jeffce Posted February 16, 2014 ID:792034 Share Posted February 16, 2014 Still with me? Link to post Share on other sites More sharing options...
awriternot Posted February 16, 2014 Author ID:792100 Share Posted February 16, 2014 Yep, I'm here! Running MBAM again. Link to post Share on other sites More sharing options...
jeffce Posted February 16, 2014 ID:792177 Share Posted February 16, 2014 Link to post Share on other sites More sharing options...
awriternot Posted February 16, 2014 Author ID:792192 Share Posted February 16, 2014 OK here is the MBAM Log: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.02.16.04 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16798Owner :: MIKKI-PC [administrator] 2/16/2014 11:41:20 AMmbam-log-2014-02-16 (11-41-20).txt Scan type: Full scan (C:\|D:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 432507Time elapsed: 3 hour(s), 6 minute(s), 34 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 3C:\Program Files (x86)\Adobe\Adobe Photoshop CS6\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.C:\AdwCleaner\Quarantine\C\Program Files (x86)\Amazon Browser Bar\search_protect.exe.vir (PUP.Optional.Searchprotect) -> Quarantined and deleted successfully.C:\Users\Owner\Desktop\rcp_dcomnew_sec_728.exe (PUP.Optional.RegCleanPro) -> Quarantined and deleted successfully. (end) Link to post Share on other sites More sharing options...
jeffce Posted February 16, 2014 ID:792231 Share Posted February 16, 2014 Which individual file are you searching for? Link to post Share on other sites More sharing options...
awriternot Posted February 16, 2014 Author ID:792245 Share Posted February 16, 2014 One other thing that I was just thinking of. I backup my PC and it's setup to backup pretty often. Now I'm all freaked out. What if I ever have to restore? I do know that it syncs and supposedly updates the backup based on what I delete or add. Do you think it does that??? Link to post Share on other sites More sharing options...
awriternot Posted February 16, 2014 Author ID:792247 Share Posted February 16, 2014 Moderator - I thought I posted on the wrong post but didn't...lol. I saw that other user post on mine and thought I ended up on the wrong page. SO, I don't know how to delete or edit, so I'm posting once more in case that one does get deleted. Sorry! Jeff:One other thing that I was just thinking of. I backup my PC and it's setup to backup pretty often. Now I'm all freaked out. What if I ever have to restore? I do know that it syncs and supposedly updates the backup based on what I delete or add. Do you think it does that??? Link to post Share on other sites More sharing options...
jeffce Posted February 16, 2014 ID:792270 Share Posted February 16, 2014 Well, restore points will be cleared when we remove our tools. As for the backups....ESET normally will see those. Did ESET find anything? Link to post Share on other sites More sharing options...
jeffce Posted February 18, 2014 ID:793293 Share Posted February 18, 2014 Still here? Link to post Share on other sites More sharing options...
awriternot Posted February 20, 2014 Author ID:793886 Share Posted February 20, 2014 Yep! What is ESET? Link to post Share on other sites More sharing options...
jeffce Posted February 20, 2014 ID:794136 Share Posted February 20, 2014 Yep! What is ESET? Sorry about that..... ESET Online Scanner Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as AdministratorNote: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked and the Scan Archives option is ticked.Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click ScanWait for the scan to finishWhen the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.Close the ESET online scan, and let me know how things are now.---------- Link to post Share on other sites More sharing options...
awriternot Posted February 23, 2014 Author ID:795459 Share Posted February 23, 2014 ok doing now Link to post Share on other sites More sharing options...
jeffce Posted February 23, 2014 ID:795504 Share Posted February 23, 2014 Link to post Share on other sites More sharing options...
