Jump to content

Spiderman infected, needs help


Recommended Posts

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.25.2
Run by jaypedersen at 8:05:45 on 2013-11-06
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6142.3389 [GMT -6:00]
.
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\twain_32\fjscan32\FJTWMKSV.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Windows\twain_32\fjscan32\ERG\FTErGuid.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebToolkitHost.exe
C:\Windows\twain_32\fjscan32\SOP\FtLnSOP.exe
C:\Windows\pixtran\fujitsu\FiWiaChecker.exe
C:\Windows\twain_32\fjscan32\FjtwMkup.exe
C:\Windows\twain_32\fjscan32\FTPWREVT\FTPWREVT.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TechSmith\Snagit 11\snagiteditor.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
C:\Program Files (x86)\TechSmith\Snagit 11\TSCHelp.exe
C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Wondershare Player 1.6.0: {43D9786F-A485-683B-9B5B-ACC97ABC17FC} - C:\ProgramData\Wondershare\Player\WSBrowserAppMgr.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [Akamai NetSession Interface] "C:\Users\jaypedersen\AppData\Local\Akamai\netsession_win.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [FtLnSOP_setup] C:\Windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe
mRun: [“FjISIS WIA Service Checker] C:\Windows\pixtran\fujitsu\FiWiaChecker.exe
mRun: [FJTWAIN Setup] C:\Windows\Twain_32\fjscan32\FjtwMkup.exe /Station
mRun: [FTPWRENV] C:\Windows\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe
mRun: [FiWIA Service Checker] C:\Windows\Twain_32\Fjscan32\FiWiaChecker.exe
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [DelaypluginInstall] C:\ProgramData\Wondershare\Player\DelayPluginI.exe
StartupFolder: C:\Users\JAYPED~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\jaypedersen\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ERRORR~1.LNK - C:\Windows\twain_32\fjscan32\ERG\FTErGuid.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{D510A374-27FE-43CC-88F2-28A4FD141C55} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C - <orphaned>
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe"
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jaypedersen\AppData\Roaming\Mozilla\Firefox\Profiles\ftnjlbpg.default\
FF - prefs.js: keyword.URL - 
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4055459\npmathplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Musicnotes\npmusicn.dll
FF - plugin: C:\Program Files (x86)\Musicnotes\NPSibelius.dll
FF - plugin: C:\Users\jaypedersen\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-10-01 08:15; Player@Wondershare.com; C:\ProgramData\Wondershare\Player\Player@Wondershare.com
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-16 238080]
R2 Emc.Captiva.WebCaptureService;EMC Captiva Cloud Service;C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe [2012-4-4 39936]
R2 FJTWMKSV;FJTWMKSV;C:\Windows\twain_32\fjscan32\FJTWMKSV.exe [2012-11-6 36864]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe [2013-10-18 517344]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-9 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-9 701512]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-2-5 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-2-5 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-2-5 168384]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-5-31 245760]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-9 25928]
R3 TotRec8;Total Recorder WDM audio filter driver;C:\Windows\System32\drivers\TotRec8.sys [2013-10-27 125640]
R3 VST64_DPV;VST64_DPV;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 VST64HWBS2;VST64HWBS2;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-5 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-5 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\sublime_text.exe="C:\Program Files\Sublime Text 2\sublime_text.exe" "%1" [userChoice]
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2013-11-05 05:53:31 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{72EFDFD2-6FA9-4805-BEB6-A2E7AA605275}\mpengine.dll
2013-10-29 23:56:54 -------- d-----w- C:\Users\jaypedersen\AppData\Roaming\LavasoftStatistics
2013-10-29 15:23:14 -------- d-----w- C:\Program Files\Lavasoft
2013-10-29 15:22:00 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2013-10-28 01:54:10 -------- d-----w- C:\Users\jaypedersen\AppData\Roaming\TotalRecorder
2013-10-28 01:53:11 125640 ----a-w- C:\Windows\System32\drivers\TotRec8.sys
2013-10-28 01:53:11 -------- d-----w- C:\Program Files (x86)\HighCriteria
