ashotinthedark Posted December 13, 2013 Author ID:764109 Share Posted December 13, 2013 ComboFix 13-12-13.01 - newlife 12/13/2013 13:57:35.1.8 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16278.13760 [GMT -5:00]Running from: c:\users\newlife\Desktop\ComboFix.exeAV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\Roamingc:\users\newlife\AppData\Local\assembly\tmpG:\Autorun.infH:\Autorun.infI:\Autorun.infI:\Setup.exeY:\AUTORUN.INF..((((((((((((((((((((((((( Files Created from 2013-11-13 to 2013-12-13 )))))))))))))))))))))))))))))))..2013-12-12 08:05 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL2013-12-12 08:05 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe2013-12-12 08:05 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe2013-12-12 08:05 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll2013-12-11 18:22 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll2013-12-10 15:35 . 2013-12-10 15:35 -------- d-----w- c:\program files (x86)\AVG2013-12-09 12:13 . 2013-12-09 12:13 -------- d-----w- C:\_OTM2013-12-08 19:08 . 2013-12-13 12:32 -------- d-----w- c:\users\newlife\AppData\Roaming\vlc2013-12-08 12:36 . 2013-11-18 06:28 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0AE7B6C6-AE1F-49C2-83E3-3B1300452691}\mpengine.dll2013-12-08 11:04 . 2013-12-08 18:51 -------- d-----w- c:\program files (x86)\Hosts_Anti_Adwares_PUPs2013-12-07 05:31 . 2013-12-07 05:31 -------- d-----w- c:\windows\ERUNT2013-12-06 15:17 . 2013-12-06 15:17 -------- d-----w- c:\users\newlife\AppData\Roaming\Malwarebytes2013-12-06 15:16 . 2013-12-08 11:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-12-06 15:16 . 2013-12-06 15:16 -------- d-----w- c:\programdata\Malwarebytes2013-12-06 15:16 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-12-05 12:33 . 2013-12-08 10:53 -------- d-----w- C:\AdwCleaner2013-12-02 08:30 . 2013-12-04 16:16 -------- d-----w- c:\program files (x86)\Google2013-11-27 07:11 . 2013-11-27 07:11 -------- d-----w- c:\windows\Migration2013-11-26 16:41 . 2013-12-08 10:50 -------- d-----w- c:\users\newlife\AppData\Roaming\uTorrent2013-11-23 15:45 . 2013-10-16 15:18 439296 ----a-w- c:\windows\system32\AdpeakProxy64.dll2013-11-21 13:38 . 2013-11-21 13:38 -------- d-----w- c:\users\newlife\AppData\Roaming\convertaudiofree2013-11-21 13:38 . 2013-11-21 13:38 -------- d-----w- c:\users\newlife\AppData\Local\cache2013-11-21 13:38 . 2013-11-21 13:38 -------- d-----w- c:\users\newlife\AppData\Local\Mobogenie2013-11-21 13:24 . 2013-11-21 13:33 -------- d-----w- c:\program files (x86)\Total Video Converter2013-11-16 13:07 . 2013-11-16 13:07 -------- d-----w- c:\program files (x86)\Common Files\Java2013-11-16 13:06 . 2013-11-16 13:06 -------- d-----w- c:\program files (x86)\Java2013-11-16 09:16 . 2013-11-16 09:16 -------- d-----w- c:\users\newlife\AppData\Roaming\RealNetworks2013-11-16 09:14 . 2013-11-16 09:14 -------- d-----w- c:\program files (x86)\RealNetworks2013-11-16 09:14 . 2013-11-16 09:14 -------- d-----w- c:\programdata\RealNetworks2013-11-16 09:14 . 2013-11-16 09:14 -------- d-----w- c:\program files (x86)\Common Files\xing shared2013-11-16 09:13 . 2013-11-16 09:13 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-11-26 06:33 . 2013-12-12 08:02 1820160 ----a-w- c:\windows\SysWow64\wininet.dll2013-11-23 18:26 . 2013-12-11 18:22 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll2013-11-19 08:33 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe2013-11-16 13:06 . 2013-11-16 13:06 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-11-16 13:04 . 2012-12-29 21:33 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-11-16 13:04 . 2012-12-29 21:33 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-11-12 23:34 . 2012-12-27 23:13 82896128 ----a-w- c:\windows\system32\MRT.exe2013-11-12 16:14 . 2013-11-12 16:14 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2013-11-12 16:14 . 2013-11-12 16:14 194048 ----a-w- c:\windows\SysWow64\elshyph.dll2013-11-12 16:14 . 2013-11-12 16:14 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2013-11-12 16:14 . 2013-11-12 16:14 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll2013-11-12 16:14 . 2013-11-12 16:14 235008 ----a-w- c:\windows\system32\elshyph.dll2013-11-12 16:14 . 2013-11-12 16:14 182272 ----a-w- c:\windows\SysWow64\msls31.dll2013-11-12 16:14 . 2013-11-12 16:14 62464 ----a-w- c:\windows\SysWow64\tdc.ocx2013-11-12 16:14 . 2013-11-12 16:14 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll2013-11-12 16:14 . 2013-11-12 16:14 61952 ----a-w- c:\windows\SysWow64\iesetup.dll2013-11-12 16:14 . 2013-11-12 16:14 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll2013-11-12 16:14 . 2013-11-12 16:14 454656 ----a-w- c:\windows\SysWow64\vbscript.dll2013-11-12 16:14 . 2013-11-12 16:14 36352 ----a-w- c:\windows\SysWow64\imgutil.dll2013-11-12 16:14 . 2013-11-12 16:14 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll2013-11-12 16:14 . 2013-11-12 16:14 337408 ----a-w- c:\windows\SysWow64\html.iec2013-11-12 16:14 . 2013-11-12 16:14 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll2013-11-12 16:14 . 2013-11-12 16:14 151552 ----a-w- c:\windows\SysWow64\iexpress.exe2013-11-12 16:14 . 2013-11-12 16:14 139264 ----a-w- c:\windows\SysWow64\wextract.exe2013-11-12 16:14 . 2013-11-12 16:14 13312 ----a-w- c:\windows\SysWow64\mshta.exe2013-11-12 16:14 . 2013-11-12 16:14 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe2013-11-12 16:14 . 2013-11-12 16:14 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2013-11-12 16:14 . 2013-11-12 16:14 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll2013-11-12 16:14 . 2013-11-12 16:14 942592 ----a-w- c:\windows\system32\jsIntl.dll2013-11-12 16:14 . 2013-11-12 16:14 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll2013-11-12 16:14 . 2013-11-12 16:14 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-11-12 16:14 . 2013-11-12 16:14 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2013-11-12 16:14 . 