awriternot Posted February 24, 2014 Author ID:795620 Share Posted February 24, 2014 This is what it says: C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe.vir a variant of MSIL/AdvancedSystemProtector.B potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\AspManager.exe.vir a variant of MSIL/AdvancedSystemProtector.B potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\filetypehelper.exe.vir a variant of MSIL/AdvancedSystemProtector.B potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\scandll.dll.vir a variant of MSIL/AdvancedSystemProtector.B potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\Cloud_Backup_Setup.exe.vir Win32/MyPCBackup.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\Cloud_Backup_Setup_Intl.exe.vir Win32/MyPCBackup.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\WhiteSmoke_New_1.1\hk64tbWhit.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\WhiteSmoke_New_1.1\hktbWhit.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\WhiteSmoke_New_1.1\ldrtbWhit.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\WhiteSmoke_New_1.1\prxtbWhit.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\WhiteSmoke_New_1.1\tbWhit.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Temp\NativeMessaging\CT3316750.crx.vir a variant of Win32/Toolbar.Conduit.Z potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\WhiteSmoke_New_1.1\hk64tbWhit.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\WhiteSmoke_New_1.1\hktbWhit.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\WhiteSmoke_New_1.1\ldrtbWhit.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\WhiteSmoke_New_1.1\tbWhit.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted applicationC:\Program Files\Trend Micro\AMSP\temp\virus\VINSB9a01184 Win32/BrowseFox.B potentially unwanted applicationC:\Program Files\Trend Micro\AMSP\temp\virus\VS4G1NBH.10L Win32/RiskWare.PEMalform.B applicationC:\Program Files (x86)\GS_x64.Enabler a variant of Win64/SProtector.A potentially unwanted applicationC:\Users\Owner\Documents\ccsetup409.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Owner\Downloads\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Users\Owner\Videos\apps\com.alienmanfc6.wheresmyandroid-2.apk a variant of Android/Walien.F potentially unsafe application Link to post Share on other sites More sharing options...
jeffce Posted February 24, 2014 ID:795773 Share Posted February 24, 2014 Hi, ComboFixPlease open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:ClearJavaCache:: File::C:\Program Files\Trend Micro\AMSP\temp\virus\VINSB9a01184 C:\Program Files\Trend Micro\AMSP\temp\virus\VS4G1NBH.10L C:\Program Files (x86)\GS_x64.Enabler C:\Users\Owner\Documents\ccsetup409.exe C:\Users\Owner\Downloads\ccsetup410.exe C:\Users\Owner\Videos\apps\com.alienmanfc6.wheresmyandroid-2.apkSave this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.ComboFix may request an update; please allow it.ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.---------- Post the new log and let me know how your system is running now. Link to post Share on other sites More sharing options...
jeffce Posted February 26, 2014 ID:796670 Share Posted February 26, 2014 Still here? Link to post Share on other sites More sharing options...
awriternot Posted February 27, 2014 Author ID:796991 Share Posted February 27, 2014 Yep. This next step looks a little bit more complicated, so going to do it now. Link to post Share on other sites More sharing options...
awriternot Posted February 27, 2014 Author ID:796994 Share Posted February 27, 2014 Actually, since it's so late....I'm going to do this tomorrow evening when I get off of work. Thanks, Jeff! Link to post Share on other sites More sharing options...
jeffce Posted February 27, 2014 ID:797103 Share Posted February 27, 2014 Sounds good! Link to post Share on other sites More sharing options...
awriternot Posted March 1, 2014 Author ID:797942 Share Posted March 1, 2014 Okie dokie. Here ya go. Wow, is this thing always so hard to remove? ComboFix 14-02-24.02 - Owner 02/28/2014 19:06:38.2.2 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2253 [GMT -6:00]Running from: c:\users\Owner\Desktop\ComboFix.exeCommand switches used :: c:\users\Owner\Desktop\CFScript.txtAV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:\program files (x86)\GS_x64.Enabler""c:\program files\Trend Micro\AMSP\temp\virus\VINSB9a01184""c:\program files\Trend Micro\AMSP\temp\virus\VS4G1NBH.10L""c:\users\Owner\Documents\ccsetup409.exe""c:\users\Owner\Downloads\ccsetup410.exe""c:\users\Owner\Videos\apps\com.alienmanfc6.wheresmyandroid-2.apk"..((((((((((((((((((((((((( Files Created from 2014-02-01 to 2014-03-01 )))))))))))))))))))))))))))))))..2014-03-01 01:18 . 2014-03-01 01:18 -------- d-----w- c:\users\Guest\AppData\Local\temp2014-03-01 01:18 . 2014-03-01 01:18 -------- d-----w- c:\users\Default\AppData\Local\temp2014-03-01 01:18 . 2014-03-01 01:18 -------- d-----w- c:\users\Administrator\AppData\Local\temp2014-02-25 22:06 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll2014-02-25 22:06 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll2014-02-24 13:15 . 