Jump to content

Recommended Posts

I've seen this come up several times in the forum, so I know you know how to deal with it.  Microsoft Security Essentials appears to be running in the processes, but if I try to open the graphic user interface it appears briefly and then closes.  I have downloaded and run Malwarebytes and run quick and full scans and removed some items, but the problem continues.  Thank you for your help.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.6001.19489  BrowserJavaVersion: 10.25.2
Run by Hairball at 15:57:59 on 2014-02-10
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.8156.5774 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Egnyte Local Cloud\EgnyteLocalCloudDriveMonitor.exe
C:\Program Files (x86)\Egnyte Local Cloud\EgnyteLocalCloudSynchronizer.exe
C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Windows\runservice.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Rebit-SaveMe\bin\Rebit-SaveMe-Svc.exe
C:\Program Files (x86)\Rebit-SaveMe\bin\Rebit-SaveMe-SysMon.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Egnyte Local Cloud\egnyte_local_cloud_client.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Rebit-SaveMe\bin\Rebit-SaveMe-Tray.exe
C:\Program Files (x86)\Rebit-SaveMe\bin\Rebit-SaveMe-Autoplay.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Hairball\AppData\Local\Digsby\App\lib\digsby-app.exe
C:\Program Files (x86)\trayit\trayit_4_6_5_5\TrayIt!.exe
C:\Program Files (x86)\Egnyte Local Cloud\egnyte_local_cloud_systray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\MHotKey.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ChiFuncExt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Hairball\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\Explorer.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.




uProxyOverride = localhost; 127.0.0.1; <local>
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} -
uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>
mURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: OToolbarHelper Class: {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files (x86)\PayPal\PayPal Plug-In\PayPalHelper.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: PayPal Plug-In: {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files (x86)\PayPal\PayPal Plug-In\OToolbar.dll
uRun: [Google Update] "C:\Users\Hairball\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
uRun: [spotify Web Helper] "C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe"
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Egnyte Local Cloud] "C:\Program Files (x86)\Egnyte Local Cloud\StartPlc.vbs" systray
StartupFolder: C:\Users\Hairball\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\digsby.lnk - C:\Users\Hairball\AppData\Local\Digsby\App\digsby.exe
StartupFolder: C:\Users\Hairball\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SIDEBA~1.LNK - C:\Program Files (x86)\Windows Sidebar\sidebar.exe
StartupFolder: C:\Users\Hairball\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TRAYIT~1.LNK - C:\Program Files (x86)\trayit\trayit_4_6_5_5\TrayIt!.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download All by ASUS Download - C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownloadAll.htm
IE: Download using ASUS Download - C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownload.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html



TCP: NameServer = 208.67.220.222 192.168.2.1
TCP: Interfaces\{69C8657C-8380-49AC-9968-AEACC2850F5D} : DHCPNameServer = 208.67.220.222 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg


x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableLUA = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\

FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\PayPal\PayPal Plug-In\components\PayPalPlugin.dll
FF - component: C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\extensions\allglassv2@ambroos.neowin.net\components\dwmxpcom.dll
FF - component: C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Hairball\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Hairball\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Users\Hairball\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Hairball\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Hairball\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 egnyteMon;Egnyte Drive Monitor Service;C:\Program Files (x86)\Egnyte Local Cloud\EgnyteLocalCloudDriveMonitor.exe [2013-9-13 28264]
R2 egnyteSync;Egnyte Synchronizer Service;C:\Program Files (x86)\Egnyte Local Cloud\EgnyteLocalCloudSynchronizer.exe [2013-9-13 28264]
R2 ExpressInvoiceService;Express Invoice;C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [2010-3-17 3002372]
R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 LicCtrlService;LicCtrl Service;C:\Windows\Runservice.exe [2009-10-22 2560]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-12-7 376144]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-12-26 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-9 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-9 701512]
R2 Rebit-SaveMe-Svc;Rebit SaveMe Svc;C:\Program Files (x86)\Rebit-SaveMe\bin\Rebit-SaveMe-Svc.exe [2011-1-8 2213400]
R2 Rebit-SaveMe-SysMon;Rebit SaveMe SysMon;C:\Program Files (x86)\Rebit-SaveMe\bin\Rebit-SaveMe-SysMon.exe [2011-1-8 608280]
R2 UsbService;ASUS Virtual MFP Service;C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [2011-12-14 334848]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-4-2 306304]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-4-2 126464]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-9 25928]
R3 vuhub;Virtual Usb Hub;C:\Windows\System32\drivers\vuhub.sys [2011-12-14 47616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2011-12-14 38912]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="C:\Program Files (x86)\JGsoft\EditPadPro6\EditPadPro.exe" "%1"
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
ShellExec: switch.exe: open="C:\Program Files (x86)\NCH Software\Switch\switch" "%L"
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-02-10 20:26:50    3817    --sha-w-    C:\Windows\SysWow64\mmf.sys
2014-02-04 20:28:50    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-04 20:28:50    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-22 13:08:50    92488    ----a-w-    C:\Windows\System32\LMIinit.dll
2014-01-22 13:08:50    35656    ----a-w-    C:\Windows\System32\LMIport.dll
2014-01-22 13:08:50    107368    ----a-w-    C:\Windows\System32\LMIRfsClientNP.dll
2014-01-19 07:33:29    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-01-06 21:20:12    86054176    ----a-w-    C:\Windows\System32\mrt.exe
.
============= FINISH: 15:58:38.32 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 10/10/2006 6:28:37 PM
System Uptime: 2/10/2014 3:26:00 PM (0 hours ago)
.
Motherboard: Gateway |  | WG43M
Processor: Intel® Core2 Quad CPU    Q8200  @ 2.33GHz | CPU 1 | 2003/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 583 GiB total, 142.028 GiB free.
D: is CDROM ()
G: is FIXED (NTFS) - 466 GiB total, 217.005 GiB free.
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&1D01FCF&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&1D01FCF&0
Service: i8042prt
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
A1 WMA Splitter
Acrobat.com
Adobe Acrobat 9 Pro
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Photoshop Elements
Adobe Shockwave Player 12.0
Adobe SVG Viewer
Agere Systems PCI-SV92EX Soft Modem
Air Video Server 2.4.3
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArgusMonitor
Ask Toolbar
ASUS RT-N56U Wireless Router Utilities
Audacity 1.2.6
bitRipper
BitTorrent
BitTorrentBar Toolbar
Blaze Media Pro
Bonjour
BrettspielWelt
Canon MF Toolbox 4.9.1.1.mf09
Carambis Driver Updater
CDisplay 1.8
Choice Guard
ComicRack v0.9.129
ComicZeal Sync 0.9.4.5
Compatibility Pack for the 2007 Office system
Core Temp 1.0 RC4
CyberLink Power2Go
Data Doctor's Audio Splitter version 2.0.1.5
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DestroyTwitter 2
Digsby
Doxillion Document Converter
Draft Day Sports: Pro Basketball
Draft Day Sports: Pro Basketball 2
Dropbox
Egnyte Application 6.0
Egnyte Personal Local Cloud v7.9.100
Evernote v. 5.1.2
Express Invoice
Express Scribe
f4 3.1.0
Facebook Plug-In
FileZilla Client 3.6.0.2
FlipShare
FOF2k7 Utility Suite
FormatFactory 2.60
Free MP3 WMA Cutter 5.0.2
Front Office Football 2007
Front Office Football Seven
Gateway Games
Gateway Photo Frame 4.2.3.6
Gateway Recovery Management
GOM Player
Google Chrome
Google Gmail Notifier
Google Talk Plugin
Google Toolbar for Internet Explorer
Growl for Windows
Hearts of Iron 2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
InqScribe 2.0.5
Intel A/V Codecs V2.0
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iPod for Windows User Guide 2.0
iPod Software Updater
iSEEK AnswerWorks English Runtime
iSofter DVD Audio Ripper Deluxe 2.1.2006.828
iTunes
Java 7 Update 25
Java Auto Updater
Junk Mail filter update
Just Great Software EditPad Pro 6 DEMO 6.5.2
KB0817 Keyboard Driver
LAME v3.98.2 for Audacity
Logitech MouseWare 9.41 .1
LogMeIn
LSI PCI-SV92EX Soft Modem
MAGpie2
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Virtual PC 2007 SP1
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
mIRC
Mozilla Firefox 27.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird (6.0)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
MUSICMATCH iPod Plug-in
MUSICMATCH® Jukebox
NCH Toolbox
Nettalk 6.7
News File Grabber 4.6.0.3
OLYMPUS CAMEDIA Master 2.0
OpenOffice.org 3.3
Oratrix GRiNS Player for Magpie
OverDrive Media Console
PayPal Plug-In
Pixillion Image Converter
PlayReady PC runtime
POPFile 1.1.1
POPFile Data (Hairball)
Prism Video File Converter
QT Lite 3.1.0
Quicken 2003 Premier Home & Business
Quicken 2008
Quicken 2012
QuickTime
Real Alternative 2.0.2
Realtek High Definition Audio Driver
Rebit SaveMe v3.0.1035.8778
SANYO LD-ADPCM Audio CODEC uninstall
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Sony Player Plug-in for Windows Media Player
Spelling Dictionaries Support For Adobe Reader 9
Spotify
Switch Sound File Converter
swMSM
SYSTAT 12
System Requirements Lab CYRI
Trillian
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
VASSAL (3.1.20)
VideoPad Video Editor
VLC media player 2.0.8
VLC Streamer 1.28
WavePad Sound Editor
Win2PDF 7
Win2PDF Font Helper 1.21 (GPL Ghostscript 8.62)
WinDirStat 1.1.2
Windows Installer Clean Up
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Resource Kit Tools - SubInAcl.exe
WinRAR archiver
WinZip 15.0
Wizard101
WMPKeys
WMV To WMA Converter 1.00
WordPerfect Office 12
XNote Stopwatch
XnView 1.97.6
YahELite 330.1
.
==== End Of File ===========================
 

Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General Forum P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

I have tried running RogueKiller several times and it seems to hang after a while of scanning the processes (it automatically starts scanning when I start the program also).  It doesn't always hang at the same point, once at cabinet.dll, another time at NTDSAPI.dll, etc.  Is it normal for it to take a very long time on some of these files?  I'm not sure how long to let it work (I've left it at the same file for about a half an hour at times). 

Link to post
Share on other sites

Do this instead:

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

OK...Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Thanks, I can't access the icon, that's the problem I'm having.  The icon disappears if you click on it, and if the program is opened the GUI disappears right away.  In the Task Manager I've attempted to stop the service or the process ubt it says access is denied.  I'll just try anyway, and if that doesn't work, try Safe Mode maybe.

Link to post
Share on other sites

ComboFix 14-02-05.02 - Hairball 02/10/2014  21:58:00.1.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.8156.6287 [GMT -5:00]
Running from: c:\users\Hairball\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Hairball\AppData\Roaming\Microsoft\AdjMmsVista.dll
c:\users\Hairball\AppData\Roaming\Microsoft\Windows\Recent\Grief and Art.docx
c:\windows\SysWow64\Memman.vxd
c:\windows\SysWow64\skinboxer43.dll
c:\windows\wininit.ini
c:\windows\YAHELITE.INI
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-11 to 2014-02-11  )))))))))))))))))))))))))))))))
.
.
2014-02-10 18:24 . 2013-12-04 00:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{797B31C0-FDFE-4C73-A34F-07B87EB97D2C}\mpengine.dll
2014-02-09 17:57 . 2014-02-09 17:57    965000    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38858A0E-BC98-4692-8267-B9C6B24CC238}\gapaengine.dll
2014-02-09 17:57 . 2013-12-04 00:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-09 17:55 . 2014-02-09 17:55    --------    d-----w-    c:\users\Hairball\AppData\Roaming\Malwarebytes
2014-02-09 17:55 . 2014-02-09 17:55    --------    d-----w-    c:\programdata\Malwarebytes
2014-02-09 17:55 . 2014-02-09 17:55    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-09 17:55 . 2013-04-04 19:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-02-09 17:49 . 2014-02-09 17:49    --------    d-----w-    c:\program files (x86)\Microsoft Security Client
2014-02-09 17:49 . 2014-02-09 17:49    --------    d-----w-    c:\program files\Microsoft Security Client
2014-02-09 16:53 . 2014-02-09 16:53    --------    d-----w-    c:\windows\Migration
2014-02-01 16:23 . 2014-02-01 16:23    --------    d-----w-    c:\program files (x86)\WinDirStat
2014-01-30 13:30 . 2014-01-30 13:30    --------    d-----w-    c:\program files (x86)\Evernote
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-04 20:28 . 2012-04-02 14:23    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-04 20:28 . 2011-05-28 02:31    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-22 13:08 . 2011-12-27 02:22    35656    ----a-w-    c:\windows\system32\LMIport.dll
2014-01-22 13:08 . 2011-12-27 02:22    107368    ----a-w-    c:\windows\system32\LMIRfsClientNP.dll
2014-01-22 13:08 . 2011-12-27 02:22    92488    ----a-w-    c:\windows\system32\LMIinit.dll
2014-01-19 07:33 . 2009-10-21 02:18    270496    ------w-    c:\windows\system32\MpSigStub.exe
2014-01-06 21:20 . 2006-11-02 12:35    86054176    ----a-w-    c:\windows\system32\mrt.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\Hairball\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\Hairball\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\Hairball\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\Hairball\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Spotify Web Helper"="c:\program files (x86)\Spotify\Data\SpotifyWebHelper.exe" [2014-02-01 1171968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-09-18 152392]
"Egnyte Local Cloud"="c:\program files (x86)\Egnyte Local Cloud\StartPlc.vbs" [2013-09-13 12191]
.
c:\users\Hairball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
digsby.lnk - c:\users\Hairball\AppData\Local\Digsby\App\digsby.exe [2010-4-2 141488]
sidebar.exe - Shortcut.lnk - c:\program files (x86)\Windows Sidebar\sidebar.exe [2009-12-3 1233920]
TrayIt!.exe - Shortcut.lnk - c:\program files (x86)\trayit\trayit_4_6_5_5\TrayIt!.exe [2012-6-13 204800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 17818757
*Deregistered* - 17818757
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 20:28]
.
2014-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2537762183-2906929975-913101168-1000Core.job
- c:\users\Hairball\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-08 16:30]
.
2014-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2537762183-2906929975-913101168-1000UA.job
- c:\users\Hairball\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-08 16:30]
.
2014-02-11 c:\windows\Tasks\User_Feed_Synchronization-{17F8435C-9AE6-464A-A0CC-3EEF04119937}.job
- c:\windows\system32\msfeedssync.exe [2013-12-12 04:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ _001EgnyteOk]
@="{3A87EE91-AED7-46E9-B8A3-5360628BA718}"
[HKEY_CLASSES_ROOT\CLSID\{3A87EE91-AED7-46E9-B8A3-5360628BA718}]
2013-09-13 20:26    919656    ----a-w-    c:\program files (x86)\Egnyte Local Cloud\Extensions\EgnyteExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ _002EgnytePending]
@="{32C0A1F2-A6AA-41FB-906A-C8FB4436B2B3}"
[HKEY_CLASSES_ROOT\CLSID\{32C0A1F2-A6AA-41FB-906A-C8FB4436B2B3}]
2013-09-13 20:26    919656    ----a-w-    c:\program files (x86)\Egnyte Local Cloud\Extensions\EgnyteExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ _003EgnyteError]
@="{6C86A3CE-0F44-4C8A-8A3E-34B68ECD30A7}"
[HKEY_CLASSES_ROOT\CLSID\{6C86A3CE-0F44-4C8A-8A3E-34B68ECD30A7}]
2013-09-13 20:26    919656    ----a-w-    c:\program files (x86)\Egnyte Local Cloud\Extensions\EgnyteExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\Hairball\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\Hairball\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\Hairball\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\Hairball\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-10 7212576]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-10 1833504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Supplementary Scan -------
.

