Jump to content

Multiple dllhost.exe and ieplorer.exe running


Recommended Posts

I am experiencing a problem with multiple dllhost.exe /  COM Surrogates running on my computer.  They will start running as soon as my computer is turned on, If I have an active internet connection.  Without the connection they seem to become inactive. They keep piling up until I run out of memory and the computer blue screens.  I also have multiple iexplorers running in the background without opening windows.  

 

 

I have run multiple Anti-virus/Spybot/Malware but can not seem to get it off my computer.

 

At this point I don't know if it's a virus, a process or what.

 

Please Help!

 

As you are helping if you could give me a very basic rundown of what's going on with the computer as we step through the process that would be appreciated as well.

 

Thanks.

 

Reports below

 

======================

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume3

Install Date: 12/10/2009 11:01:43 PM

System Uptime: 2/16/2014 3:11:09 PM (0 hours ago)

.

Motherboard: DELL Inc. |  | 0X501H

Processor: Intel® Core i7 CPU         920  @ 2.67GHz | CPU 1 | 2641/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 581 GiB total, 159.096 GiB free.

D: is FIXED (NTFS) - 1863 GiB total, 1478.643 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP720: 2/13/2014 3:00:12 AM - Windows Update

RP721: 2/15/2014 12:11:13 PM - Removed Apple Application Support

RP722: 2/15/2014 12:13:02 PM - Removed Apple Software Update

RP723: 2/15/2014 12:15:20 PM - Removed Digital Voice Editor 3

RP724: 2/15/2014 12:18:05 PM - Removed Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

RP725: 2/15/2014 6:40:29 PM - Malwarebytes Anti-Rootkit Restore Point

.

==== Installed Programs ======================

.

 Update for Microsoft Office 2007 (KB2508958)

A Virus Named TOM

Acrobat.com

Adobe AIR

Adobe Download Assistant

Adobe Download Manager

Adobe Flash Player 12 ActiveX

Adobe Flash Player 12 Plugin

Adobe Reader XI (11.0.03)

Adobe Shockwave Player 11.5

Amazon Kindle

AMD Catalyst Install Manager

AMD Media Foundation Decoders

Amnesia: The Dark Descent

APC PowerChute Personal Edition

Braid

Brother HL-2170W

Catalyst Control Center InstallProxy

Cave Story+

CCleaner

Choice Guard

Closure

Cogs

Company of Heroes: Tales of Valor

Compatibility Pack for the 2007 Office system

Creative Audio Control Panel

Creative Software AutoUpdate

Creative Sound Blaster Properties x64 Edition

Darksiders

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell Dock

Dell Getting Started Guide

Dungeon Defenders

Faerie Solitaire

FTL: Faster Than Light

Google Chrome

Google Update Helper

Handbrake 6021 Nightly

ICatch (VI) PC Camera

Indie Game: The Movie

InstallIQ Updater

Intel® Rapid Storage Technology

Java 7 Update 6

Java 7 Update 6 (64-bit)

Java Auto Updater

Java 6 Update 13 (64-bit)

Java 6 Update 30

JDiskReport 1.4.0

Junk Mail filter update

Knoll Light Factory EZ Studio

Legend of Grimrock

LIMBO

Loadout

Lone Survivor

Magic Bullet Looks Studio

Malwarebytes Anti-Malware version 1.75.0.1300

Metro 2033

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106

Microsoft Works

Microsoft XML Parser

Microsoft XNA Framework Redistributable 4.0

Mortal Kombat Kollection

Mozilla Firefox (3.6.13)

MSVCRT

MSVCRT Redists

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA 3D Vision Controller Driver

NVIDIA 3D Vision Controller Driver 280.19

NVIDIA 3D Vision Driver 311.06

NVIDIA Control Panel 311.06

NVIDIA Graphics Driver 311.06

NVIDIA HD Audio Driver 1.2.23.3

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.10.0514

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.11.3

NVIDIA Update Components

Offspring Fling!