2013-10-28 01:48:01 -------- d-----w- C:\Users\jaypedersen\AppData\Roaming\streamWriter
2013-10-28 01:23:54 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll
2013-10-21 22:53:16 10763264 ----a-r- C:\Users\jaypedersen\AppData\Roaming\Microsoft\Installer\{4389108C-631E-4C85-851C-F3B5CCE080F8}\miniAudicle.exe
2013-10-21 22:53:15 -------- d-----w- C:\Program Files (x86)\ChucK
2013-10-10 16:46:10 -------- d-----w- C:\Program Files (x86)\Quassel
2013-10-09 22:14:56 633856 ----a-w- C:\Windows\System32\comctl32.dll
2013-10-09 15:36:55 -------- d-----w- C:\Program Files (x86)\Audacity
2013-10-08 05:39:58 -------- d-----w- C:\Users\jaypedersen\AppData\Roaming\LibreOffice
2013-10-08 05:39:10 -------- d-----w- C:\Program Files (x86)\LibreOffice 4
.
==================== Find3M  ====================
.
2013-09-30 14:08:56 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2013-09-30 14:08:56 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-03 19:35:10 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
.
============= FINISH:  8:06:12.97 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 11/5/2012 3:45:43 PM
System Uptime: 11/6/2013 7:01:38 AM (1 hours ago)
.
Motherboard: Dell Inc. |  | 0FM586
Processor: Intel® Core2 Quad  CPU   Q9300  @ 2.50GHz | Socket 775 | 2498/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 211 GiB total, 120.227 GiB free.
D: is FIXED (NTFS) - 23 GiB total, 3.912 GiB free.
E: is FIXED (NTFS) - 39 GiB total, 20.933 GiB free.
F: is CDROM ()
I: is Removable
J: is Removable
K: is Removable
L: is Removable
T: is FIXED (NTFS) - 466 GiB total, 373.929 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP166: 10/21/2013 5:52:51 PM - Installed ChucK
RP167: 10/22/2013 9:28:22 AM - Windows Update
RP168: 10/29/2013 10:21:21 AM - AA11
RP169: 10/29/2013 5:24:25 PM - Windows Update
RP170: 11/1/2013 7:43:48 PM - Windows Update
RP171: 11/2/2013 9:31:03 AM - Removed JMP
RP172: 11/2/2013 9:32:16 AM - Removed Secure Download Manager
RP173: 11/4/2013 11:53:16 PM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
7-Zip 9.20 (x64 edition)
Ad-Aware Antivirus
AdAwareInstaller
AdAwareUpdater
Adobe Acrobat  9 Standard - English, Français, Deutsch
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe Digital Editions 2.0
Adobe Reader XI (11.0.05)
Adobe Setup
Adobe Update Manager CS4
Amazon Kindle
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
AntimalwareEngine
Audacity 2.0.4
calibre
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CDBurnerXP
ChucK
Cygwin Bash Prompt Here
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dropbox
EarSketch version 0.51
Extended Asian Language font pack for Adobe Reader XI
FileMenu Tools
Fujitsu ScandAll PRO V1.8.1 Update6
FUJITSU Scanner USB HotFix
Google Chrome
Google Drive
Google Update Helper
GPL Ghostscript
Groovy-2.1.1
HL-2240D
HPDiagnosticAlert
IBM SPSS Statistics 20
ImageMagick 6.8.1-10 Q16 (32-bit) (2013-01-15)
ISIS Driver Bundle Installer for fi Series Scanners
Java 7 Update 25
Java Auto Updater
Java SE Development Kit 7 Update 15
JRuby 1.7.3
LAME v3.99.3 (for Windows)
LibreOffice 4.1.2.3
LyX 2.0.5.1
Malwarebytes Anti-Malware version 1.75.0.1300
Mathematica Extras 9.0 (4055459)
Mendeley Desktop 1.8.4
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
MiKTeX 2.9
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicnotes Software Suite 1.7.2
Opera Stable 16.0.1196.80
Python 2.7.5 (64-bit)
Quassel (remove only)
R for Windows 2.15.2
RailsInstaller 2.1.0
REAPER (x64)
RStudio
Scanner Utility for Microsoft Windows V09L21
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 64-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 64-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 64-Bit Edition
Sibelius 6.2.0.88
Snagit 11
Software Operation Panel
Speccy
Spybot - Search & Destroy
Sublime Text 2.0.2
swMSM
Texmaker
Total Recorder 8.5 Standard Edition
TreePad Business Edition 8.0
UltraCompare
UltraEdit
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 64-Bit Edition
VanDyke Software SecureCRT 7.1
WinRAR 4.20 (64-bit)
WinSCP 5.1.4
Wolfram CDF Player (M-WIN-D 9.0.0 3942419)
Wolfram Mathematica 9 (M-WIN-L 9.0.1 4055652)
Wondershare Player(Build 1.6.0)
xplorer² professional 64 bit
.
==== Event Viewer Messages From Past Week ========
.
11/4/2013 10:48:08 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk6\DR6.
11/2/2013 8:27:49 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
11/1/2013 11:44:51 PM, Error: Service Control Manager [7031]  - The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