uLocal Page = c:\windows\system32\blank.htm


mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip Image - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download All by ASUS Download - c:\program files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownloadAll.htm
IE: Download using ASUS Download - c:\program files (x86)\ASUS\RT-N56U Wireless Router Utilities\ASDownload.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 208.67.220.222 192.168.2.1
FF - ProfilePath - c:\users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\

FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
SafeBoot-17818757.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
AddRemove-Adobe SVG Viewer - c:\windows\System32\Adobe\SVG Viewer\Uninst.isu
AddRemove-CodInstl - c:\windows\system32\CDUninst.isu
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Rebit-SaveMe-Svc]
"ImagePath"="c:\program files (x86)\Rebit-SaveMe\bin\Rebit-SaveMe-Svc.exe /startedbyscm:FE2355B7-40E2EE35-RebitSvcModule"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \103076C71E8172E2]
"1"=hex:f3,63,02,17,10,0f,8c,72,44,b1,bf,31,22,25,c4,7d,41,89,c7,a7,5f,90,bb,
   a2
"2"=hex:78,8d,d3,1c,b2,90,ec,1b,1c,a2,64,53,4e,84,1e,9f,b2,06,e9,13,e4,09,2a,
   70,ff,5a,3e,81,53,c0,ed,2f
"3"=hex:f3,63,02,17,10,0f,8c,72,44,b1,bf,31,22,25,c4,7d,38,a8,bc,ca,16,d6,08,
   eb,1f,7e,9d,60,67,ee,fe,dc,98,a6,4b,00,e5,79,95,b3,c7,72,a7,45,af,1f,6c,88
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \103076C71E8172E2\103076C71E8172E2]
"1"=hex:33,08,da,55,f6,12,dc,ab,f4,e9,74,73,21,3e,6a,85,0c,fa,17,4c,bf,f3,8e,
   5c,21,2d,1d,eb,f1,a6,3a,63
"2"=hex:56,f3,50,11,98,55,25,42
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \103076C71E8172E2\A328A1DBBC554536F4620A6DA30B78D7]
"1"=hex:33,08,da,55,f6,12,dc,ab,f4,e9,74,73,21,3e,6a,85,0c,fa,17,4c,bf,f3,8e,
   5c,21,2d,1d,eb,f1,a6,3a,63
"2"=hex:53,1a,4b,a3,39,53,54,87
"3"=hex:95,37,78,de,db,70,72,84,ac,8e,5c,df,12,a7,ca,b1,40,cd,1d,0e,72,e1,f0,
   f9,5c,b5,73,28,9b,58,e0,9f,6b,38,73,3e,98,82,a9,11,9c,e1,cb,c6,f2,f1,d0,04,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
   1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:33,08,da,55,f6,12,dc,ab,f4,e9,74,73,21,3e,6a,85,0c,fa,17,4c,bf,f3,8e,
   5c,78,44,5a,69,15,3b,8d,a4,c3,3f,48,46,7e,9a,4c,7b,c8,ef,47,d7,ba,6d,7e,8f,\
"7"=hex:33,08,da,55,f6,12,dc,ab,f4,e9,74,73,21,3e,6a,85,0c,fa,17,4c,bf,f3,8e,
   5c,98,85,15,eb,69,fa,51,7d,68,76,69,35,8e,78,a8,ea,46,33,52,c9,80,90,92,81,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,f6,a2,1b,38,41,70,95,
   50,26,45,95,77,09,e3,e5,11,05,2e,6d,a8,e6,bb,1d,5c,24,52,7f,86,24,1e,fd,cc,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:0f,1f,9e,11,ed,e3,a4,c9
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:ed,48,4a,14,25,1c,1d,02,6c,5a,a3,ba,7a,aa,19,c8,26,ca,37,35,ca,5c,8b,
   db,f9,c9,4c,22,ca,68,42,91,ce,54,55,87,8c,d9,5d,70,c4,d3,ca,fe,91,45,5b,ff,\
"13"=hex:8a,d1,c5,e8,25,28,a6,46,56,89,8a,6b,da,18,f8,c5,a3,6d,c7,14,04,75,f4,
   1e
"14"=hex:83,34,31,f7,8e,d5,03,43,6f,11,5e,68,e3,63,1c,76,96,8b,9a,e7,d2,01,8d,
   7e
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:ee,fb,ff,50,cc,08,e4,a8,67,5b,01,ac,8c,4a,dd,64
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:ec,eb,72,d2,f6,35,1b,45,b2,ae,98,4b,21,e5,14,43,02,ba,8f,b8,42,32,4d,
   d4,dd,c8,c1,9d,d9,eb,4e,9a,b5,1b,cc,7d,9b,8c,0c,59,e9,60,8f,7c,30,79,d0,ee,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \103076C71E8172E2\AAEBAA674720777F98D3CB19E52B3725]
"1"=hex:33,08,da,55,f6,12,dc,ab,f4,e9,74,73,21,3e,6a,85,2f,ad,11,35,1e,74,d2,
   f6,85,c6,80,d5,b6,ed,0d,87
"2"=hex:b1,40,98,a1,fc,22,9f,db
"3"=hex:11,76,43,59,78,c6,95,0b,04,fc,75,18,c5,6d,9d,23,14,26,10,0b,1a,6d,a7,
   84,22,2b,84,1a,7b,d2,88,6e,d1,33,ba,dd,23,38,9c,b7,eb,ae,be,4e,f1,a6,20,79,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