2013-11-12 16:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2013-11-12 16:14 . 2013-11-12 16:14 247808 ----a-w- c:\windows\system32\msls31.dll2013-11-12 16:14 . 2013-11-12 16:14 195584 ----a-w- c:\windows\system32\msrating.dll2013-11-12 16:14 . 2013-11-12 16:14 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2013-11-12 16:14 . 2013-11-12 16:14 84992 ----a-w- c:\windows\system32\mshtmled.dll2013-11-12 16:14 . 2013-11-12 16:14 81408 ----a-w- c:\windows\system32\icardie.dll2013-11-12 16:14 . 2013-11-12 16:14 77312 ----a-w- c:\windows\system32\tdc.ocx2013-11-12 16:14 . 2013-11-12 16:14 626176 ----a-w- c:\windows\system32\msfeeds.dll2013-11-12 16:14 . 2013-11-12 16:14 616104 ----a-w- c:\windows\system32\ieapfltr.dat2013-11-12 16:14 . 2013-11-12 16:14 548352 ----a-w- c:\windows\system32\vbscript.dll2013-11-12 16:14 . 2013-11-12 16:14 52224 ----a-w- c:\windows\system32\msfeedsbs.dll2013-11-12 16:14 . 2013-11-12 16:14 48640 ----a-w- c:\windows\system32\mshtmler.dll2013-11-12 16:14 . 2013-11-12 16:14 453120 ----a-w- c:\windows\system32\dxtmsft.dll2013-11-12 16:14 . 2013-11-12 16:14 413696 ----a-w- c:\windows\system32\html.iec2013-11-12 16:14 . 2013-11-12 16:14 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll2013-11-12 16:14 . 2013-11-12 16:14 30208 ----a-w- c:\windows\system32\licmgr10.dll2013-11-12 16:14 . 2013-11-12 16:14 296960 ----a-w- c:\windows\system32\dxtrans.dll2013-11-12 16:14 . 2013-11-12 16:14 263376 ----a-w- c:\windows\system32\iedkcs32.dll2013-11-12 16:14 . 2013-11-12 16:14 243200 ----a-w- c:\windows\system32\webcheck.dll2013-11-12 16:14 . 2013-11-12 16:14 235520 ----a-w- c:\windows\system32\url.dll2013-11-12 16:14 . 2013-11-12 16:14 167424 ----a-w- c:\windows\system32\iexpress.exe2013-11-12 16:14 . 2013-11-12 16:14 143872 ----a-w- c:\windows\system32\wextract.exe2013-11-12 16:14 . 2013-11-12 16:14 13312 ----a-w- c:\windows\system32\msfeedssync.exe2013-11-12 16:14 . 2013-11-12 16:14 131072 ----a-w- c:\windows\system32\IEAdvpack.dll2013-11-12 16:14 . 2013-11-12 16:14 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll2013-11-12 16:14 . 2013-11-12 16:14 105984 ----a-w- c:\windows\system32\iesysprep.dll2013-11-12 16:14 . 2013-11-12 16:14 101376 ----a-w- c:\windows\system32\inseng.dll2013-11-12 16:14 . 2013-11-12 16:14 83968 ----a-w- c:\windows\system32\MshtmlDac.dll2013-11-12 16:14 . 2013-11-12 16:14 774144 ----a-w- c:\windows\system32\jscript.dll2013-11-12 16:14 . 2013-11-12 16:14 62464 ----a-w- c:\windows\system32\pngfilt.dll2013-11-12 16:14 . 2013-11-12 16:14 48128 ----a-w- c:\windows\system32\imgutil.dll2013-11-12 16:14 . 2013-11-12 16:14 147968 ----a-w- c:\windows\system32\occache.dll2013-11-12 16:14 . 2013-11-12 16:14 13824 ----a-w- c:\windows\system32\mshta.exe2013-11-12 16:14 . 2013-11-12 16:14 135680 ----a-w- c:\windows\system32\iepeers.dll2013-11-12 02:07 . 2013-12-11 18:22 2048 ----a-w- c:\windows\SysWow64\tzres.dll2013-11-06 02:55 . 2013-11-06 02:55 150808 ----a-w- c:\windows\system32\drivers\avgdiska.sys2013-11-05 02:52 . 2013-11-05 02:52 240920 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys2013-11-01 04:00 . 2013-11-01 04:00 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys2013-11-01 03:49 . 2013-11-01 03:49 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys2013-10-31 01:30 . 2013-10-31 01:31 312744 ----a-w- c:\windows\system32\javaws.exe2013-10-31 01:30 . 2013-10-31 01:30 189352 ----a-w- c:\windows\system32\javaw.exe2013-10-31 01:30 . 2013-10-31 01:30 189352 ----a-w- c:\windows\system32\java.exe2013-10-31 01:30 . 2013-10-31 01:30 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll2013-10-25 03:25 . 2013-10-25 03:25 194872 ----a-w- c:\windows\system32\drivers\avgidsha.sys2013-10-14 23:00 . 2013-11-12 16:16 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE2013-10-12 02:30 . 2013-11-12 23:33 830464 ----a-w- c:\windows\system32\nshwfp.dll2013-10-12 02:29 . 2013-11-12 23:33 859648 ----a-w- c:\windows\system32\IKEEXT.DLL2013-10-12 02:29 . 2013-11-12 23:33 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL2013-10-12 02:04 . 2013-12-11 18:22 121856 ----a-w- c:\windows\SysWow64\wshom.ocx2013-10-12 02:03 . 2013-12-11 18:22 163840 ----a-w- c:\windows\SysWow64\scrrun.dll2013-10-12 02:03 . 2013-11-12 23:33 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll2013-10-12 02:01 . 2013-11-12 23:33 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL2013-10-12 01:15 . 2013-12-11 18:22 141824 ----a-w- c:\windows\SysWow64\wscript.exe2013-10-05 20:25 . 2013-11-12 23:33 1474048 ----a-w- c:\windows\system32\crypt32.dll2013-10-05 19:57 . 2013-11-12 23:33 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll2013-10-04 02:28 . 2013-11-12 23:33 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll2013-10-04 02:25 . 2013-11-12 23:33 197120 ----a-w- c:\windows\system32\credui.dll2013-10-04 02:24 . 2013-11-12 23:33 1930752 ----a-w- c:\windows\system32\authui.dll2013-10-04 01:58 . 2013-11-12 23:33 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll2013-10-04 01:56 . 2013-11-12 23:33 168960 ----a-w- c:\windows\SysWow64\credui.dll2013-10-04 01:56 . 2013-11-12 23:33 1796096 ----a-w- c:\windows\SysWow64\authui.dll2013-10-03 02:23 . 2013-11-12 23:33 404480 ----a-w- c:\windows\system32\gdi32.dll2013-10-03 02:00 . 2013-11-12 23:33 311808 ----a-w- c:\windows\SysWow64\gdi32.dll2013-10-02 02:22 . 2013-11-12 23:37 56832 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys2013-10-02 02:11 . 2013-11-12 23:37 13824 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe2013-10-02 02:08 . 2013-11-12 23:37 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll2013-10-02 01:48 . 2013-11-12 23:37 56832 ----a-w- c:\windows\system32\MsRdpWebAccess.dll2013-10-02 01:48 . 2013-11-12 23:37 18944 ----a-w- c:\windows\system32\wksprtPS.