00\00???\01??????? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\0e\00???????\00???\01??????? ????\00\00??\00\00\00\00????\01\00???G??\00\00\00\00\1c\00l\00\00\00\01\002\00\00\00???\01??2\00???\0el\00??\01\00\01\00???????\00??c:\\Windows\\assembly\\GAC_64\\Policy.1.2.Microsoft.Interop.Security.AzRoles\\6.1.7600.16385__31bf3856ad364e35\\Policy.1.2.Microsoft.Interop.Security.AzRoles.config\00\00\00\00??????? ????\00\00??\02\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00*\00?????????????????????\00\00\00???\01|??????\01??7\00??????? ????\00\00??\01\00\00\00????\00\00???G??\0e\00\00\00\00\00\00\00\00\00\01\004\00\00\00???\01??????? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\07\00???0???\01??????? ????\00\00??\00\00\00\00????\01\00???G??\00\00\00\00\1c\00Ü\00\00\00\01\003\00\00\00???\01??3\00???\0eÜ\00??\01\00\01\00???????\00@?c:\\Windows\\assembly\\GAC_64\\Policy.6.0.Microsoft.Ink\\6.1.0.0__31bf3856ad364e35\\Policy.6.0.Microsoft.Ink.config\00??????? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00*\00?????????????????????\00\00\00??? ????\00\00??\01\00\00\00????\00\00???G??\0e\00\00\00\00\00\00\00\00\00\01\002\00\00\00???\01??2\00??? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\07\00???0???\01??????? ????\00\00??\00\00\00\00????\01\00???G??\00\00\00\00\1c\00Ü\00\00\00\01\004\00\00\00???\01??4\00???\0eÜ\00??\01\00\01\00???????\00@?c:\\Windows\\assembly\\GAC_32\\Policy.1.0.Microsoft.Ink\\6.1.0.0__31bf3856ad364e35\\Policy.1.0.Microsoft.Ink.config\00??????? ????\00\00??\01\00\00\00????\00\00???G??\1c\00\00\00\00\00\00\00\00\00\01\002\00\00\00??? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\0e\00???????\00???\01??????? ????\00\00??\00\00\00\00????\01\00???G??\00\00\00\00\1c\00I\00\00\00\01\005\00\00\00???\01??5\00???\0eI\00??\01\00\01\00???????\00??c:\\Windows\\assembly\\GAC_32\\Policy.1.0.Microsoft.Interop.Security.AzRoles\\6.1.7600.16385__31bf3856ad364e35\\Microsoft.Interop.Security.AzRoles.config\00\00\00??????? ????\00\00??\01\00\00\00????\00\00???G??\1c\00\00\00\00\00\00\00\00\00\01\002\00\00\00??? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\0e\00???????\00??? ????\00\00??\00\00\00\00????\01\00@??G??\00\00\00\00\1c\00l\00\00\00\01\006\00\00\00???\01??6\00???\0el\00 ?\01\00\01\00???????\00??????? ????\00\00??\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00*\00?????????????????????\00\00\00???\0eC\00??\01\00\01????????????????????????\01U?2\00??????\00??\00\00\00\00\00\00\00\00\00\00\00??c:\\Windows\\assembly\\GAC_32\\Policy.1.2.Microsoft.Interop.Security.AzRoles\\6.1.7600.16385__31bf3856ad364e35\\Policy.1.2.Microsoft.Interop.Security.AzRoles.config\00\00\00\00??? ????\00\00H?\01\00\00\00????\00\00???G??\0e\00\00\00\00\00\00\00\00\00\01\002\00\00\00??? ????\00\00U?\01\00\00\00????\00\00???G??\02\00\00\00\00\00\00\00\00\00\07\00???0??? ????\00\00|?\00\00\00\00????\01\00???G??\00\00\00\00\1c\00Ü\00\00\00\01\007\00\00\00???\0eÜ\00??\01\00\01\00???????\00@?c:\\Windows\\assembly\\GAC_32\\Policy.1.7.Microsof"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2013-09-05  09:17:20 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-05 14:17
ComboFix2.txt  2013-09-05 03:56
.
Pre-Run: 4,060,160,000 bytes free
Post-Run: 3,795,431,424 bytes free
.
- - End Of File - - 99CCE788C8A84312062497157A468A0F
A36C5E4F47E84449FF07ED3517B43A31
 

Share this post


Link to post
Share on other sites

I see things in the log that look like they're related to Flash Player. I've had problems with Flash almost since I've had this computer. I don't know if that matters or not, just thought I'd mention it.