RogueKiller V8.7.6 _x64_ [Oct 28 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : jaypedersen [Admin rights]

Mode : Scan -- Date : 11/06/2013 08:26:33

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 3 ¤¤¤

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : DelaypluginInstall (C:\ProgramData\Wondershare\Player\DelayPluginI.exe [7]) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3000GLFS-01F8U0 ATA Device +++++

--- User ---

[MBR] 0a21492c8461ef4e0279679af596db08

[bSP] f40c51ba9319387b7e4b18632845ffee : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 215557 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 454334464 | Size: 23999 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 503486464 | Size: 40323 Mo

3 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 441464830 | Size: 6284 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST500DM002-1BD142 ATA Device +++++

--- User ---

[MBR] 105661f45e5a2aadae4926f9002fda09

[bSP] ac4843ca24e5b3565e16d014576258d6 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_11062013_082633.txt >>
Link to post
Share on other sites

Welcome to the forum, what seems to be the problem???

Did you install this program????

BHO: Wondershare Player 1.6.0: {43D9786F-A485-683B-9B5B-ACC97ABC17FC} - C:\ProgramData\Wondershare\Player\WSBrowserAppMgr.dll
mRun: [DelaypluginInstall] C:\ProgramData\Wondershare\Player\DelayPluginI.exe


Let me know....MrC

Link to post
Share on other sites

OK...lets run some scans.

First:

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

Note: I think that the infection occured about a week ago after downloading a freeware sound recorder program,

which I de-installed shortly afterwards because it was low quality and not useful.  So, I think

it was some bundled thing with that 'freeware'.  (freeware with malware attached).

 

-Spidey

Link to post
Share on other sites


Malwarebytes Anti-Rootkit BETA 1.07.0.1007

www.malwarebytes.org

 

Database version: v2013.11.06.07

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16721

jaypedersen :: JAYPEDERSEN-PC [administrator]

 

11/6/2013 11:24:39 AM

mbar-log-2013-11-06 (11-24-39).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: 

Objects scanned: 222135

Time elapsed: 6 minute(s), 32 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

 


---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

 

Account is Administrative

 

Internet Explorer version: 10.0.9200.16721

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, T:\ DRIVE_FIXED

CPU speed: 2.493000 GHz

Memory total: 6440538112, free: 3820695552

 

=======================================

 

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

 

Account is Administrative

 

Internet Explorer version: 10.0.9200.16721

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, T:\ DRIVE_FIXED

CPU speed: 2.493000 GHz

Memory total: 6440538112, free: 3834716160

 

Downloaded database version: v2013.11.06.07

Downloaded database version: v2013.10.11.02

=======================================

Initializing...