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 130736 ----a-w- c:\users\newlife\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 130736 ----a-w- c:\users\newlife\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 130736 ----a-w- c:\users\newlife\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 130736 ----a-w- c:\users\newlife\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-10-13 2068856]"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2013-06-09 1516496].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2011-08-11 75048]"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]"ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2011-10-13 2068856]"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" [2010-10-27 328992]"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-11-16 295512]"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-11-08 4956176].c:\users\newlife\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\newlife\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1)"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe""TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" -osboot.R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/10/29 07:30;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 glideusb;GlidePoint USB Touchpad Filter;c:\windows\system32\DRIVERS\glideusb.sys;c:\windows\SYSNATIVE\DRIVERS\glideusb.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\system32\DRIVERS\XHCIPort.sys;c:\windows\SYSNATIVE\DRIVERS\XHCIPort.sys [x]R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]R4 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]R4 GlidePoint;GlidePoint Touchpad Client;c:\program files\GlidePoint\glidesvc.exe;c:\program files\GlidePoint\glidesvc.exe [x]R4 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x]R4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R4 YouTubeDownloaderConverter;YouTubeDownloaderConverter;c:\users\newlife\AppData\Roaming\GVU Technologies\YouTubeDownloaderConverter\CertifiedBrowserService.exe;c:\users\newlife\AppData\Roaming\GVU Technologies\YouTubeDownloaderConverter\CertifiedBrowserService.exe [x]S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]..--- Other Services/Drivers In Memory ---.*Deregistered* - CLKMDRV10_9EC60124.Contents of the 'Scheduled Tasks' folder.2013-12-06 c:\windows\Tasks\1-Click Maintenance.job- c:\program files (x86)\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 11:51].2013-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-29 13:04]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 164016 ----a-w- c:\users\newlife\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 164016 ----a-w- c:\users\newlife\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 164016 ----a-w- c:\users\newlife\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 164016 ----a-w- c:\users\newlife\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-30 7284328]"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"=c:\windows\System32\nvinitx.dll.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsUxTuneUp.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = https://www.google.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htmIE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htmTrusted Zone: dell.comTCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\users\newlife\AppData\Roaming\Mozilla\Firefox\Profiles\uzjkrskb.default\FF - prefs.js: browser.search.defaulturl -FF - prefs.js: browser.search.selectedEngine - BingFF - prefs.js: keyword.URL -FF - ExtSQL: 2013-11-16 04:14; {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF - ExtSQL: 2013-12-05 07:48; {27c60876-b5c9-4335-b4f3-52b26782220c}; c:\users\newlife\AppData\Roaming\Mozilla\Firefox\Profiles\uzjkrskb.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_1113a - c:\users\newlife\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exeHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXEc:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEc:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exec:\users\newlife\AppData\Roaming\Dropbox\bin\Dropbox.exec:\programdata\FLEXnet\Connect\11\agent.exec:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe.**************************************************************************.Completion time: 2013-12-13 14:16:49 - machine was rebootedComboFix-quarantined-files.txt 2013-12-13 19:16.Pre-Run: 343,079,284,736 bytes freePost-Run: 342,912,663,552 bytes free.- - End Of File - - 976B11B053B9CBCD97DA2D641BEC261B Link to post Share on other sites More sharing options...
kevinf80 Posted December 13, 2013 ID:764183 Share Posted December 13, 2013 1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Open notepad and copy/paste the text in the Codebox below into it:ClearJavaCache::File::c:\windows\system32\AdpeakProxy64.dll Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Next, Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.Please Update and run a Full scanMake sure that everything is checked, and click Remove Selected on any found items. Post the produced logs, let me know what issues/concerns remain Link to post Share on other sites More sharing options...
ashotinthedark Posted December 15, 2013 Author ID:764773 Share Posted December 15, 2013 Kevin please:I tried to do next step:Fail:*Opened note pad and cut and pasted content you said into the notepad open section, (text section where one would write), which I assume you mean as "Codebox?"Saved notepad text as you stated on desktop where ComboFix.exe is also saved already.Nothing happened.I clicked on ComboFix.exe to open it since combo did not auto start, which is what I think you said would happen?), and it auto starts a scan, and I do not see how to drag into combo sucessfully.Cannot do next step till this step is understood and done.Please advise.Thank you PS/FYI/Reminder: When multi-USB plug in is plugged in with several external hard drives plugged onto the multi-USB plug in still can reboot; it stays stuck at begginning stage. Again this did not happen before we started this proccess. Link to post Share on other sites More sharing options...