Share this post


Link to post
Share on other sites

Can you please start REGEDIT.EXE and then browse to this key and then right click and choose EXPORT

In the Save-As type please choose Registry Hive Files *.* and save it as HKLM_UserData.TXT

 

HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData

 

Then attach it to your next reply.   It's not really a text file but we want the board to allow it to be uploaded so use the "More Reply Options" button and choose to attach it when ready.

 

Thanks

Share this post


Link to post
Share on other sites

Okay this fix is going to be a bit more involved. 

 

I need you to do the following please.

 

STEP 1

Make a new ERUNT Registry Backup.

 

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
STEP 2

Create a new System Restore Point

How to Create a System Restore Point in Windows 7

 

 

STEP 3

Now open REGEDIT.EXE and browse to the following location.

 

HKEY_LOCAL_MACHINE\_Kodiak\S-1-5-18\Components

 

Then if you highlight any key just below that you can then press the F key on the keyboard and it will automatically walk down to the keys starting with the letter F

 

 

Then scroll all the way down to the bottom entry of the Components section and you'll notice there are 2 strange named characters there that are like in another language.

 

I want you to highlight each one and delete it.  Then reboot the computer and run Combofix again and post back the new log.

 

If you look in the current log from your last Combofix run you'll see an entry that starts like this below and I believe it is due to those 2 bad entries in the Registry.

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\f*]

@=multi:"?\02??????http://www.microsoft.com/\00???\00H\00??\01\00\00????????\06\04?\05\00\04\00\01\00???\00??:RTM.1.1;:#RTM.1.1\00??\0c??NDP40-KB2518870.msp\00?\00???\00z\00??\01\00\00???? ????\00\00?\01\01\00\00\00????\00\00??????\18 \00\00\00\00\00\00?\00\17\00???????????n??? ????\00\00??\00\00\00\00????\02\00??????\00 \00\00\0a\00N\00?\00\0c\00???????????\01???????\02N\00??\01\00\01??g????{00BB5F5C-4A20-4FD6-8900-4699F989BF01}\00G?????????\05\04?\00\00\04\00\01????????????\08???\008\00??\01\00\00????\01???????\00P\00??\01\00\00????????

 

 

If you have any questions please let me know.

Share this post


Link to post
Share on other sites

Question: I have so many things stored in my D drive. Do I need to turn on system protection for my D drive? Am I in any danger of losing files there? Or can I leave the protection off?

Share this post


Link to post
Share on other sites

System Restore is not a backup and only monitors certain files.  If you're not already backing up your files to an external USB drive or some sort of online backup then I would highly suggest that you do start backing up to an external drive.  Do not keep the drive connected all the time though, only while backing up. If the computer were to get infected with the backup drive connected then that data could very easily be compromised as well.  Never connect the backup drive to the computer if you think it may be infected, get it cleaned first.

 

Let me know once you've fixed that Registry entry please.

Share this post


Link to post
Share on other sites

OK, I deleted the two keys with the strange alphabet names. Now I'm going to do the combo fix. Question - all of those F, FF, and FFF keys - Is that where I'm losing space on my harddrive? Are those the folders that are being saved automatically in my C drive? You didn't tell me to delete them, so I've left everything alone, other than the two keys that were down at the bottom of the list.

 

Thanks.

Share this post


Link to post
Share on other sites

Looks better!