   1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:33,08,da,55,f6,12,dc,ab,f4,e9,74,73,21,3e,6a,85,2f,ad,11,35,1e,74,d2,
   f6,e7,3e,b5,36,1b,27,c2,ca,ea,33,9f,a4,b4,5f,3b,a1,14,02,db,60,dd,f8,83,65,\
"7"=hex:33,08,da,55,f6,12,dc,ab,f4,e9,74,73,21,3e,6a,85,2f,ad,11,35,1e,74,d2,
   f6,d6,93,62,58,16,ac,98,9d,fb,96,15,df,14,58,40,fd,da,1c,0b,31,a3,58,f4,6f,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,f6,a2,1b,38,41,70,95,
   50,26,45,95,77,09,e3,e5,11,05,2e,6d,a8,e6,bb,1d,5c,24,52,7f,86,24,1e,fd,cc,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,65,1a,73,97,0d,18,95,e6,5d,ff,e1,9a,8e,34,a3,cb,6b,ba,e4,0f,f0,ed,
   19,61,b0,6c,a0,55,a2,34,b2,8d,0b,56,ab,0e,5c,c9,06,c7,25,22,62,a9,70,7f,c2,\
"13"=hex:5c,bc,c5,05,b7,d4,b4,da,60,dd,65,68,88,ff,f3,f6,90,fd,47,e4,09,b2,96,
   13
"14"=hex:83,34,31,f7,8e,d5,03,43,c8,8e,e9,f6,fc,e8,bb,e7,f8,34,65,93,0a,d3,2c,
   14
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:9b,90,6e,0a,a1,16,07,89,7f,b5,d3,29,0e,87,67,8d
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:aa,b2,69,7e,17,83,43,8f,41,6f,7e,ed,1e,25,94,dd,81,9d,5c,60,05,fd,45,
   15,0b,a6,cb,bd,3a,20,99,fd,ff,bb,13,35,cd,0f,59,d0,93,c8,02,c7,e6,2a,b7,d0,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \169D180DB7FE8847]
"1"=hex:1a,c6,90,39,73,14,70,4f,c7,99,3b,d6,b3,40,09,16,86,2b,9b,9b,f3,96,a9,
   e9
"2"=hex:05,83,26,a9,dc,b6,17,45,de,2e,f0,41,a5,95,91,56,fe,07,ca,23,63,6c,c8,
   df,a0,cb,29,a7,07,62,23,54
"3"=hex:1a,c6,90,39,73,14,70,4f,c7,99,3b,d6,b3,40,09,16,39,39,6a,6e,1d,99,29,
   0e,9a,9e,61,33,16,37,68,38,ee,25,f6,f1,91,9f,21,a9,58,ec,19,f6,96,30,78,09
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \169D180DB7FE8847\13D3AF07D4AFC792B9BD996AC108D6B5]
"1"=hex:6a,02,e3,17,35,aa,4f,41,58,69,23,a3,81,f4,a8,0e,0a,4e,8a,24,18,b0,7f,
   17,12,df,d0,2e,5e,18,49,90,15,18,bd,aa,84,24,4a,2c
"2"=hex:1d,17,00,86,c6,0f,6e,4b
"3"=hex:7c,cc,6c,a6,c4,af,76,a6,10,05,50,8f,b5,07,e3,68,58,a6,dc,b4,34,2a,6a,
   f6,72,67,30,6a,dd,ea,59,38,f6,81,b6,0e,50,1a,6f,00,45,92,69,aa,31,64,b9,18,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
   1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:6a,02,e3,17,35,aa,4f,41,58,69,23,a3,81,f4,a8,0e,0a,4e,8a,24,18,b0,7f,
   17,12,df,d0,2e,5e,18,49,90,c4,95,7b,2d,ef,6c,ce,8c,e8,95,60,cb,5b,45,db,2b,\
"7"=hex:1a,c6,90,39,73,14,70,4f,c7,99,3b,d6,b3,40,09,16,5c,6c,8a,b0,95,8d,88,
   02,5c,f2,b7,9f,8e,b8,9a,b3,47,aa,06,9a,55,51,85,6f,7c,bd,b8,83,41,dc,29,77,\
"8"=hex:63,5a,d7,1b,b1,d4,18,46,0d,91,6d,4d,53,fa,d6,8e,c8,e0,6c,37,df,1b,82,
   e9,13,9e,61,4a,f4,2e,8a,05,2f,f2,1e,a4,d8,3d,57,bf
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:9d,da,e0,9f,f8,32,9a,28,05,5d,ce,1f,e7,1b,ff,cc,c1,64,54,d0,2a,10,d6,
   ee,5d,0b,9d,ee,14,53,25,69,82,83,35,0b,6a,f4,0e,bd,d2,bb,32,fd,9c,e3,dd,93,\
"13"=hex:e7,2e,fe,c2,4a,4e,17,1d,19,65,ce,0b,d5,f6,ee,f6,f8,3b,bf,b3,65,9c,d5,
   50
"14"=hex:0d,7e,11,86,a7,43,bb,80,cb,84,d6,9b,52,2b,0b,b6
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:c0,83,16,0d,92,35,29,54,5c,59,13,3a,69,bc,ea,a9
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:94,f7,c8,1f,53,36,e3,6a,8e,1b,01,64,b2,67,67,b7,b5,a1,54,84,ef,d0,72,
   cd,1b,46,3f,e9,97,03,11,ae,52,5d,0f,68,72,cc,a6,11,88,61,72,70,5e,fa,87,ea,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2014-02-10  22:19:37
ComboFix-quarantined-files.txt  2014-02-11 03:19
.
Pre-Run: 148,874,940,416 bytes free
Post-Run: 151,504,252,928 bytes free
.
- - End Of File - - CFE70BFBED3990817CF54A498B3CFCBE
8F558EB6672622401DA993E1E865C861
 

Link to post
Share on other sites

Do this just to make sure there's no adware on the system:

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

MrC

Link to post
Share on other sites

Here is the AdwCleaner Report

 