2014-02-24 13:15 -------- d-----w- c:\users\Owner\AppData\Local\QuickenWindow2014-02-24 12:43 . 2014-02-24 12:43 -------- d-----w- c:\users\Owner\AppData\Local\IsolatedStorage2014-02-23 18:12 . 2014-02-23 18:44 -------- d-----w- c:\users\Owner\AppData\Roaming\ID3-TagIT 32014-02-23 18:10 . 2014-02-23 18:10 -------- d-----w- c:\program files (x86)\ID3-TagIT 32014-02-23 18:10 . 2014-02-23 18:10 -------- d-----w- c:\programdata\ID3-TagIT 32014-02-23 16:18 . 2014-02-23 16:18 -------- d-----w- c:\program files (x86)\ESET2014-02-23 16:13 . 2014-02-23 16:13 -------- d-----w- C:\OneDriveTemp2014-02-20 01:45 . 2014-02-20 01:53 -------- d-----w- c:\program files (x86)\Quicken2014-02-19 02:49 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll2014-02-19 02:49 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll2014-02-17 00:09 . 2014-02-17 00:09 -------- d-----w- c:\windows\Migration2014-02-17 00:06 . 2013-10-15 00:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE2014-02-17 00:01 . 2014-02-17 00:01 84992 ----a-w- c:\windows\system32\mshtmled.dll2014-02-12 06:04 . 2013-10-02 01:10 44544 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll2014-02-12 06:04 . 2013-10-02 04:38 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui2014-02-12 05:55 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll2014-02-12 05:54 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys2014-02-12 05:54 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll2014-02-12 05:54 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll2014-02-12 05:54 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll2014-02-12 05:54 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll2014-02-12 05:37 . 2012-07-25 18:03 16896 ----a-w- c:\windows\system32\sasnative64.exe2014-02-12 05:36 . 2014-02-12 05:36 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-02-12 05:25 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll2014-02-12 05:25 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll2014-02-12 05:25 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll2014-02-12 05:25 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll2014-02-12 05:25 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll2014-02-12 05:25 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll2014-02-12 05:25 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll2014-02-12 05:25 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll2014-02-12 05:25 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll2014-02-12 05:25 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-02-21 21:58 . 2013-02-28 18:19 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-02-21 21:58 . 2012-02-21 13:41 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-02-12 06:08 . 2010-10-15 21:40 88567024 ----a-w- c:\windows\system32\MRT.exe2014-01-22 01:16 . 2014-01-28 06:50 117024 ----a-w- c:\windows\system32\BootDefrag.exe2014-01-22 01:09 . 2014-01-28 06:50 17088 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys2014-01-21 16:43 . 2014-01-21 12:09 238128 ----a-w- c:\windows\RegBootClean64.exe2014-01-21 11:49 . 2014-01-21 11:49 4229120 ----a-w- c:\program files (x86)\GS_x64.Enabler2014-01-15 03:34 . 2013-06-19 23:30 566480 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe2014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\SysWow64\GPhotos.scr2013-12-21 00:45 . 2013-12-21 00:45 45056 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}\UNINST_Uninstall_C_EBD1846850A64C858760A659B987DCFF.exe2013-12-21 00:45 . 2013-12-21 00:45 45056 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}\ARPPRODUCTICON.exe2013-12-16 00:07 . 2013-12-16 00:07 276256 ----a-w- c:\windows\system32\drivers\DigiartyVirtualCDBus.sys2013-12-13 21:10 . 2011-01-02 19:11 4200744 ----a-w- c:\windows\SysWow64\cdintf400.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2014-02-23 02:27 222920 ----a-w- c:\users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217_1\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2014-02-23 02:27 222920 ----a-w- c:\users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217_1\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2014-02-23 02:27 222920 ----a-w- c:\users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217_1\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-09-11 02:09 131248 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-09-11 02:09 131248 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-09-11 02:09 131248 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay-cbfs4]@="{D2244D6F-F44D-4A19-8A6E-9B7AACCA4E89}"[HKEY_CLASSES_ROOT\CLSID\{D2244D6F-F44D-4A19-8A6E-9B7AACCA4E89}]2013-10-25 20:14 156456 ----a-w- c:\windows\SysWOW64\cbfsMntNtf4.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MusicManager"="c:\users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2013-11-12 7380992]"SkyDrive"="c:\users\Owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2014-02-23 257224]"BDAB3CD44D7D45EEC58DB422F61BD03E74CADA2F._service_run"="c:\users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe" [2014-02-20 859464]"Skitch"="c:\program files (x86)\Evernote\Skitch\Skitch.exe" [2013-12-31 4739392]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-22 39408]"QuickenScheduledUpdates"="c:\program files (x86)\Quicken\bagent.exe" [2014-02-05 77096].