ashotinthedark Posted December 15, 2013 Author ID:764777 Share Posted December 15, 2013 Think figured out first step finallyHere are the results: ComboFix 13-12-13.01 - newlife 12/15/2013 10:24:36.3.8 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16278.14040 [GMT -5:00]Running from: c:\users\newlife\Desktop\ComboFix.exeCommand switches used :: c:\users\newlife\Desktop\CFScript.txtAV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:\windows\system32\AdpeakProxy64.dll"..((((((((((((((((((((((((( Files Created from 2013-11-15 to 2013-12-15 )))))))))))))))))))))))))))))))..2013-12-15 15:31 . 2013-12-15 15:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2013-12-15 15:31 . 2013-12-15 15:31 -------- d-----w- c:\users\Default\AppData\Local\temp2013-12-13 19:16 . 2013-12-13 19:16 -------- d-----w- c:\users\TEMP2013-12-12 08:05 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL2013-12-12 08:05 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe2013-12-12 08:05 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe2013-12-12 08:05 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL2013-12-12 08:05 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll2013-12-11 18:22 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll2013-12-10 15:35 . 2013-12-10 15:35 -------- d-----w- c:\program files (x86)\AVG2013-12-09 12:13 . 2013-12-09 12:13 -------- d-----w- C:\_OTM2013-12-08 19:08 . 2013-12-14 21:12 -------- d-----w- c:\users\newlife\AppData\Roaming\vlc2013-12-08 12:36 . 2013-11-18 06:28 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0AE7B6C6-AE1F-49C2-83E3-3B1300452691}\mpengine.dll2013-12-08 11:04 . 2013-12-08 18:51 -------- d-----w- c:\program files (x86)\Hosts_Anti_Adwares_PUPs2013-12-07 05:31 . 2013-12-07 05:31 -------- d-----w- c:\windows\ERUNT2013-12-06 15:17 . 2013-12-06 15:17 -------- d-----w- c:\users\newlife\AppData\Roaming\Malwarebytes2013-12-06 15:16 . 2013-12-08 11:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-12-06 15:16 . 2013-12-06 15:16 -------- d-----w- c:\programdata\Malwarebytes2013-12-06 15:16 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-12-05 12:33 . 2013-12-08 10:53 -------- d-----w- C:\AdwCleaner2013-12-02 08:30 . 2013-12-04 16:16 -------- d-----w- c:\program files (x86)\Google2013-11-27 07:11 . 2013-11-27 07:11 -------- d-----w- c:\windows\Migration2013-11-26 16:41 . 2013-12-08 10:50 -------- d-----w- c:\users\newlife\AppData\Roaming\uTorrent2013-11-23 15:45 . 2013-10-16 15:18 439296 ----a-w- c:\windows\system32\AdpeakProxy64.dll2013-11-21 13:38 . 2013-11-21 13:38 -------- d-----w- c:\users\newlife\AppData\Roaming\convertaudiofree2013-11-21 13:38 . 2013-11-21 13:38 -------- d-----w- c:\users\newlife\AppData\Local\cache2013-11-21 13:38 . 2013-11-21 13:38 -------- d-----w- c:\users\newlife\AppData\Local\Mobogenie2013-11-21 13:24 . 2013-11-21 13:33 -------- d-----w- c:\program files (x86)\Total Video Converter2013-11-16 13:07 . 2013-11-16 13:07 -------- d-----w- c:\program files (x86)\Common Files\Java2013-11-16 13:06 . 2013-11-16 13:06 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-11-16 13:06 . 2013-11-16 13:06 -------- d-----w- c:\program files (x86)\Java2013-11-16 09:16 . 2013-11-16 09:16 -------- d-----w- c:\users\newlife\AppData\Roaming\RealNetworks2013-11-16 09:14 . 2013-11-16 09:14 -------- d-----w- c:\program files (x86)\RealNetworks2013-11-16 09:14 . 2013-11-16 09:14 -------- d-----w- c:\programdata\RealNetworks2013-11-16 09:14 . 2013-11-16 09:14 -------- d-----w- c:\program files (x86)\Common Files\xing shared2013-11-16 09:13 . 2013-11-16 09:13 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-12-15 08:00 . 2012-12-27 23:13 90708896 ----a-w- c:\windows\system32\MRT.exe2013-11-19 08:33 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe2013-11-16 13:04 . 2012-12-29 21:33 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-11-16 13:04 . 2012-12-29 21:33 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-11-12 16:14 . 2013-11-12 16:14 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2013-11-12 16:14 . 2013-11-12 16:14 194048 ----a-w- c:\windows\SysWow64\elshyph.dll2013-11-12 16:14 . 2013-11-12 16:14 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2013-11-12 16:14 . 2013-11-12 16:14 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll2013-11-12 16:14 . 2013-11-12 16:14 235008 ----a-w- c:\windows\system32\elshyph.dll2013-11-12 16:14 . 2013-11-12 16:14 182272 ----a-w- c:\windows\SysWow64\msls31.dll2013-11-12 16:14 . 2013-11-12 16:14 62464 ----a-w- c:\windows\SysWow64\tdc.ocx2013-11-12 16:14 . 2013-11-12 16:14 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll2013-11-12 16:14 . 2013-11-12 16:14 61952 ----a-w- c:\windows\SysWow64\iesetup.dll2013-11-12 16:14 . 2013-11-12 16:14 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll2013-11-12 16:14 . 2013-11-12 16:14 454656 ----a-w- c:\windows\SysWow64\vbscript.dll2013-11-12 16:14 . 2013-11-12 16:14 36352 ----a-w- c:\windows\SysWow64\imgutil.dll2013-11-12 16:14 . 2013-11-12 16:14 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll2013-11-12 16:14 . 2013-11-12 16:14 337408 ----a-w- c:\windows\SysWow64\html.iec2013-11-12 16:14 . 2013-11-12 16:14 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll2013-11-12 16:14 . 2013-11-12 16:14 151552 ----a-w- c:\windows\SysWow64\iexpress.exe2013-11-12 16:14 . 2013-11-12 16:14 139264 ----a-w- c:\windows\SysWow64\wextract.exe2013-11-12 16:14 . 2013-11-12 16:14 13312 ----a-w- c:\windows\SysWow64\mshta.exe2013-11-12 16:14 . 2013-11-12 16:14 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe2013-11-12 16:14 . 2013-11-12 16:14 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2013-11-12 16:14 . 2013-11-12 16:14 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll2013-11-12 16:14 . 2013-11-12 16:14 942592 ----a-w- c:\windows\system32\jsIntl.dll2013-11-12 16:14 . 2013-11-12 16:14 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll2013-11-12 16:14 . 2013-11-12 16:14 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-11-12 16:14 . 2013-11-12 16:14 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2013-11-12 16:14 . 2013-11-12 16:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2013-11-12 16:14 . 2013-11-12 16:14 247808 ----a-w- c:\windows\system32\msls31.dll2013-11-12 16:14 . 2013-11-12 16:14 195584 ----a-w- c:\windows\system32\msrating.dll2013-11-12 16:14 . 2013-11-12 16:14 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2013-11-12 16:14 . 2013-11-12 16:14 84992 ----a-w- c:\windows\system32\mshtmled.dll2013-11-12 16:14 . 2013-11-12 16:14 81408 ----a-w- c:\windows\system32\icardie.dll2013-11-12 16:14 . 2013-11-12 16:14 77312 ----a-w- c:\windows\system32\tdc.ocx2013-11-12 16:14 . 2013-11-12 16:14 626176 ----a-w- c:\windows\system32\msfeeds.dll2013-11-12 16:14 . 2013-11-12 16:14 616104 ----a-w- c:\windows\system32\ieapfltr.dat2013-11-12 16:14 . 2013-11-12 16:14 548352 ----a-w- c:\windows\system32\vbscript.dll2013-11-12 16:14 . 2013-11-12 16:14 52224 ----a-w- c:\windows\system32\msfeedsbs.dll2013-11-12 16:14 . 2013-11-12 16:14 48640 ----a-w- c:\windows\system32\mshtmler.dll2013-11-12 16:14 . 2013-11-12 16:14 453120 ----a-w- c:\windows\system32\dxtmsft.dll2013-11-12 16:14 . 2013-11-12 16:14 413696 ----a-w- c:\windows\system32\html.iec2013-11-12 16:14 . 2013-11-12 16:14 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll2013-11-12 16:14 . 2013-11-12 16:14 30208 ----a-w- c:\windows\system32\licmgr10.dll2013-11-12 16:14 . 2013-11-12 16:14 296960 ----a-w- c:\windows\system32\dxtrans.dll2013-11-12 16:14 . 2013-11-12 16:14 263376 ----a-w- c:\windows\system32\iedkcs32.dll2013-11-12 16:14 . 2013-11-12 16:14 243200 ----a-w- c:\windows\system32\webcheck.dll2013-11-12 16:14 . 2013-11-12 16:14 235520 ----a-w- c:\windows\system32\url.dll2013-11-12 16:14 . 2013-11-12 16:14 167424 ----a-w- c:\windows\system32\iexpress.exe2013-11-12 16:14 . 2013-11-12 16:14 143872 ----a-w- c:\windows\system32\wextract.exe2013-11-12 16:14 . 2013-11-12 16:14 13312 ----a-w- c:\windows\system32\msfeedssync.exe2013-11-12 16:14 . 2013-11-12 16:14 131072 ----a-w- c:\windows\system32\IEAdvpack.dll2013-11-12 16:14 . 