------------ Kernel report ------------

     11/06/2013 11:24:34

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\e1e6032e.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\VSTBS26.SYS

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\VSTDPV6.SYS

\SystemRoot\system32\DRIVERS\VSTCNXT6.SYS

\SystemRoot\system32\drivers\modem.sys

\SystemRoot\system32\DRIVERS\fdc.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\AtihdW76.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\??\C:\Windows\system32\drivers\TotRec8.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\HdAudio.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\drivers\hidusb.sys

\SystemRoot\system32\drivers\HIDCLASS.SYS

\SystemRoot\system32\drivers\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\usbprint.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\drivers\usbscan.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\system32\DRIVERS\Trufos.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\System32\ATMFD.DLL

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk5\DR5

Upper Device Object: 0xfffffa8006cfa790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000071\

Lower Device Object: 0xfffffa8006c72b60

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR4

Upper Device Object: 0xfffffa8006ced790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000070\

Lower Device Object: 0xfffffa8006c70b60

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR3

Upper Device Object: 0xfffffa8006cec790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000006f\

Lower Device Object: 0xfffffa8006c66b60

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xfffffa8006c6e790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000006e\

Lower Device Object: 0xfffffa8006c5eb60

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa8006253060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-3\

Lower Device Object: 0xfffffa8005fc7060

Lower Device Driver Name: \Driver\atapi\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8006252060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\

Lower Device Object: 0xfffffa8005fb7060

Lower Device Driver Name: \Driver\atapi\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8006252060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8006252b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8006252060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8005fb5580, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa8005fb7060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 33DCA092

 

Partition information:

 

    Partition 0 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 2048  Numsec = 441461794

    Partition file system is NTFS

    Partition is bootable

 

    Partition 1 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 454334464  Numsec = 49149952

 

    Partition 2 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 503486464  Numsec = 82581504

 

    Partition 3 type is Extended with CSH (0x5)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 441464830  Numsec = 12869634

 

Disk Size: 300069052416 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-586052368-586072368)...

Done!

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa8006253060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8006253b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8006253060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8005fc7060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 635FB22D

 

Partition information:

 

    Partition 0 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 2048  Numsec = 976766976

 

    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 500107862016 bytes

Sector size: 512 bytes

 

Done!

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xfffffa8006c6e790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8006cec040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8006c6e790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8006c5eb60, DeviceName: \Device\0000006e\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 3, DevicePointer: 0xfffffa8006cec790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8006ced040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8006cec790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8006c66b60, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 4, DevicePointer: 0xfffffa8006ced790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8006cfa040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8006ced790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8006c70b60, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 5, DevicePointer: 0xfffffa8006cfa790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8006cee040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8006cfa790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8006c72b60, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\

------------ End ----------

Scan finished

=======================================

 

 

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...

Removal finished
Link to post
Share on other sites

OK...Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

First, thanks for the assistance!  It is much appreciated.  I will donate, whatever happens.  Anyway, results of combofix:

 