# AdwCleaner v3.018 - Report created 11/02/2014 at 10:59:23
# Updated 28/01/2014 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)
# Username : Hairball - SLIM
# Running from : C:\Users\Hairball\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\apn
[!] Folder Deleted : C:\Program Files (x86)\Ask.com
[!] Folder Deleted : C:\Program Files (x86)\Conduit
[!] Folder Deleted : C:\Program Files (x86)\BitTorrentBar
[!] Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
[!] Folder Deleted : C:\Users\Hairball\AppData\Local\Conduit
[!] Folder Deleted : C:\Users\Hairball\AppData\Local\PackageAware
[!] Folder Deleted : C:\Users\Hairball\AppData\LocalLow\AskToolbar
[!] Folder Deleted : C:\Users\Hairball\AppData\LocalLow\Conduit
[!] Folder Deleted : C:\Users\Hairball\AppData\LocalLow\ConduitEngine
[!] Folder Deleted : C:\Users\Hairball\AppData\LocalLow\PriceGong
[!] Folder Deleted : C:\Users\Hairball\AppData\LocalLow\BitTorrentBar
[!] Folder Deleted : C:\Users\Commanda\AppData\LocalLow\BitTorrentBar
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E751F420-C094-4248-817A-D0D5C53F9534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E751F420-C094-4248-817A-D0D5C53F9534}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E751F420-C094-4248-817A-D0D5C53F9534}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28685DA1-DBF1-4C97-B528-81987C5C2325}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C348FAAD-570C-4375-B04F-C0D2731FF66D}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentBar
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\BitTorrentBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentBar Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BitTorrentBar Toolbar
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.19489


-\\ Mozilla Firefox v27.0 (en-US)

[ File : C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\prefs.js ]

Line Deleted : user_pref("extensions.toolbar@ask.com.install-event-fired", true);

[ File : C:\Users\Commanda\AppData\Roaming\Mozilla\Firefox\Profiles\kko7o15w.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Hairball\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8096 octets] - [11/02/2014 10:56:32]
AdwCleaner[s0].txt - [6749 octets] - [11/02/2014 10:59:23]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6809 octets] ##########
 

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.11.08

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19489
Hairball :: SLIM [administrator]

Protection: Enabled

2/11/2014 12:57:59 PM
mbam-log-2014-02-11 (12-57-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 249112
Time elapsed: 9 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014 01
Ran by Hairball (administrator) on SLIM on 11-02-2014 19:43:45
Running from C:\Users\Hairball\Downloads
Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
() C:\Windows\MHotKey.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Egnyte Local Cloud\EgnyteLocalCloudDriveMonitor.exe
(Chicony) C:\Windows\ChiFuncExt.exe
() C:\Program Files (x86)\Egnyte Local Cloud\EgnyteLocalCloudSynchronizer.exe
(NCH Software) C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe
() C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
() C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
() C:\Program Files (x86)\Egnyte Local Cloud\egnyte_local_cloud_client.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(Igor Nys) C:\Program Files (x86)\trayit\trayit_4_6_5_5\TrayIt!.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Egnyte Local Cloud\egnyte_local_cloud_systray.exe
() C:\Windows\runservice.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe
() C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
(Rebit, Inc.) C:\Program Files (x86)\Rebit-SaveMe\bin\Rebit-SaveMe-Svc.exe
(dotSyntax, LLC) C:\Users\Hairball\AppData\Local\Digsby\App\lib\digsby-app.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Rebit, Inc.) C:\Program Files (x86)\Rebit-SaveMe\bin\Rebit-SaveMe-SysMon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Rebit, Inc.) C:\Program Files (x86)\Rebit-SaveMe\bin\Rebit-SaveMe-Autoplay.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Rebit, Inc.) C:\Program Files (x86)\Rebit-SaveMe\bin\Rebit-SaveMe-Tray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google) C:\Users\Hairball\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(NCH Software) C:\Program Files (x86)\NCH Software\Scribe\scribe.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Just Great Software) C:\Program Files (x86)\JGsoft\EditPadPro6\EditPadPro.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(mIRC Co. Ltd.) C:\Program Files (x86)\mIRC\mirc.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [iAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-09-12] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7212576 2009-03-10] (Realtek Semiconductor)
HKLM\...\Run: [skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [Egnyte Local Cloud] - C:\Program Files (x86)\Egnyte Local Cloud\StartPlc.vbs [12191 2013-09-13] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2537762183-2906929975-913101168-1000\...\Run: [spotify Web Helper] - C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-01] (Spotify Ltd)
Startup: C:\Users\Hairball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\digsby.lnk
ShortcutTarget: digsby.lnk -> C:\Users\Hairball\AppData\Local\Digsby\App\digsby.exe ()
Startup: C:\Users\Hairball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sidebar.exe - Shortcut.lnk
ShortcutTarget: sidebar.exe - Shortcut.lnk -> C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
Startup: C:\Users\Hairball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TrayIt!.exe - Shortcut.lnk
ShortcutTarget: TrayIt!.exe - Shortcut.lnk -> C:\Program Files (x86)\trayit\trayit_4_6_5_5\TrayIt!.exe (Igor Nys)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=714647&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1006&m=sx2800
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1006&m=sx2800
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1006&m=sx2800
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKCU - {0B3FAF24-FCFB-41E5-8F19-4272919850BE} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS350
SearchScopes: HKCU - {BADA0CF7-CD8D-4ADE-9F88-F141D810105F} URL = http://websearch.ask.com/redirect?client=ie&tb=NCH2&o=APN10111&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^A5M&apn_dtid=^YYYYYY^YY^US&apn_uid=c1324b9f-894e-4c5b-bd3e-5daa57006038&apn_sauid=E07F561A-EF35-4CB7-8E7C-5B44741BDFF4&
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files (x86)\PayPal\PayPal Plug-In\PayPalHelper.dll ()
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files (x86)\PayPal\PayPal Plug-In\OToolbar.dll ()
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 208.67.220.222 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default

FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Hairball\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Hairball\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Hairball\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Hairball\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Hairball\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Hairball\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Hairball\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Hairball\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Hairball\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Разпознаване на устройство Logitech - C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\Extensions\DeviceDetection@logitech.com [2012-05-23]
FF Extension: FireGestures - C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\Extensions\firegestures@xuldev(33).org [2010-04-28]
FF Extension: Pocket - C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\Extensions\isreaditlater@ideashower.com [2013-10-07]
FF Extension: FT SilverGlow - C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\Extensions\{014fe8e0-6553-11e0-ae3e-0800200c9a66} [2012-05-12]
FF Extension: Adblock Plus - C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(34) [2010-05-02]
FF Extension: Evernote Web Clipper - C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2013-12-20]
FF Extension: Memory Fox - C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2011-11-05]
FF Extension: feedly - C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\Extensions\feedly@devhd.xpi [2013-04-15]
FF Extension: FireGestures - C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\Extensions\firegestures@xuldev.org.xpi [2011-03-28]
FF Extension: Powerbot for Gmail - C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\Extensions\jid0-Gu3lzMw3hqznaoxcf4eHdMPBN9c@jetpack.xpi [2013-03-12]
FF Extension: Most Recent Tab - C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\Extensions\jid0-LWzdpvwYVlFi9mYfHgWxSB6aFEY@jetpack.xpi [2013-10-07]
FF Extension: Lazarus: Form Recovery - C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\Extensions\lazarus@interclue.com.xpi [2011-03-25]
FF Extension: NoSquint - C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\Extensions\nosquint@urandom.ca.xpi [2013-03-26]
FF Extension: Clearly - C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\Extensions\readable@evernote.com.xpi [2013-03-12]
FF Extension: No Name - C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\Extensions\savedpasswordeditor@daniel.dawson.xpi [2013-06-06]
FF Extension: Zotero - C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\Extensions\zotero@chnm.gmu.edu.xpi [2013-10-07]
FF Extension: Stylish - C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2011-11-13]
FF Extension: Scribblies Plain - C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\Extensions\{558D3F58-1E89-4fe2-A1F1-5EADC7BC77CB}.xpi [2012-05-06]
FF Extension: NoScript - C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-25]
FF Extension: LJlogin - C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\Extensions\{ad4ee9e5-49c7-4589-acf3-db9fa76a95c9}.xpi [2011-08-30]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013-09-07]
FF Extension: FXChrome - C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\Extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi [2011-12-14]
FF Extension: Shine Bright Skin Aero - C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\Extensions\{c7b3cf78-9cbc-47b9-ba47-bb84a56069dd}.xpi [2012-01-31]
FF Extension: Adblock Plus - C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-26]
FF Extension: Download Statusbar - C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2011-10-29]
FF Extension: Tab Mix Plus - C:\Users\Hairball\AppData\Roaming\Mozilla\Firefox\Profiles\n1mkmthn.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-05-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-05]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-05]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [paypalfirefoxplugin@orbiscom] - C:\Program Files (x86)\PayPal\PayPal Plug-In
FF Extension: PayPal Plug-In for Firefox - C:\Program Files (x86)\PayPal\PayPal Plug-In [2009-12-30]

Chrome:
=======

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Hairball\AppData\Local\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Hairball\AppData\Local\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Hairball\AppData\Local\Google\Chrome\Application\32.0.1700.102\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (chromeTray Dynamic Link Library) - C:\Users\Hairball\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppkfenalijoglfhgpchdegciehdlinkh\1.1.3.45\chromeTray.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Hairball\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Facebook Plugin) - C:\Users\Hairball\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Extension: (Entanglement Web App) - C:\Users\Hairball\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-02-07]
CHR Extension: (Mouse Stroke) - C:\Users\Hairball\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeaoofnhgocdbnbeljkmbjdmhbcokfdb [2010-02-08]
CHR Extension: (4chan X) - C:\Users\Hairball\AppData\Local\Google\Chrome\User Data\Default\Extensions\cellaaeoekimmemgdheibaibbaoeefbl [2013-12-08]
CHR Extension: (PanicButton) - C:\Users\Hairball\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2013-07-28]
CHR Extension: (AdBlock) - C:\Users\Hairball\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2010-02-09]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Hairball\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2010-12-29]
CHR Extension: (iqdb.org Quick Image Search) - C:\Users\Hairball\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpadpgmgflopmiecocggaegoojdfdino [2010-06-04]
CHR Extension: (Smooth Gestures) - C:\Users\Hairball\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld [2013-05-03]
CHR Extension: (Poppit) - C:\Users\Hairball\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-02-07]
CHR Extension: (Google Wallet) - C:\Users\Hairball\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Hover Zoom) - C:\Users\Hairball\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2012-11-20]
CHR Extension: (Minimize Chrome to tray) - C:\Users\Hairball\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppkfenalijoglfhgpchdegciehdlinkh [2010-02-08]
CHR StartMenuInternet: Google Chrome - C:\Users\Hairball\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 egnyteMon; C:\Program Files (x86)\Egnyte Local Cloud\EgnyteLocalCloudDriveMonitor.exe [28264 2013-09-13] ()
R2 egnyteSync; C:\Program Files (x86)\Egnyte Local Cloud\EgnyteLocalCloudSynchronizer.exe [28264 2013-09-13] ()
R2 ExpressInvoiceService; C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [3002372 2012-02-13] (NCH Software)
R2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
R2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2010-12-15] ()
R2 LicCtrlService; C:\Windows\runservice.exe [2560 2009-10-22] ()
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-01-22] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-01-22] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NMSAccess; C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe [71096 2009-01-12] ()
R2 Rebit-SaveMe-Svc; C:\Program Files (x86)\Rebit-SaveMe\bin\Rebit-SaveMe-Svc.exe [2213400 2010-07-01] (Rebit, Inc.)
R2 Rebit-SaveMe-SysMon; C:\Program Files (x86)\Rebit-SaveMe\bin\Rebit-SaveMe-SysMon.exe [608280 2010-07-01] (Rebit, Inc.)
R2 UsbService; C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [334848 2010-08-10] ()
S2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1