2013-11-12 16:14 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll2013-11-12 16:14 . 2013-11-12 16:14 105984 ----a-w- c:\windows\system32\iesysprep.dll2013-11-12 16:14 . 2013-11-12 16:14 101376 ----a-w- c:\windows\system32\inseng.dll2013-11-12 16:14 . 2013-11-12 16:14 83968 ----a-w- c:\windows\system32\MshtmlDac.dll2013-11-12 16:14 . 2013-11-12 16:14 774144 ----a-w- c:\windows\system32\jscript.dll2013-11-12 16:14 . 2013-11-12 16:14 62464 ----a-w- c:\windows\system32\pngfilt.dll2013-11-12 16:14 . 2013-11-12 16:14 48128 ----a-w- c:\windows\system32\imgutil.dll2013-11-12 16:14 . 2013-11-12 16:14 147968 ----a-w- c:\windows\system32\occache.dll2013-11-12 16:14 . 2013-11-12 16:14 13824 ----a-w- c:\windows\system32\mshta.exe2013-11-12 16:14 . 2013-11-12 16:14 135680 ----a-w- c:\windows\system32\iepeers.dll2013-11-06 02:55 . 2013-11-06 02:55 150808 ----a-w- c:\windows\system32\drivers\avgdiska.sys2013-11-05 02:52 . 2013-11-05 02:52 240920 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys2013-11-01 04:00 . 2013-11-01 04:00 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys2013-11-01 03:49 . 2013-11-01 03:49 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys2013-10-31 01:30 . 2013-10-31 01:31 312744 ----a-w- c:\windows\system32\javaws.exe2013-10-31 01:30 . 2013-10-31 01:30 189352 ----a-w- c:\windows\system32\javaw.exe2013-10-31 01:30 . 2013-10-31 01:30 189352 ----a-w- c:\windows\system32\java.exe2013-10-31 01:30 . 2013-10-31 01:30 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll2013-10-25 03:25 . 2013-10-25 03:25 194872 ----a-w- c:\windows\system32\drivers\avgidsha.sys2013-10-14 23:00 . 2013-11-12 16:16 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE2013-10-12 02:30 . 2013-11-12 23:33 830464 ----a-w- c:\windows\system32\nshwfp.dll2013-10-12 02:29 . 2013-11-12 23:33 859648 ----a-w- c:\windows\system32\IKEEXT.DLL2013-10-12 02:29 . 2013-11-12 23:33 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL2013-10-12 02:03 . 2013-11-12 23:33 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll2013-10-12 02:01 . 2013-11-12 23:33 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL2013-10-05 20:25 . 2013-11-12 23:33 1474048 ----a-w- c:\windows\system32\crypt32.dll2013-10-05 19:57 . 2013-11-12 23:33 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll2013-10-04 02:28 . 2013-11-12 23:33 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll2013-10-04 02:25 . 2013-11-12 23:33 197120 ----a-w- c:\windows\system32\credui.dll2013-10-04 02:24 . 2013-11-12 23:33 1930752 ----a-w- c:\windows\system32\authui.dll2013-10-04 01:58 . 2013-11-12 23:33 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll2013-10-04 01:56 . 2013-11-12 23:33 168960 ----a-w- c:\windows\SysWow64\credui.dll2013-10-04 01:56 . 2013-11-12 23:33 1796096 ----a-w- c:\windows\SysWow64\authui.dll2013-10-03 02:23 . 2013-11-12 23:33 404480 ----a-w- c:\windows\system32\gdi32.dll2013-10-03 02:00 . 2013-11-12 23:33 311808 ----a-w- c:\windows\SysWow64\gdi32.dll2013-10-02 02:22 . 2013-11-12 23:37 56832 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys2013-10-02 02:11 . 2013-11-12 23:37 13824 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe2013-10-02 02:08 . 2013-11-12 23:37 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll2013-10-02 01:48 . 2013-11-12 23:37 56832 ----a-w- c:\windows\system32\MsRdpWebAccess.dll2013-10-02 01:48 . 2013-11-12 23:37 18944 ----a-w- c:\windows\system32\wksprtPS.dll2013-10-02 01:29 . 2013-11-12 23:37 62976 ----a-w- c:\windows\system32\tsgqec.dll2013-10-02 01:10 . 2013-11-12 23:37 44544 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll2013-10-02 00:15 . 2013-11-12 23:36 1057280 ----a-w- c:\windows\system32\rdvidcrl.dll2013-10-02 00:14 . 2013-11-12 23:37 50176 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll2013-10-02 00:14 . 2013-11-12 23:37 17920 ----a-w- c:\windows\SysWow64\wksprtPS.dll2013-10-02 00:08 . 2013-11-12 23:37 83968 ----a-w- c:\windows\system32\TSWbPrxy.exe2013-10-02 00:01 . 2013-11-12 23:37 420864 ----a-w- c:\windows\system32\wksprt.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 130736 ----a-w- c:\users\newlife\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 130736 ----a-w- c:\users\newlife\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 130736 ----a-w- c:\users\newlife\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 130736 ----a-w- c:\users\newlife\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-10-13 2068856]"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2013-06-09 1516496].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2011-08-11 75048]"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]"ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2011-10-13 2068856]"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" [2010-10-27 328992]"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-11-16 295512]"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-11-08 4956176].c:\users\newlife\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\newlife\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1)"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe""TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" -osboot.R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/10/29 07:30;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 glideusb;GlidePoint USB Touchpad Filter;c:\windows\system32\DRIVERS\glideusb.sys;c:\windows\SYSNATIVE\DRIVERS\glideusb.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\system32\DRIVERS\XHCIPort.sys;c:\windows\SYSNATIVE\DRIVERS\XHCIPort.sys [x]R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]R4 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]R4 GlidePoint;GlidePoint Touchpad Client;c:\program files\GlidePoint\glidesvc.exe;c:\program files\GlidePoint\glidesvc.exe [x]R4 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x]R4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R4 YouTubeDownloaderConverter;YouTubeDownloaderConverter;c:\users\newlife\AppData\Roaming\GVU Technologies\YouTubeDownloaderConverter\CertifiedBrowserService.exe;c:\users\newlife\AppData\Roaming\GVU Technologies\YouTubeDownloaderConverter\CertifiedBrowserService.exe [x]S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]..--- Other Services/Drivers In Memory ---.*Deregistered* - CLKMDRV10_9EC60124.Contents of the 'Scheduled Tasks' folder.2013-12-14 c:\windows\Tasks\1-Click Maintenance.job- c:\program files (x86)\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 11:51].2013-12-15 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-29 13:04]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 164016 ----a-w- c:\users\newlife\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 164016 ----a-w- c:\users\newlife\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 164016 ----a-w- c:\users\newlife\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 164016 ----a-w- c:\users\newlife\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-30 7284328]"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"=c:\windows\System32\nvinitx.dll.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsUxTuneUp.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = https://www.google.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htmIE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htmTrusted Zone: dell.comTCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\users\newlife\AppData\Roaming\Mozilla\Firefox\Profiles\uzjkrskb.default\FF - prefs.js: browser.search.defaulturl -FF - prefs.js: browser.search.selectedEngine - BingFF - prefs.js: keyword.URL -FF - ExtSQL: 2013-11-16 04:14; {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF - ExtSQL: 2013-12-05 07:48; {27c60876-b5c9-4335-b4f3-52b26782220c}; c:\users\newlife\AppData\Roaming\Mozilla\Firefox\Profiles\uzjkrskb.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-12-15 10:33:35ComboFix-quarantined-files.txt 2013-12-15 15:33ComboFix2.txt 2013-12-13 19:16.Pre-Run: 342,957,473,792 bytes freePost-Run: 342,692,401,152 bytes free.- - End Of File - - 566FF054F71733614D32254B21047B15 Link to post Share on other sites More sharing options...