ComboFix 13-11-04.01 - jaypedersen 11/06/2013  12:41:47.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6142.3930 [GMT -6:00]
Running from: c:\users\jaypedersen\Desktop\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\_ctypes.pyd
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\_elementtree.pyd
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\_hashlib.pyd
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\_multiprocessing.pyd
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\_socket.pyd
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\_ssl.pyd
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\msvcp100.dll
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\msvcr100.dll
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\pyexpat.pyd
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\pysqlite2._sqlite.pyd
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\python27.dll
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\pythoncom27.dll
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\PyWinTypes27.dll
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\select.pyd
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\unicodedata.pyd
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\win32api.pyd
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\win32com.shell.shell.pyd
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\win32crypt.pyd
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\win32event.pyd
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\win32file.pyd
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\win32inet.pyd
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\win32pdh.pyd
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\win32process.pyd
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\win32profile.pyd
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\win32security.pyd
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\win32ts.pyd
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\windows._cacheinvalidation.pyd
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\wx._controls_.pyd
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\wx._core_.pyd
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\wx._gdi_.pyd
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\wx._html2.pyd
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\wx._misc_.pyd
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\wx._windows_.pyd
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\wx._wizard.pyd
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\wxbase294u_net_vc90.dll
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\wxbase294u_vc90.dll
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\wxmsw294u_adv_vc90.dll
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\wxmsw294u_core_vc90.dll
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\wxmsw294u_html_vc90.dll
c:\users\JAYPED~1\AppData\Local\Temp\_MEI53362\wxmsw294u_webview_vc90.dll
c:\users\jaypedersen\AppData\Local\assembly\tmp
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\_ctypes.pyd
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\_elementtree.pyd
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\_hashlib.pyd
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\_multiprocessing.pyd
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\_socket.pyd
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\_ssl.pyd
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\msvcp100.dll
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\msvcr100.dll
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\pyexpat.pyd
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\pysqlite2._sqlite.pyd
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\python27.dll
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\pythoncom27.dll
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\PyWinTypes27.dll
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\select.pyd
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\unicodedata.pyd
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\win32api.pyd
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\win32com.shell.shell.pyd
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\win32crypt.pyd
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\win32event.pyd
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\win32file.pyd
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\win32inet.pyd
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\win32pdh.pyd
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\win32process.pyd
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\win32profile.pyd
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\win32security.pyd
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\win32ts.pyd
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\windows._cacheinvalidation.pyd
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\wx._controls_.pyd
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\wx._core_.pyd
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\wx._gdi_.pyd
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\wx._html2.pyd
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\wx._misc_.pyd
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\wx._windows_.pyd
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\wx._wizard.pyd
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\wxbase294u_net_vc90.dll
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\wxbase294u_vc90.dll
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\wxmsw294u_adv_vc90.dll
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\wxmsw294u_core_vc90.dll
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\wxmsw294u_html_vc90.dll
c:\users\jaypedersen\AppData\Local\Temp\_MEI53362\wxmsw294u_webview_vc90.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-06 to 2013-11-06  )))))))))))))))))))))))))))))))
.
.
2013-11-06 18:46 . 2013-11-06 18:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-06 18:39 . 2013-11-06 18:39 -------- d-----w- c:\users\jaypedersen\AppData\Local\BrowserSafeguard
2013-11-06 18:30 . 2013-11-06 18:30 -------- d-----w- c:\program files (x86)\Browsersafeguard
2013-11-06 18:30 . 2013-11-06 18:30 -------- d-----w- c:\program files (x86)\sp