==================== Drivers (Whitelisted) ====================

S3 ArgusMonitor; C:\Windows\SysWow64\drivers\ArgusMonitor.sys [61600 2011-12-01] (Argotronic UG (haftungsbeschraenkt))
S1 ASPI32; C:\Windows\SysWow64\Drivers\ASPI32.sys [16512 2006-12-12] (Adaptec)
S1 Beep; No ImagePath
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-29] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S2 mrtRate; No ImagePath
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2011-02-07] (MediaMall Technologies, Inc.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [47616 2007-12-16] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U5 l8042pr2; C:\Windows\SysWOW64\Drivers\l8042pr2.sys [50432 2001-09-19] (Logitech)
U5 lhidflt2; C:\Windows\SysWOW64\Drivers\lhidflt2.sys [22064 2001-09-19] (Logitech)
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-11 19:43 - 2014-02-11 19:44 - 00030340 _____ () C:\Users\Hairball\Downloads\FRST.txt
2014-02-11 19:43 - 2014-02-11 19:43 - 00000000 ____D () C:\FRST
2014-02-11 19:40 - 2014-02-11 19:40 - 02151424 _____ (Farbar) C:\Users\Hairball\Downloads\FRST64.exe
2014-02-11 10:56 - 2014-02-11 10:59 - 00000000 ____D () C:\AdwCleaner
2014-02-11 10:22 - 2014-02-11 10:22 - 01166132 _____ () C:\Users\Hairball\Downloads\AdwCleaner.exe
2014-02-11 09:08 - 2014-02-11 09:08 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-02-11 09:08 - 2014-02-11 09:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-02-11 09:04 - 2014-02-11 09:05 - 13670584 _____ (Microsoft Corporation) C:\Users\Hairball\Downloads\mseinstall.exe
2014-02-11 09:04 - 2014-02-11 09:04 - 00001212 _____ () C:\FixitRegBackup.reg
2014-02-11 09:03 - 2014-02-11 09:03 - 00899584 _____ () C:\Users\Hairball\Downloads\MicrosoftFixit50535.msi
2014-02-10 22:22 - 2009-11-04 22:40 - 00000000 ____D () C:\Users\Hairball\Downloads\Fix MSE
2014-02-10 22:19 - 2014-02-10 22:19 - 00027019 _____ () C:\ComboFix.txt
2014-02-10 22:10 - 2014-02-10 22:10 - 00000000 ____D () C:\Users\Hairball\AppData\Local\CrashDumps
2014-02-10 21:54 - 2014-02-10 22:19 - 00000000 ____D () C:\Qoobox
2014-02-10 21:54 - 2014-02-10 22:17 - 00000000 ____D () C:\Windows\erdnt
2014-02-10 21:54 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-10 21:54 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-10 21:54 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-10 21:54 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-10 21:54 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-10 21:54 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-10 21:54 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-10 21:54 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-10 21:43 - 2014-02-10 21:43 - 05180173 ____R (Swearware) C:\Users\Hairball\Desktop\ComboFix.exe
2014-02-10 21:11 - 2014-02-10 21:11 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Hairball\Downloads\tdsskiller.exe
2014-02-10 16:47 - 2014-02-10 17:58 - 00000000 ____D () C:\Users\Hairball\Desktop\RK_Quarantine
2014-02-10 16:46 - 2014-02-10 16:47 - 04403200 _____ () C:\Users\Hairball\Downloads\RogueKillerX64.exe
2014-02-10 16:46 - 2014-02-10 16:46 - 03809792 _____ () C:\Users\Hairball\Downloads\RogueKiller.exe
2014-02-10 15:59 - 2014-02-10 15:59 - 00009119 _____ () C:\Users\Hairball\Desktop\attach.txt
2014-02-10 15:59 - 2014-02-10 15:58 - 00019357 _____ () C:\Users\Hairball\Desktop\dds.txt
2014-02-09 13:32 - 2014-02-09 13:32 - 00688992 ____R (Swearware) C:\Users\Hairball\Desktop\dds.com
2014-02-09 12:55 - 2014-02-09 12:55 - 00000000 ____D () C:\Users\Hairball\AppData\Roaming\Malwarebytes
2014-02-09 12:55 - 2014-02-09 12:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-09 12:55 - 2014-02-09 12:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-09 12:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-09 12:52 - 2014-02-09 12:52 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Hairball\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-09 12:07 - 2014-02-09 12:07 - 00010721 _____ () C:\Users\Hairball\Downloads\testfile.com
2014-02-09 12:06 - 2014-02-09 12:07 - 24859352 _____ (Microsoft Corporation) C:\Users\Hairball\Downloads\Windows-KB890830-x64-V5.8.exe
2014-02-09 12:03 - 2014-02-09 12:04 - 12217544 _____ (OPSWAT, Inc.) C:\Users\Hairball\Downloads\AppRemover.exe
2014-02-05 23:05 - 2014-02-05 23:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-01 11:23 - 2014-02-01 11:23 - 00645729 _____ (WDS Team) C:\Users\Hairball\Downloads\windirstat1_1_2_setup.exe
2014-02-01 11:23 - 2014-02-01 11:23 - 00000000 ____D () C:\Users\Hairball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2014-02-01 11:23 - 2014-02-01 11:23 - 00000000 ____D () C:\Program Files (x86)\WinDirStat
2014-01-30 08:30 - 2014-01-30 08:30 - 00000000 ____D () C:\Program Files (x86)\Evernote
2014-01-23 16:16 - 2014-01-23 16:18 - 54900736 _____ () C:\Users\Hairball\Downloads\FOF7Install.msi
2014-01-13 21:15 - 2014-01-17 14:43 - 00013320 _____ () C:\Users\Hairball\Documents\TTA Plans.ods