 

ComboFix 13-09-06.01 - Free Bird 09/06/2013  23:12:59.4.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.2601 [GMT -5:00]
Running from: c:\users\Free Bird\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-07 to 2013-09-07  )))))))))))))))))))))))))))))))
.
.
2013-09-07 04:25 . 2013-09-07 04:25    --------    d-----w-    c:\users\TEMP\AppData\Local\temp
2013-09-07 04:25 . 2013-09-07 04:25    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-09-06 14:17 . 2013-09-06 14:17    --------    d-----w-    c:\program files (x86)\ERUNT
2013-09-04 17:43 . 2013-09-04 17:43    --------    d-----w-    c:\program files\Paint.NET
2013-09-04 17:43 . 2013-09-04 17:56    --------    d-----w-    c:\users\Free Bird\AppData\Local\Paint.NET
2013-09-04 17:42 . 2013-09-04 17:50    --------    d-----w-    c:\program files (x86)\MyPC Backup
2013-09-04 17:42 . 2013-09-04 17:43    --------    d-----w-    c:\users\Free Bird\AppData\Roaming\SmartPCFix
2013-08-22 18:44 . 2013-08-22 18:44    --------    d-----w-    c:\programdata\Kaspersky Lab
2013-08-20 20:20 . 2013-08-20 20:20    17737608    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-08-20 15:23 . 2013-08-20 15:23    --------    d-----w-    c:\windows\ERUNT
2013-08-20 15:06 . 2013-08-20 15:06    --------    d-----w-    c:\users\Free Bird\AppData\Local\AVG SafeGuard toolbar
2013-08-20 15:06 . 2013-08-20 15:05    45856    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-08-20 15:06 . 2013-08-20 15:06    --------    d-----w-    c:\programdata\AVG SafeGuard toolbar
2013-08-20 15:06 . 2013-08-20 15:06    --------    d-----w-    c:\program files (x86)\AVG SafeGuard toolbar
2013-08-20 15:05 . 2013-08-20 15:05    --------    d--h--w-    c:\programdata\Common Files
2013-08-15 16:14 . 2013-07-19 01:41    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-08-15 16:14 . 2013-07-19 01:58    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-08-14 22:20 . 2013-08-14 22:20    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-08-14 01:58 . 2013-07-09 05:52    224256    ----a-w-    c:\windows\system32\wintrust.dll
2013-08-14 01:58 . 2013-07-09 05:46    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-08-14 01:58 . 2013-07-09 05:46    1472512    ----a-w-    c:\windows\system32\crypt32.dll
2013-08-14 01:58 . 2013-07-09 05:46    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-08-14 01:58 . 2013-07-09 04:52    175104    ----a-w-    c:\windows\SysWow64\wintrust.dll
2013-08-14 01:58 . 2013-07-09 04:46    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-08-14 01:58 . 2013-07-09 04:46    1166848    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-08-14 01:58 . 2013-07-09 04:46    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-08-08 05:46 . 2013-09-05 04:29    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-08-08 05:46 . 2013-09-05 04:28    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-08-08 05:46 . 2013-09-05 04:28    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-22 12:52 . 2013-07-25 02:28    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-08-22 12:51 . 2013-07-25 02:27    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-08-22 12:41 . 2013-07-25 02:27    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-08-20 20:20 . 2012-11-17 15:17    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-20 20:20 . 2012-11-17 15:17    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-05 15:45 . 2013-08-05 15:45    98304    ----a-w-    c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
2013-08-05 15:45 . 2013-08-05 15:45    24576    ----a-w-    c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
2013-08-05 15:45 . 2013-08-05 15:45    1347584    ----a-w-    c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
2013-07-25 02:27 . 2013-07-25 02:27    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-07-09 04:45 . 2013-08-14 01:57    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-07-06 16:13 . 2013-07-06 16:13    94208    ----a-w-    c:\windows\system32\drivers\lgvzandnetndis64.sys
2013-06-25 08:04 . 2013-06-25 08:04    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-06-25 08:04 . 2013-06-25 08:04    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-06-25 08:04 . 2013-06-25 08:04    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-06-25 08:04 . 2013-06-25 08:04    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-06-25 08:04 . 2013-06-25 08:04    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-06-25 08:04 . 2013-06-25 08:04    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-06-25 08:04 . 2013-06-25 08:04    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-25 08:04 . 2013-06-25 08:04    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-06-25 08:04 . 2013-06-25 08:04    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-06-25 08:04 . 2013-06-25 08:04    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-06-25 08:04 . 2013-06-25 08:04    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-06-25 08:04 . 2013-06-25 08:04    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-06-25 08:04 . 2013-06-25 08:04    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-06-25 08:04 . 2013-06-25 08:04    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-06-25 08:04 . 2013-06-25 08:04    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-06-25 08:04 . 2013-06-25 08:04    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-06-25 08:04 . 2013-06-25 08:04    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-06-25 08:04 . 2013-06-25 08:04    441856    ----a-w-    c:\windows\system32\html.iec
2013-06-25 08:04 . 2013-06-25 08:04    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-06-25 08:04 . 2013-06-25 08:04    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-06-25 08:04 . 2013-06-25 08:04    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-06-25 08:04 . 2013-06-25 08:04    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-06-25 08:04 . 2013-06-25 08:04    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-06-25 08:04 . 2013-06-25 08:04    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-06-25 08:04 . 2013-06-25 08:04    235008    ----a-w-    c:\windows\system32\url.dll
2013-06-25 08:04 . 2013-06-25 08:04    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-06-25 08:04 . 2013-06-25 08:04    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-06-25 08:04 . 2013-06-25 08:04    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-06-25 08:04 . 2013-06-25 08:04    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-06-25 08:04 . 2013-06-25 08:04    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-06-25 08:04 . 2013-06-25 08:04    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-06-25 08:04 . 2013-06-25 08:04    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-06-25 08:04 . 2013-06-25 08:04    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-06-25 08:04 . 2013-06-25 08:04    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-06-25 08:04 . 2013-06-25 08:04    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-06-25 08:04 . 2013-06-25 08:04    149504    ----a-w-    c:\windows\system32\occache.dll