2013-11-06 17:24 . 2013-11-06 18:09 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-06 17:24 . 2013-11-06 18:01 116440 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-06 17:23 . 2013-11-06 18:01 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-11-05 05:53 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72EFDFD2-6FA9-4805-BEB6-A2E7AA605275}\mpengine.dll
2013-10-30 00:34 . 2013-10-30 00:34 -------- d-----w- c:\users\jaypedersen\AppData\Roaming\Lavasoft
2013-10-29 15:23 . 2013-10-29 15:23 -------- d-----w- c:\program files\Lavasoft
2013-10-29 15:22 . 2013-10-29 15:22 -------- d-----w- c:\program files\Common Files\Lavasoft
2013-10-29 15:21 . 2013-10-29 15:21 -------- d-----w- c:\programdata\Lavasoft
2013-10-28 01:54 . 2013-10-28 03:02 -------- d-----w- c:\users\jaypedersen\AppData\Roaming\TotalRecorder
2013-10-28 01:53 . 2013-10-28 01:53 -------- d-----w- c:\program files (x86)\HighCriteria
2013-10-28 01:53 . 2013-10-16 16:07 125640 ----a-w- c:\windows\system32\drivers\TotRec8.sys
2013-10-28 01:48 . 2013-10-28 01:51 -------- d-----w- c:\users\jaypedersen\AppData\Roaming\streamWriter
2013-10-28 01:23 . 2002-01-05 21:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2013-10-21 22:53 . 2013-10-21 22:53 10763264 ----a-r- c:\users\jaypedersen\AppData\Roaming\Microsoft\Installer\{4389108C-631E-4C85-851C-F3B5CCE080F8}\miniAudicle.exe
2013-10-21 22:53 . 2013-10-21 22:53 -------- d-----w- c:\program files (x86)\ChucK
2013-10-14 13:22 . 2013-10-14 13:22 -------- d-----w- c:\users\Default\AppData\Local\Google
2013-10-10 16:46 . 2013-10-10 16:46 -------- d-----w- c:\program files (x86)\Quassel
2013-10-09 22:14 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-10-09 15:36 . 2013-10-09 15:36 -------- d-----w- c:\program files (x86)\Audacity
2013-10-08 05:39 . 2013-10-08 05:39 -------- d-----w- c:\users\jaypedersen\AppData\Roaming\LibreOffice
2013-10-08 05:39 . 2013-10-08 05:39 -------- d-----w- c:\program files (x86)\LibreOffice 4
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 04:02 . 2012-11-05 22:20 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-09-30 14:08 . 2013-09-30 14:08 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll
2013-09-30 14:08 . 2013-09-30 14:08 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2013-09-03 19:35 . 2012-11-06 13:20 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-29 01:48 . 2013-10-09 22:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\jaypedersen\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\jaypedersen\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\jaypedersen\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-09-25 20133824]
"BrowserSafeguard"="c:\program files (x86)\Browsersafeguard\Browsersafeguard.exe" [2013-11-04 574464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"FtLnSOP_setup"="c:\windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe" [2012-04-05 233472]
"“FjISIS WIA Service Checker"="c:\windows\pixtran\fujitsu\FiWiaChecker.exe" [2009-10-21 86016]
"FJTWAIN Setup"="c:\windows\Twain_32\fjscan32\FjtwMkup.exe" [2012-01-23 139264]
"FTPWRENV"="c:\windows\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe" [2007-10-17 45056]
"FiWIA Service Checker"="c:\windows\Twain_32\Fjscan32\FiWiaChecker.exe" [2009-10-21 86016]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-06-13 1743648]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704]
.
c:\users\jaypedersen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\jaypedersen\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-11-1 29769432]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Error Recovery Guide.lnk - c:\windows\twain_32\fjscan32\ERG\FTErGuid.exe [2012-5-21 376832]
Snagit 11.lnk - c:\program files (x86)\TechSmith\Snagit 11\Snagit32.exe [2013-2-21 9479024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Emc.Captiva.WebCaptureService;EMC Captiva Cloud Service;c:\program files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe;c:\program files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe [x]
S2 FJTWMKSV;FJTWMKSV;c:\windows\twain_32\fjscan32\FJTWMKSV.exe;c:\windows\twain_32\fjscan32\FJTWMKSV.exe [x]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys;c:\windows\SYSNATIVE\drivers\TotRec8.sys [x]
S3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTBS26.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 13:20 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-05 21:48]
.
2013-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-05 21:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\jaypedersen\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\jaypedersen\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\jaypedersen\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\jaypedersen\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 22:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 22:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 22:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 22:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 22:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe" [2013-10-18 2493272]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: com\*.Wondershare
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{D510A374-27FE-43CC-88F2-28A4FD141C55}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\jaypedersen\AppData\Roaming\Mozilla\Firefox\Profiles\ftnjlbpg.default\
FF - prefs.js: browser.search.selectedEngine - Conduit Search
FF - prefs.js: keyword.URL - 
FF - user.js: extensions.autoDisableScopes - 0 
FF - user.js: extensions.enabledAddons - sp2@sp.com:1.0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.enabledScopes - 15
user_pref(extensions.newAddons,false);
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\jaypedersen\AppData\Local\Akamai\netsession_win.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-DelaypluginInstall - c:\programdata\Wondershare\Player\DelayPluginI.exe
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-ImageMagick 6.8.1 Q16 (32-bit)_is1 - c:\imagemagick\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebToolkitHost.exe
.
**************************************************************************
.
Completion time: 2013-11-06  12:51:34 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-06 18:51
.
Pre-Run: 126,140,911,616 bytes free
Post-Run: 126,201,397,248 bytes free
.
- - End Of File - - 5A79C3CACE5249D7D99B8453E447E55F
A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