==================== One Month Modified Files and Folders =======

2014-02-11 19:44 - 2014-02-11 19:43 - 00030340 _____ () C:\Users\Hairball\Downloads\FRST.txt
2014-02-11 19:43 - 2014-02-11 19:43 - 00000000 ____D () C:\FRST
2014-02-11 19:42 - 2006-11-02 10:22 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-11 19:42 - 2006-11-02 10:22 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-11 19:40 - 2014-02-11 19:40 - 02151424 _____ (Farbar) C:\Users\Hairball\Downloads\FRST64.exe
2014-02-11 19:38 - 2006-10-10 17:27 - 01905971 _____ () C:\Windows\WindowsUpdate.log
2014-02-11 19:32 - 2010-02-08 11:30 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2537762183-2906929975-913101168-1000UA.job
2014-02-11 19:30 - 2013-07-03 13:24 - 00000000 ____D () C:\Users\Hairball\AppData\Roaming\EgnyteLocalCloud
2014-02-11 19:28 - 2012-04-02 09:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-11 18:32 - 2010-02-08 11:30 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2537762183-2906929975-913101168-1000Core.job
2014-02-11 16:20 - 2010-01-03 14:12 - 00004068 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{17F8435C-9AE6-464A-A0CC-3EEF04119937}
2014-02-11 16:20 - 2010-01-03 14:12 - 00000436 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{17F8435C-9AE6-464A-A0CC-3EEF04119937}.job
2014-02-11 15:06 - 2009-10-21 08:35 - 00000000 ____D () C:\Users\Hairball\Documents\Business
2014-02-11 14:15 - 2009-10-22 13:04 - 00000000 ____D () C:\Users\Hairball\AppData\Roaming\mIRC
2014-02-11 14:12 - 2009-04-02 03:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-11 14:10 - 2009-10-22 13:04 - 00000000 ____D () C:\Program Files (x86)\mIRC
2014-02-11 13:44 - 2009-10-20 23:01 - 00000000 ____D () C:\Users\Hairball\AppData\Local\Digsby
2014-02-11 13:42 - 2009-10-22 22:28 - 00003817 ___SH () C:\Windows\SysWOW64\mmf.sys
2014-02-11 13:42 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-11 13:41 - 2006-11-02 10:42 - 00032628 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-11 10:59 - 2014-02-11 10:56 - 00000000 ____D () C:\AdwCleaner
2014-02-11 10:55 - 2010-03-17 13:04 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-02-11 10:22 - 2014-02-11 10:22 - 01166132 _____ () C:\Users\Hairball\Downloads\AdwCleaner.exe
2014-02-11 09:08 - 2014-02-11 09:08 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-02-11 09:08 - 2014-02-11 09:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-02-11 09:08 - 2011-01-31 10:43 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-02-11 09:05 - 2014-02-11 09:04 - 13670584 _____ (Microsoft Corporation) C:\Users\Hairball\Downloads\mseinstall.exe
2014-02-11 09:04 - 2014-02-11 09:04 - 00001212 _____ () C:\FixitRegBackup.reg
2014-02-11 09:03 - 2014-02-11 09:03 - 00899584 _____ () C:\Users\Hairball\Downloads\MicrosoftFixit50535.msi
2014-02-11 08:08 - 2011-12-26 21:22 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-02-10 23:07 - 2008-01-20 22:26 - 00625898 _____ () C:\Windows\PFRO.log
2014-02-10 22:19 - 2014-02-10 22:19 - 00027019 _____ () C:\ComboFix.txt
2014-02-10 22:19 - 2014-02-10 21:54 - 00000000 ____D () C:\Qoobox
2014-02-10 22:19 - 2006-11-02 08:33 - 00000000 __RHD () C:\Users\Default
2014-02-10 22:17 - 2014-02-10 21:54 - 00000000 ____D () C:\Windows\erdnt
2014-02-10 22:16 - 2006-11-02 07:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-10 22:10 - 2014-02-10 22:10 - 00000000 ____D () C:\Users\Hairball\AppData\Local\CrashDumps
2014-02-10 21:43 - 2014-02-10 21:43 - 05180173 ____R (Swearware) C:\Users\Hairball\Desktop\ComboFix.exe
2014-02-10 21:11 - 2014-02-10 21:11 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Hairball\Downloads\tdsskiller.exe
2014-02-10 18:27 - 2010-02-08 11:30 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2537762183-2906929975-913101168-1000UA
2014-02-10 18:27 - 2010-02-08 11:30 - 00003504 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2537762183-2906929975-913101168-1000Core
2014-02-10 17:58 - 2014-02-10 16:47 - 00000000 ____D () C:\Users\Hairball\Desktop\RK_Quarantine
2014-02-10 16:47 - 2014-02-10 16:46 - 04403200 _____ () C:\Users\Hairball\Downloads\RogueKillerX64.exe
2014-02-10 16:46 - 2014-02-10 16:46 - 03809792 _____ () C:\Users\Hairball\Downloads\RogueKiller.exe
2014-02-10 15:59 - 2014-02-10 15:59 - 00009119 _____ () C:\Users\Hairball\Desktop\attach.txt
2014-02-10 15:58 - 2014-02-10 15:59 - 00019357 _____ () C:\Users\Hairball\Desktop\dds.txt
2014-02-09 13:32 - 2014-02-09 13:32 - 00688992 ____R (Swearware) C:\Users\Hairball\Desktop\dds.com
2014-02-09 12:55 - 2014-02-09 12:55 - 00000000 ____D () C:\Users\Hairball\AppData\Roaming\Malwarebytes
2014-02-09 12:55 - 2014-02-09 12:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-09 12:55 - 2014-02-09 12:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-09 12:52 - 2014-02-09 12:52 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Hairball\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-09 12:07 - 2014-02-09 12:07 - 00010721 _____ () C:\Users\Hairball\Downloads\testfile.com
2014-02-09 12:07 - 2014-02-09 12:06 - 24859352 _____ (Microsoft Corporation) C:\Users\Hairball\Downloads\Windows-KB890830-x64-V5.8.exe
2014-02-09 12:04 - 2014-02-09 12:03 - 12217544 _____ (OPSWAT, Inc.) C:\Users\Hairball\Downloads\AppRemover.exe
2014-02-09 11:59 - 2006-11-02 07:46 - 00782972 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-09 11:57 - 2010-09-04 19:50 - 00761544 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-09 11:40 - 2012-05-03 08:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-08 06:26 - 2009-10-20 22:44 - 00000000 ____D () C:\Users\Hairball\AppData\Roaming\Mozilla
2014-02-06 09:42 - 2009-10-22 22:42 - 00000000 ____D () C:\Users\Hairball\AppData\Roaming\BitTorrent
2014-02-05 23:06 - 2014-02-05 23:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-05 21:05 - 2009-10-20 23:42 - 00131072 _____ () C:\Users\Hairball\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-05 21:05 - 2006-11-02 07:34 - 00000260 _____ () C:\Windows\win.ini
2014-02-04 15:28 - 2012-04-02 09:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-04 15:28 - 2012-04-02 09:23 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-04 15:28 - 2011-05-27 21:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 15:06 - 2009-10-23 10:44 - 00000000 ____D () C:\Users\Hairball\AppData\Local\Adobe
2014-02-03 21:27 - 2010-02-08 11:31 - 00002095 _____ () C:\Users\Hairball\Desktop\Google Chrome.lnk
2014-02-01 15:59 - 2009-10-23 03:03 - 00000000 ____D () C:\Users\Hairball\Documents\Recording
2014-02-01 15:53 - 2010-05-03 21:22 - 00000000 ____D () C:\Windows\Minidump
2014-02-01 15:42 - 2010-01-08 10:39 - 00000000 ____D () C:\Program Files (x86)\MUSICMATCH
2014-02-01 15:42 - 2009-04-02 03:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-01 15:41 - 2013-01-14 19:03 - 00000000 ____D () C:\Program Files (x86)\SYSTAT 12
2014-02-01 15:41 - 2010-01-11 11:38 - 00000000 ____D () C:\Program Files (x86)\Crayon Physics Deluxe
2014-02-01 15:38 - 2013-03-20 12:55 - 00000000 ____D () C:\Program Files (x86)\GIMP-2.0
2014-02-01 15:38 - 2012-02-17 13:38 - 00000000 ____D () C:\Program Files (x86)\Europa Universalis
2014-02-01 14:40 - 2011-07-17 22:43 - 00000000 ____D () C:\Users\Hairball\AppData\Roaming\Spotify
2014-02-01 11:23 - 2014-02-01 11:23 - 00645729 _____ (WDS Team) C:\Users\Hairball\Downloads\windirstat1_1_2_setup.exe
2014-02-01 11:23 - 2014-02-01 11:23 - 00000000 ____D () C:\Users\Hairball\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2014-02-01 11:23 - 2014-02-01 11:23 - 00000000 ____D () C:\Program Files (x86)\WinDirStat
2014-02-01 10:33 - 2011-07-17 22:43 - 00000000 ____D () C:\Program Files (x86)\Spotify
2014-01-30 08:30 - 2014-01-30 08:30 - 00000000 ____D () C:\Program Files (x86)\Evernote
2014-01-28 10:39 - 2011-07-17 22:43 - 00000000 ____D () C:\Users\Hairball\AppData\Local\Spotify
2014-01-27 08:23 - 2009-10-21 01:01 - 00120723 _____ () C:\Users\Hairball\Documents\Reading List.html
2014-01-23 16:18 - 2014-01-23 16:16 - 54900736 _____ () C:\Users\Hairball\Downloads\FOF7Install.msi
2014-01-22 14:55 - 2009-12-05 21:09 - 00000000 ____D () C:\Users\Hairball\Documents\Schoolhouse
2014-01-22 08:10 - 2011-12-26 21:21 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-01-22 08:08 - 2011-12-26 21:22 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-01-22 08:08 - 2011-12-26 21:22 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-01-22 08:08 - 2011-12-26 21:22 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-01-21 11:55 - 2009-10-21 08:35 - 00000000 ____D () C:\Users\Hairball\Documents\Football
2014-01-19 11:23 - 2006-11-02 10:27 - 00053820 _____ () C:\Windows\setupact.log
2014-01-19 02:33 - 2009-10-20 21:18 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-17 14:43 - 2014-01-13 21:15 - 00013320 _____ () C:\Users\Hairball\Documents\TTA Plans.ods
2014-01-15 03:06 - 2013-08-05 02:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-13 21:15 - 2009-10-27 10:31 - 00000000 ____D () C:\Program Files (x86)\Trillian

Some content of TEMP:
====================
C:\Users\Hairball\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-11 13:50

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.