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-07-19 703888]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"SpUninstallDeleteDir"="rmdir" [X].c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteTray.exe [2014-1-28 397664].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Box Sync.lnk - c:\program files\Box Sync\BoxSync.exe -hidden [2013-6-7 7959552]MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2013-10-2 6444360].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]"{B8FD60CF-9D65-44C7-BECA-891CB8C4D5AD}"= "c:\windows\SysWOW64\cbfsMntNtf4.dll" [2013-10-25 156456].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]"EldosMountNotificator-cbfs4"= {B8FD60CF-9D65-44C7-BECA-891CB8C4D5AD} - c:\windows\SysWOW64\cbfsMntNtf4.dll [2013-10-25 156456].[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux1"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk * .R2 1a34a8e0;GS.Supporter;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [x]R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]R3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys;c:\windows\SYSNATIVE\drivers\DigiartyVirtualCDBus.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys;c:\windows\SYSNATIVE\Drivers\motoandroid.sys [x]R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]S1 cbfs4;cbfs4;c:\windows\system32\drivers\cbfs4.sys;c:\windows\SYSNATIVE\drivers\cbfs4.sys [x]S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]S2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2013/02/26 08:23];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [x]S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [x]S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [x]S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x]S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [x]S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [x]S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys;c:\windows\SYSNATIVE\DRIVERS\tmeevw.sys [x]S3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys;c:\windows\SYSNATIVE\DRIVERS\tmnciesc.sys [x]S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]S3 vpnpbus;EldoS PnP Virtual Bus driver;c:\windows\system32\DRIVERS\vpnpbus.sys;c:\windows\SYSNATIVE\DRIVERS\vpnpbus.sys [x]..Contents of the 'Scheduled Tasks' folder.2014-03-01 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-28 21:59].2014-02-19 c:\windows\Tasks\GlaryInitialize 4.job- c:\program files (x86)\Glary Utilities 4\Initialize.exe [2014-01-22 01:15].2014-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 00:02].2014-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-08 00:02].2014-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2681166796-2007918134-1661358387-1000Core.job- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-07 23:48].2014-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2681166796-2007918134-1661358387-1000UA.job- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-07 23:48]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2014-02-23 02:27 261832 ----a-w- c:\users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217_1\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2014-02-23 02:27 261832 ----a-w- c:\users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217_1\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2014-02-23 02:27 261832 ----a-w- c:\users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217_1\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]2014-01-15 03:39 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]2014-01-15 03:39 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]2014-01-15 03:39 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ StashNotUploaded]@="{34DF8AC2-A6BB-4855-B45A-CC1B4D9183E3}"[HKEY_CLASSES_ROOT\CLSID\{34DF8AC2-A6BB-4855-B45A-CC1B4D9183E3}]2012-11-03 12:39 862720 ----a-w- c:\program files\Mozy\Stash\StashShell.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ StashPendingChanges]@="{6673BC77-4A7B-4299-A130-14312E6B203A}"[HKEY_CLASSES_ROOT\CLSID\{6673BC77-4A7B-4299-A130-14312E6B203A}]2012-11-03 12:39 862720 ----a-w- c:\program files\Mozy\Stash\StashShell.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ StashUpToDate]@="{04547006-32F5-4635-844B-B8D7FCE47692}"[HKEY_CLASSES_ROOT\CLSID\{04547006-32F5-4635-844B-B8D7FCE47692}]2012-11-03 12:39 862720 ----a-w- c:\program files\Mozy\Stash\StashShell.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopFileLocked]@="{C253B817-3A00-475f-A5A3-6F2DD704B48D}"[HKEY_CLASSES_ROOT\CLSID\{C253B817-3A00-475f-A5A3-6F2DD704B48D}]2010-11-04 22:57 444752 ----a-w- c:\windows\System32\mscoree.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSynced]@="{19ACC806-F7AA-46AA-A80A-726A07CA6637}"[HKEY_CLASSES_ROOT\CLSID\{19ACC806-F7AA-46AA-A80A-726A07CA6637}]2010-11-04 22:57 444752 ----a-w- c:\windows\System32\mscoree.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSyncedCollabs]@="{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}"[HKEY_CLASSES_ROOT\CLSID\{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}]2010-11-04 22:57 444752 ----a-w- c:\windows\System32\mscoree.