OK...we're not done yet......

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

# AdwCleaner v3.011 - Report created 06/11/2013 at 14:08:07

# Updated 03/11/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : jaypedersen - JAYPEDERSEN-PC

# Running from : C:\Users\jaypedersen\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\jaypedersen\AppData\Roaming\Mozilla\Firefox\Profiles\ftnjlbpg.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

File Deleted : C:\Users\jaypedersen\AppData\Roaming\Mozilla\Firefox\Profiles\ftnjlbpg.default\searchplugins\conduit-search.xml

File Deleted : C:\Users\jaypedersen\AppData\Roaming\Mozilla\Firefox\Profiles\ftnjlbpg.default\user.js

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16720

 

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

 

-\\ Mozilla Firefox v20.0.1 (en-US)

 

[ File : C:\Users\jaypedersen\AppData\Roaming\Mozilla\Firefox\Profiles\ftnjlbpg.default\prefs.js ]

 

Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");


 

-\\ Google Chrome v30.0.1599.101

 

[ File : C:\Users\jaypedersen\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [3042 octets] - [06/11/2013 14:03:26]

AdwCleaner[s0].txt - [2738 octets] - [06/11/2013 14:08:07]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2798 octets] ##########
Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.11.06.01

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16721

jaypedersen :: JAYPEDERSEN-PC [administrator]

 

Protection: Enabled

 

11/6/2013 2:16:50 PM

mbam-log-2013-11-06 (14-16-50).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 208129

Time elapsed: 3 minute(s), 1 second(s)

 

Memory Processes Detected: 1

C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe (PUP.Optional.BrowserSafeGuard.A) -> 2928 -> Delete on reboot.

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browsersafeguard (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\BROWSERSAFEGUARD (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

 

Registry Values Detected: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BrowserSafeguard (PUP.Optional.BrowserSafeGuard.A) -> Data: "C:\Program Files (x86)\Browsersafeguard\Browsersafeguard.exe" -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Browsersafeguard|sourceid (PUP.Optional.BrowserSafeGuard.A) -> Data: google_browsersafeguard-display-us-bleeping-728x90-36639128953 -> Quarantined and deleted successfully.

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 3

C:\Program Files (x86)\Browsersafeguard (PUP.Optional.BrowserSafeGuard.A) -> Delete on reboot.

C:\Program Files (x86)\Browsersafeguard\Resources (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard (PUP.Optional.BrowserSafeGuard) -> Quarantined and deleted successfully.

 

Files Detected: 14

C:\Program Files (x86)\Browsersafeguard\ewebstorewrapper.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe (PUP.Optional.BrowserSafeGuard.A) -> Delete on reboot.

C:\Program Files (x86)\Browsersafeguard\install.log (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Browsersafeguard\makecert.exe (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Browsersafeguard\TrustedRoot.cer (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Browsersafeguard\Resources\certutil.exe (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Browsersafeguard\Resources\libnspr4.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Browsersafeguard\Resources\libplc4.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Browsersafeguard\Resources\libplds4.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Browsersafeguard\Resources\nss3.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Browsersafeguard\Resources\smime3.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Browsersafeguard\Resources\softokn3.dll (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard\BrowserSafeguard.lnk (PUP.Optional.BrowserSafeGuard) -> Quarantined and deleted successfully.

 

(end)
Link to post
Share on other sites

Looks Good.....

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Hi,

 

My internet stopped working after that last step!

 

But, it was because the virus had set a proxy-server in my networking setup, which I finally figured out and removed.  Once I set the networking to get its settings automatically again -- my internet worked.  So, so far so good -- once that hurdle was crossed.

 

-Spidey

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.76  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 10  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Ad-Aware Antivirus   

 Antivirus out of date! (On Access scanning disabled!) 

`````````Anti-malware/Other Utilities Check:````````` 

 Spybot - Search & Destroy 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java 7 Update 25  

 Java SE Development Kit 7 Update 15 

 Java version out of Date! 

 Adobe Reader XI  

 Mozilla Firefox 20.0.1 Firefox out of Date!  

 Google Chrome 30.0.1599.101  

 Google Chrome 30.0.1599.69  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Spybot Teatimer.exe is disabled! 

 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.0.4555.0\AdAwareService.exe 

 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.0.4555.0\AdAwareTray.exe 

 Malwarebytes' Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 0% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


----------------------------------------------

Ad-Aware Antivirus
Antivirus out of date! (On Access scanning disabled!) <-----make sure this is enabled


-------------------------------

Java 7 Update 25 <----please update, should be Update 45

Java version out of Date! <--------Go to control panel > Java > Update Tab > Update Now
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

If there's no update tab in Java, uninstall it and Download and install the latest version from Here
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

--------------------------------

Mozilla Firefox 20.0.1 Firefox out of Date! <----please check for an update if available.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (also HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.