kevinf80 Posted December 15, 2013 ID:764783 Share Posted December 15, 2013 The problem file is still showing up in the CF log, we will have to look at the registry again to make sure we have caught all entries. Regarding the boot issue with the USB multi plug. None of the tools we`ve used or entries we removed would cause the issue you mention. If your system will not boot because that plug in IS in place it means windows is try to boot from the USB device first, it must still have priority in the Boot order via BIOS. You will have to look at the boot order again, make the required change and save that change on exit... Also do this please: Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit. http://jpshortstuff.247fixes.com/SystemLook_x64.exe <<- 64 bit…. http://images.malwareremoval.com/jpshortstuff/SystemLook.exe <<- 32 bit (If you still have System Look, no need to d/l again) Double-click SystemLook.exe to run it.Copy the content of the following codebox into the main textfield: :filefind*adpeak*Adpeak.**Scorpion*Scopion.*:folderfind*Scorpion**adpeak*:regfind*Scorpion*Scorpion*adpeak*adpeak Click the Look button to start the scan.When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found on your Desktop entitled SystemLook.txt Link to post Share on other sites More sharing options...
ashotinthedark Posted December 16, 2013 Author ID:764968 Share Posted December 16, 2013 malware byte scan result first: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.12.15.03Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476newlife :: ENERGIA [administrator]12/15/2013 10:39:18 AMMBAM-log-2013-12-15 (20-18-56).txtScan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 409251Time elapsed: 55 minute(s), 39 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe.vir (Adware.AdPeak) -> No action taken.(end) Link to post Share on other sites More sharing options...
ashotinthedark Posted December 16, 2013 Author ID:764971 Share Posted December 16, 2013 "Regarding the boot issue with the USB multi plug. None of the tools we`ve used or entries we removed would cause the issue you mention. If your system will not boot because that plug in IS in place it means windows is try to boot from the USB device first, it must still have priority in the Boot order via BIOS. You will have to look at the boot order again, make the required change and save that change on exit..." Did as you said to change order.All seems well in bios order, but still reboot problem Will do what you said above next, but boot still problem.Did recently add a third external hard drive; maybe culprit? Link to post Share on other sites More sharing options...
ashotinthedark Posted December 16, 2013 Author ID:764973 Share Posted December 16, 2013 Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.12.15.03Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476newlife :: ENERGIA [administrator]12/15/2013 10:39:18 AMmbam-log-2013-12-15 (10-39-18).txtScan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 409251Time elapsed: 55 minute(s), 39 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe.vir (Adware.AdPeak) -> Quarantined and deleted successfully.(end) Link to post Share on other sites More sharing options...
kevinf80 Posted December 16, 2013 ID:765041 Share Posted December 16, 2013 Have you ran System Look, can you post that log? Link to post Share on other sites More sharing options...
ashotinthedark Posted December 16, 2013 Author ID:765115 Share Posted December 16, 2013 Kevin OK next step as per your directions: SystemLook 30.07.11 by jpshortstuffLog created at 09:48 on 16/12/2013 by newlifeAdministrator - Elevation successful========== filefind ==========Searching for "*adpeak*"C:\AdwCleaner\Quarantine\C\Windows\System32\AdpeakProxy.ini.vir --a---- 5360 bytes [20:42 06/11/2013] [20:42 06/11/2013] 18DFC8C69730221B2CFEFFCCB565A90EC:\AdwCleaner\Quarantine\C\Windows\System32\AdpeakProxyOff.ini.vir --a---- 2312 bytes [20:32 06/11/2013] [20:32 06/11/2013] 1ED56540E72D15EA63DF19D70636A347C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\AdpeakProxy.ini.vir --a---- 5360 bytes [20:42 06/11/2013] [20:42 06/11/2013] 18DFC8C69730221B2CFEFFCCB565A90EC:\AdwCleaner\Quarantine\C\Windows\SysWOW64\AdpeakProxyOff.ini.vir --a---- 2312 bytes [20:32 06/11/2013] [20:32 06/11/2013] 1ED56540E72D15EA63DF19D70636A347C:\Windows\System32\AdpeakProxy64.dll --a---- 439296 bytes [15:45 23/11/2013] [15:18 16/10/2013] 78857BF5996E9BC8E82C1B671CBF85E6Searching for "Adpeak.*"No files found.Searching for "*Scorpion*"No files found.Searching for "Scopion.*"No files found.========== folderfind ==========Searching for "*Scorpion*"No folders found.Searching for "*adpeak*"No folders found.========== regfind ==========Searching for "*Scorpion*"No data found.Searching for "Scorpion"[HKEY_LOCAL_MACHINE\SOFTWARE\Adpeak, Inc.\ScorpionSaver Services][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"c:\Program Files\ScorpionSaver Services\"=""[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\070C83CAC0BBFE455B6212FB4397793C]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP.ini"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\382E585E62B6F595CB727CEBAB9E48A0]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B786268CB4A7F156A3BDF6701444F22]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakProxy64.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\Microsoft.Deployment.WindowsInstaller.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4D2EB987C8C8A46578D4943D5A9A1467]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\Installbat.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB4398202577895B83B74B08F79C3A2]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7617C782A0FD4D15288CD4E4ECF84C67]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\InstallDLL.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7AB2AE85638F6255CA2F35481D3A8828]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\PCProxyDLL.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9BBBCEE5468FF9C569B1F7A24F6ED3D8]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\InstallDLL64.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1A8F5D2D938A495DBE3BC97E2BC5FA3]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\Installbat64.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2E5AC6B3591558529A290643010F81B]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakProxy.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5E8CD27C9B1C435AAB81D8619DCEFE3]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP64.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6BA018E6E43F3A949AF3E90563067F81\InstallProperties]"DisplayName"="ScorpionSaver Services"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E810AB6-F34E-49A3-A93F-9E503660F718}]"DisplayName"="ScorpionSaver Services"[HKEY_LOCAL_MACHINE\SOFTWARE\Scorpion Saver]Searching for "*adpeak*"No data found.Searching for "adpeak"[HKEY_LOCAL_MACHINE\SOFTWARE\Adpeak, Inc.][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\070C83CAC0BBFE455B6212FB4397793C]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP.ini"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\382E585E62B6F595CB727CEBAB9E48A0]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B786268CB4A7F156A3BDF6701444F22]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakProxy64.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB4398202577895B83B74B08F79C3A2]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A3380AB2BD8DB6D5E9CCD5BEE8B77161]"6BA018E6E43F3A949AF3E90563067F81"="c?\Windows\system32\AdpeakProxy.ini"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2E5AC6B3591558529A290643010F81B]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakProxy.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5E8CD27C9B1C435AAB81D8619DCEFE3]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP64.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F8088A98A171A45558462E18D211A2D2]"6BA018E6E43F3A949AF3E90563067F81"="c?\Windows\system32\AdpeakProxyOff.ini"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6BA018E6E43F3A949AF3E90563067F81\InstallProperties]"Publisher"="Adpeak, Inc."[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6BA018E6E43F3A949AF3E90563067F81\InstallProperties]"HelpLink"="http://www.adpeak.com/"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E810AB6-F34E-49A3-A93F-9E503660F718}]"Publisher"="Adpeak, Inc."[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E810AB6-F34E-49A3-A93F-9E503660F718}]"HelpLink"="http://www.adpeak.com/"-= EOF =- Link to post Share on other sites More sharing options...