2013-06-25 08:04 . 2013-06-25 08:04    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-06-25 08:04 . 2013-06-25 08:04    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-06-25 08:04 . 2013-06-25 08:04    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-06-25 08:04 . 2013-06-25 08:04    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-06-25 08:04 . 2013-06-25 08:04    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-06-25 08:04 . 2013-06-25 08:04    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-06-25 08:04 . 2013-06-25 08:04    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-06-25 08:04 . 2013-06-25 08:04    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-06-25 08:04 . 2013-06-25 08:04    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-06-25 08:04 . 2013-06-25 08:04    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-06-25 08:04 . 2013-06-25 08:04    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-06-25 08:04 . 2013-06-25 08:04    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-25 08:04 . 2013-06-25 08:04    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-06-25 08:03 . 2013-06-25 08:03    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    648192    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-06-25 08:03 . 2013-06-25 08:03    604160    ----a-w-    c:\windows\SysWow64\d3d10level9.dll
2013-06-25 08:03 . 2013-06-25 08:03    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    522752    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2013-06-25 08:03 . 2013-06-25 08:03    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-06-25 08:03 . 2013-06-25 08:03    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-06-25 08:03 . 2013-06-25 08:03    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2013-06-25 08:03 . 2013-06-25 08:03    364544    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-25 08:03 . 2013-06-25 08:03    363008    ----a-w-    c:\windows\system32\dxgi.dll
2013-06-25 08:03 . 2013-06-25 08:03    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2013-06-25 08:03 . 2013-06-25 08:03    333312    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-06-25 08:03 . 2013-06-25 08:03    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    296960    ----a-w-    c:\windows\system32\d3d10core.dll
2013-06-25 08:03 . 2013-06-25 08:03    293376    ----a-w-    c:\windows\SysWow64\dxgi.dll
2013-06-25 08:03 . 2013-06-25 08:03    2776576    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2013-06-25 08:03 . 2013-06-25 08:03    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-06-25 08:03 . 2013-06-25 08:03    2560    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-25 08:03 . 2013-06-25 08:03    249856    ----a-w-    c:\windows\SysWow64\d3d10_1core.dll
2013-06-25 08:03 . 2013-06-25 08:03    245248    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2013-06-25 08:03 . 2013-06-25 08:03    2284544    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2013-06-25 08:03 . 2013-06-25 08:03    221184    ----a-w-    c:\windows\system32\UIAnimation.dll
2013-06-25 08:03 . 2013-06-25 08:03    220160    ----a-w-    c:\windows\SysWow64\d3d10core.dll
2013-06-25 08:03 . 2013-06-25 08:03    207872    ----a-w-    c:\windows\SysWow64\WindowsCodecsExt.dll
2013-06-25 08:03 . 2013-06-25 08:03    1988096    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2013-06-25 08:03 . 2013-06-25 08:03    194560    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-06-25 08:03 . 2013-06-25 08:03    187392    ----a-w-    c:\windows\SysWow64\UIAnimation.dll
2013-06-25 08:03 . 2013-06-25 08:03    1682432    ----a-w-    c:\windows\system32\XpsPrint.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"DellComms"="c:\program files (x86)\Dell\DellComms\bin\sprtcmd.exe" [2009-05-05 206064]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-05-12 623888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-03-01 295072]
.
c:\users\Free Bird\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AllChars.lnk - c:\program files (x86)\AllChars\AllChars.exe [2007-7-25 626688]
Desktop Manager.lnk - c:\program files (x86)\Research In Motion\BlackBerry\DesktopMgr.exe [2009-5-12 1701136]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\DRIVERS\lgvzandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetdiag64.sys [x]
R3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\DRIVERS\lgvzandnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetmdm64.sys [x]
R3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgvzandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetndis64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe;c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-06 19:43    1177552    ----a-w-    c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-17 20:20]
.
2013-09-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2374328083-628559870-3858990220-1000Core.job
- c:\users\Free Bird\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-06 13:40]
.
2013-09-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2374328083-628559870-3858990220-1000UA.job
- c:\users\Free Bird\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-06 13:40]
.
2013-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 01:53]
.
2013-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 01:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-09-16 357376]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-09 8158240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-04 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-04 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-04 408600]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Save the YouTube video as MP3 - c:\users\Free Bird\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Free Bird\AppData\Roaming\Mozilla\Firefox\Profiles\eciapt2f.default\
FF - prefs.js: keyword.URL -
FF - ExtSQL: 2013-08-05 09:48; jid1-RgQXqotzndApjg@jetpack; c:\users\Free Bird\AppData\Roaming\Mozilla\Firefox\Profiles\eciapt2f.default\extensions\jid1-RgQXqotzndApjg@jetpack
FF - ExtSQL: !HIDDEN! 2010-05-19 16:30; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-{D551E02B-7161-C34D-6485-6FB979997236} - c:\progra~3\INSTAL~2\{4FE0A~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-07  00:03:54
ComboFix-quarantined-files.txt  2013-09-07 05:03
ComboFix2.txt  2013-09-05 14:17
ComboFix3.txt  2013-09-05 03:56
.
Pre-Run: 3,662,528,512 bytes free
Post-Run: 3,618,914,304 bytes free
.
- - End Of File - - 313545FE2C9348D0DC03744C701F15AD
A36C5E4F47E84449FF07ED3517B43A31
 