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSynced]@="{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}"[HKEY_CLASSES_ROOT\CLSID\{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}]2010-11-04 22:57 444752 ----a-w- c:\windows\System32\mscoree.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSyncedCollab]@="{9E48C232-F601-4E41-BB3E-16CBAF317AA4}"[HKEY_CLASSES_ROOT\CLSID\{9E48C232-F601-4E41-BB3E-16CBAF317AA4}]2010-11-04 22:57 444752 ----a-w- c:\windows\System32\mscoree.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage Sync\1.0.18.84\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]@="{64174815-8D98-4CE6-8646-4C039977D808}"[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage Sync\1.0.18.84\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage Sync\1.0.18.84\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-09-11 02:09 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-09-11 02:09 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-09-11 02:09 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-09-11 02:09 164016 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay-cbfs4]@="{D2244D6F-F44D-4A19-8A6E-9B7AACCA4E89}"[HKEY_CLASSES_ROOT\CLSID\{D2244D6F-F44D-4A19-8A6E-9B7AACCA4E89}]2013-10-25 20:15 182568 ----a-w- c:\windows\System32\cbfsMntNtf4.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2014-01-30 21:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2014-01-30 21:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2014-01-30 21:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]2014-01-30 21:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2014-01-30 21:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2014-01-30 21:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]2013-10-02 13:51 6885192 ----a-w- c:\program files\MozyHome\mozyshell.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]2013-10-02 13:51 6885192 ----a-w- c:\program files\MozyHome\mozyshell.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-12-18 1304296]"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]"BoxSyncHelper"="c:\program files\Box Sync\BoxSyncHelper.exe" [2013-06-08 393216].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]"{B8FD60CF-9D65-44C7-BECA-891CB8C4D5AD}"= "c:\windows\system32\cbfsMntNtf4.dll" [2013-10-25 182568].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Clip image - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4IE: Clip selection - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3IE: Clip this page - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1IE: Clip URL - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000IE: New note - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.htmlIE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105Trusted Zone: marykayintouch.com\applicationsTCP: DhcpNameServer = 75.75.76.76 75.75.75.75FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ghug7evk.default\FF - ExtSQL: 2014-01-31 11:52; abb@amazon.com; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ghug7evk.default\extensions\abb@amazon.com.xpiFF - ExtSQL: 2014-02-10 22:13; {38783831-6098-4faa-A9C9-1EE1E343F4D2}; c:\program files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextensionFF - ExtSQL: 2014-02-13 03:46; {22C7F6C6-8D67-4534-92B5-529A0EC09405}; c:\program files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startBHO-{E9F2720A-EB2C-8BC7-D724-EDCB5426CE19} - (no file)SSODL-EldosMountNotificator-cbfs4 REG_SZ {B8FD60CF-9D65-44C7-BECA-891CB8C4D5AD}- - (no file)AddRemove-Amazon Browser Settings - c:\program files (x86)\Amazon Browser Bar\uninstaller.exeAddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{1a34a8e0} - c:\progra~2\GSB779~1.ENA...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{73526619-C24F-470B-9BED-53D455FBB5C6}]"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.12".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-02-28 19:24:25ComboFix-quarantined-files.txt 2014-03-01 01:24ComboFix2.txt 2014-02-07 02:56.Pre-Run: 335,082,123,264 bytes freePost-Run: 334,906,843,136 bytes free.- - End Of File - - 5FE6A09B218988CAEAE1B5E0E7968C1AA36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
jeffce Posted March 1, 2014 ID:798074 Share Posted March 1, 2014 Yes...sometimes infections can be resilient. How is your system running? Link to post Share on other sites More sharing options...
awriternot Posted March 5, 2014 Author ID:799632 Share Posted March 5, 2014 Seems to be OK. I've been sick the last 3 days so I haven't been on much. Just irritated with this darned Conduit! LOL Link to post Share on other sites More sharing options...
jeffce Posted March 5, 2014 ID:799649 Share Posted March 5, 2014 Are you still seeing Conduit? In what browser(s)? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 8, 2014 Root Admin ID:800677 Share Posted March 8, 2014 Are you still with us? This topic will be closed soon if we do not hear back from you. Link to post Share on other sites More sharing options...
awriternot Posted March 9, 2014 Author ID:800940 Share Posted March 9, 2014 Yes, I'm here. Sigh...I promise.... Link to post Share on other sites More sharing options...
Recommended Posts