kevinf80 Posted December 16, 2013 ID:765148 Share Posted December 16, 2013 Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)http://oldtimer.geekstogo.com/OTM.exe.http://www.itxassociates.com/OT-Tools/OTM.comhttp://www.itxassociates.com/OT-Tools/OTM.exe Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Reg, such as :Reg:Reg[-HKEY_LOCAL_MACHINE\SOFTWARE\Adpeak, Inc.\ScorpionSaver Services][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"c:\Program Files\ScorpionSaver Services\"=-[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\070C83CAC0BBFE455B6212FB4397793C][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4D2EB987C8C8A46578D4943D5A9A1467][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7617C782A0FD4D15288CD4E4ECF84C67][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7AB2AE85638F6255CA2F35481D3A8828][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9BBBCEE5468FF9C569B1F7A24F6ED3D8][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1A8F5D2D938A495DBE3BC97E2BC5FA3][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E810AB6-F34E-49A3-A93F-9E503660F718}][-HKEY_LOCAL_MACHINE\SOFTWARE\Scorpion Saver][-HKEY_LOCAL_MACHINE\SOFTWARE\Adpeak, Inc.][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\070C83CAC0BBFE455B6212FB4397793C][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\382E585E62B6F595CB727CEBAB9E48A0][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B786268CB4A7F156A3BDF6701444F22][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB4398202577895B83B74B08F79C3A2][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A3380AB2BD8DB6D5E9CCD5BEE8B77161][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2E5AC6B3591558529A290643010F81B][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5E8CD27C9B1C435AAB81D8619DCEFE3][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F8088A98A171A45558462E18D211A2D2][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6BA018E6E43F3A949AF3E90563067F81][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E810AB6-F34E-49A3-A93F-9E503660F718}]:FilesC:\Windows\System32\AdpeakProxy64.dllc:\Program Files\ScorpionSaver Servicesc:\Windows\system32\AdpeakProxyOff.ini:Commands[EmptyTemp] Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMNote: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.If the machine reboots, the Results log can be found here:c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.logWhere mmddyyyy_hhmmss is the date of the tool run. Next, Run Quick scan with Mlawarebytes and post that log.... Next, We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete: Run Eset Online Scanner **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan click on the Run ESET Online Scanner button Tick the box next to YES, I accept the Terms of Use.Click Start When asked, allow the add/on to be installedClick Start Make sure that the option Remove found threats is unticked Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click Scan wait for the virus definitions to be downloaded Wait for the scan to finish When the scan is complete If no threats were found put a checkmark in "Uninstall application on close" close program report to me that nothing was found If threats were found click on "list of threats found" click on "export to text file" and save it as ESET SCAN and save to the desktop Click on back put a checkmark in "Uninstall application on close" click on finish close program copy and paste the report in next reply Post the produced logs, also give an update on any remaining issues or concerns... Kevin.. Link to post Share on other sites More sharing options...
ashotinthedark Posted December 17, 2013 Author ID:765451 Share Posted December 17, 2013 Kevin, OTM scan results: All processes killed========== REGISTRY ==========Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Adpeak, Inc.\ScorpionSaver Services\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\070C83CAC0BBFE455B6212FB4397793C\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4D2EB987C8C8A46578D4943D5A9A1467\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7617C782A0FD4D15288CD4E4ECF84C67\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7AB2AE85638F6255CA2F35481D3A8828\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9BBBCEE5468FF9C569B1F7A24F6ED3D8\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1A8F5D2D938A495DBE3BC97E2BC5FA3\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E810AB6-F34E-49A3-A93F-9E503660F718}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E810AB6-F34E-49A3-A93F-9E503660F718}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Scorpion Saver\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Adpeak, Inc.\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\070C83CAC0BBFE455B6212FB4397793C\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\382E585E62B6F595CB727CEBAB9E48A0\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B786268CB4A7F156A3BDF6701444F22\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB4398202577895B83B74B08F79C3A2\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A3380AB2BD8DB6D5E9CCD5BEE8B77161\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2E5AC6B3591558529A290643010F81B\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5E8CD27C9B1C435AAB81D8619DCEFE3\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F8088A98A171A45558462E18D211A2D2\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6BA018E6E43F3A949AF3E90563067F81\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E810AB6-F34E-49A3-A93F-9E503660F718}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E810AB6-F34E-49A3-A93F-9E503660F718}\ not found.========== FILES ==========File/Folder C:\Windows\System32\AdpeakProxy64.dll not found.File/Folder c:\Program Files\ScorpionSaver Services not found.File/Folder c:\Windows\system32\AdpeakProxyOff.ini not found.========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytes User: newlife->Temp folder emptied: 102630369 bytes->Temporary Internet Files folder emptied: 6705079 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 387553619 bytes->Flash cache emptied: 2005 bytes User: Public->Temp folder emptied: 0 bytes User: TEMP->Temp folder emptied: 0 bytes User: UpdatusUser->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 560 bytes%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytesRecycleBin emptied: 3208652166 bytes Total Files Cleaned = 3,534.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 12172013_080247Files moved on Reboot...File move failed. C:\Users\newlife\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.File move failed. C:\Users\newlife\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.Registry entries deleted on Reboot... Link to post Share on other sites More sharing options...