Share this post


Link to post
Share on other sites

Great, okay lets run another antivirus scan.
 
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

Share this post


Link to post
Share on other sites

C:\$RECYCLE.BIN\S-1-5-21-2374328083-628559870-3858990220-1000\$RNJR638.exe    a variant of Win32/Soft32Downloader.D application
C:\Users\Free Bird\Downloads\paint net setup.exe    a variant of Win32/Soft32Downloader.D application
 

Share this post


Link to post
Share on other sites

I haven't had a chance to use my computer for a couple of days, so I'll see if its better.

 

Do you know how I can find the files that were downloaded into my C drive and delete them so that I can have more space?

 

Thanks.

Share this post


Link to post
Share on other sites

Also, out of curiosity, why not delete this one too? I notice that this is in my C drive, but I also have a folder in my D drive that appeared called "$RECYCLE.BIN" that showed up right around the same time that other recent problems showed up:

 

C:\$RECYCLE.BIN\S-1-5-21-2374328083-628559870-3858990220-1000\$RNJR638.exe    a variant of Win32/Soft32Downloader.D application

 

Also, I have a program folder called "ffshow". What is that?

Share this post


Link to post
Share on other sites

If it will let you you can delete it. 

 

ffdshow is DirectShow and VFW codec for decoding/encoding many video and audio formats, including DivX and XviD movies

 

 

How is the computer running otherwise?

Are there still any signs of an infection or can we look at closing up here?

Share this post


Link to post
Share on other sites

It's running fine. I'm still getting the automatic turn on and download at 3 am, but I'm guessing that's a general PC issue? And the Windows Update keeping the computer from shutting down, also a General PC question?

 

Thank you Ron. Do you have a Pay Pal account?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.