ashotinthedark Posted December 17, 2013 Author ID:765470 Share Posted December 17, 2013 Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.12.17.04Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476newlife :: ENERGIA [administrator]12/17/2013 8:18:21 AMMBAM-log-2013-12-17 (09-19-46).txtScan type: Full scan (C:\|D:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 409724Time elapsed: 48 minute(s), 15 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) -> No action taken.(end) Link to post Share on other sites More sharing options...
ashotinthedark Posted December 17, 2013 Author ID:765489 Share Posted December 17, 2013 Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.12.17.04Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476newlife :: ENERGIA [administrator]12/17/2013 8:18:21 AMmbam-log-2013-12-17 (08-18-21).txtScan type: Full scan (C:\|D:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 409724Time elapsed: 48 minute(s), 15 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.(end) Link to post Share on other sites More sharing options...
ashotinthedark Posted December 17, 2013 Author ID:765516 Share Posted December 17, 2013 C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe.vir a variant of Win64/Adware.Adpeak.B applicationC:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A applicationC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application Link to post Share on other sites More sharing options...
ashotinthedark Posted December 17, 2013 Author ID:765540 Share Posted December 17, 2013 This system is somewhat lethargic, but better than it was. I would however say not as good as before the spyware infection first happened. Still somewhat lethargic and sluggish. Better but not the way it was.The reboot issue goes as follows:I recently acquired a third external hard drive. A Seagate 4TB. I do not recall exactly whether or not the reboot problem was happening before after I acquired the external hard drive. So I do not know if it is the messing around we have been doing, or, the recent addition of the hard drive that started the trouble. What I do know for sure is when I disconnect that one hard drive, and leave everything else, the other two external hard drives, printer, etc., plugged into the multi-plug USB ports that plug into a USB port in the computer, it reboots okay. It is only when the newly acquired third external hard drive is plugged in also that the reboot issue occurs. The bios boot selection has been checked and is appropriate.Could there be a setting in this particular external hard drive that is causing the notebook to tried to boot from it? Link to post Share on other sites More sharing options...
kevinf80 Posted December 17, 2013 ID:765557 Share Posted December 17, 2013 If the boot issue has started after the 4TB hd drive was installed best to leave it unplugged for now. I honestly do not see why that should have an impact as the boot order has the Normal HD in priority over USB device. Is the 4TB hd second hand or new? Regarding the lethargy issue, set your system to start in a "Clean Boot" state, see if that makes any improvement. When none MS services are disabled make sure your security and any wifi services are left active... Go here: http://support.microsoft.com/kb/929135 scroll to and expand the option for your OS (Windows 7) follow those instructions and run a clean boot. Does that make any difference... Kevin Link to post Share on other sites More sharing options...
ashotinthedark Posted December 20, 2013 Author ID:766712 Share Posted December 20, 2013 Okay just got back.First, the external hard drive issue: it is a 4TB Seagate external hard drive. I swapped it out thinking the first one was defective, however, same thing is happening with the second hard drive, which means it is not be hard drive, further meaning, that is not defective, and yes it is brand-new.I am not one percent as computer technical as you, but, I have some common sense with this, and it makes no sense that this is happening.Any ideas on how to keep the hard drive plugged in and still allow the computer to reboot as it does with the other three hard drives already plugged in? I will do what you advise in your last post above probably tonight and post as soon as done to hopefully alleviate the lethargy problem. Just FYI, I noticed that Microsoft Outlook is running particularly slow for some reason. Link to post Share on other sites More sharing options...
kevinf80 Posted December 20, 2013 ID:766806 Share Posted December 20, 2013 Regarding outlook, go here http://www.emailaddressmanager.com/outlook/faster-outlook.html follow the advice given and see if that helps... Regarding external HD issue, what exactly is the set up of your PC, how many internal HD`s. What is the set up for the external HD`s Do you have a multi plug with one connection to the PC, and several for the External HD`s, also how many HD`s are external only..I assume your PC has one internal HD, Then you have a USB multi plug has three external HD`s. PC works fine, if you add a fourth external HD we have a none bootable state, is that correct Also give update how system responds in Clean Boot state... Link to post Share on other sites More sharing options...
ashotinthedark Posted December 22, 2013 Author ID:767597 Share Posted December 22, 2013 Did a clean boot. Yes better/faster. Should I keep system this way? Link to post Share on other sites More sharing options...
ashotinthedark Posted December 22, 2013 Author ID:767598 Share Posted December 22, 2013 No matter what I do insfoar whcih extrermal hard drive and how many externals plugged in, or not, if the newly acquired one attached, alone, or with whatever number of others, the sytem will not reboot. Any way to fix this? Setting on the external hard drive? Link to post Share on other sites More sharing options...
ashotinthedark Posted December 22, 2013 Author ID:767600 Share Posted December 22, 2013 PS on clean boot: -If I reboot will it return to "normal settings" as was before I made changes? -It already was set on "Selective Startup" before I did anytrhing.Is this correct or should it be set on "Normal Startup?" Link to post Share on other sites More sharing options...
ashotinthedark Posted December 22, 2013 Author ID:767617 Share Posted December 22, 2013 While attempting to cleanup Microsoft Outlook I tried to archive the inbox, which is huge, and I think contributing to the problem of slowness, and this is the error message I received: Error while archiving folder inbox in-store personal folders. You are attempting to archive your data in a Microsoft Outlook 97-2002 personal holders file PST which is a non-Unicode data file. To preserve multilingual data, you must choose a Unicode data file, such as the Microsoft Outlook Outlook personal folders file PST. See help for more information Link to post Share on other sites More sharing options...
ashotinthedark Posted December 22, 2013 Author ID:767619 Share Posted December 22, 2013 Installed Bells and Whistles from the site you mentioned above:http://www.emailaddr...er-outlook.htmlNow it will not uninstall? Link to post Share on other sites More sharing options...
ashotinthedark Posted December 22, 2013 Author ID:767624 Share Posted December 22, 2013 Got bells and whistles to uninstall Link to post Share on other sites More sharing options...
Recommended Posts