OpenAL

Opera 12.16

Pando Media Booster

Pinnacle Studio 14

Pinnacle Studio Ultimate Collection Plugins

PlanetSide 2

Platform

PowerDVD DX

Presto! ImageFolio 4.2

Presto! Mr. Photo

Presto! VideoWorks 4.5

Psychonauts

QuickTime

Realtek Ethernet Controller Driver

Red Faction: Armageddon

Red Giant ToonIt Studio

Red Orchestra 2: Heroes of Stalingrad

Red Orchestra 2: Heroes of Stalingrad Beta

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Safari

Saints Row: The Third

Scribblenauts Unlimited

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 

Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 

Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition 

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 

Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition 

SES Driver

Shank 2

Simple CSS 2.1

Snapshot

Sound Blaster Audigy

Source Filmmaker

Speccy

Spelling Dictionaries Support For Adobe Reader 9

Spybot - Search & Destroy

Star Trek Online

Steam

Super Meat Boy

Superbrothers: Sword & Sworcery EP

SureThing Express Labeler

System Requirements Lab CYRI

Team Fortress 2

The Basement Collection

The Binding of Isaac

Titan Quest

Trapcode 3DStroke Studio

Trapcode Particular Studio

Trapcode Shine Studio

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

US800 Audio Driver

VC 9.0 Runtime

Vectorian Giotto 3.0.0

VIA Platform Device Manager

VLC media player 1.1.7

Warhammer 40,000: Dawn of War - Game of the Year Edition

Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (03/06/2009 1.0.0008.0)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

ZoneAlarm Firewall

ZoneAlarm Free

ZoneAlarm Security

ZoneAlarm Toolbar

.

==== Event Viewer Messages From Past Week ========

.

2/9/2014 4:14:40 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the TrueVector Internet Monitor service to connect.

2/9/2014 4:14:40 PM, Error: Service Control Manager [7000]  - The TrueVector Internet Monitor service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

2/9/2014 10:45:41 PM, Error: VDS Basic Provider [1]  - Unexpected failure. Error code: D@01010004

2/16/2014 3:21:40 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.165.4162.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10201.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

2/16/2014 3:13:55 PM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

2/16/2014 3:13:55 PM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.

2/16/2014 3:11:38 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  US800_AA

2/16/2014 2:56:30 PM, Error: Service Control Manager [7023]  - The Windows Update service terminated with the following error:  %%-2147467243

2/16/2014 2:30:08 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.

2/16/2014 2:30:06 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

2/16/2014 2:30:06 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

2/16/2014 2:30:05 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

2/16/2014 2:30:05 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

2/16/2014 2:30:03 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2/16/2014 2:29:54 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

2/16/2014 2:29:49 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx US800_AA Vsdatant Wanarpv6 WfpLwf

2/16/2014 2:29:47 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.

2/16/2014 2:29:47 PM, Error: Service Control Manager [7001]  - The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error:  A device attached to the system is not functioning.

2/16/2014 2:29:47 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.

2/16/2014 2:29:47 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.

2/16/2014 2:29:47 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.

2/16/2014 2:29:47 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.

2/16/2014 2:29:47 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.

2/16/2014 2:29:47 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.

2/16/2014 2:29:47 PM, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.

2/16/2014 2:29:47 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.

2/16/2014 2:29:47 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.

2/16/2014 2:29:47 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.

2/16/2014 2:29:44 PM, Error: Service Control Manager [7001]  - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error:  The dependency service or group failed to start.

2/16/2014 2:28:26 PM, Error: Service Control Manager [7023]  - The Server service terminated with the following error:  A system shutdown is in progress.

2/16/2014 2:28:26 PM, Error: Service Control Manager [7023]  - The Security Center service terminated with the following error:  The authentication service is unknown.

2/16/2014 2:28:25 PM, Error: Service Control Manager [7023]  - The IPsec Policy Agent service terminated with the following error:  The authentication service is unknown.

2/15/2014 9:34:07 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

2/15/2014 9:34:07 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.

2/15/2014 12:17:58 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.165.4071.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10201.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

2/14/2014 10:59:10 AM, Error: Schannel [36888]  - The following fatal alert was generated: 10. The internal error state is 10.

2/12/2014 4:25:00 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {B77C4C36-0154-4C52-AB49-FAA03837E47F}  and APPID  {EA022610-0748-4C24-B229-6C507EBDFDBB}  to the user ThePotential\Joe SID (S-1-5-21-1729422405-4287447111-2701632377-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

2/12/2014 2:26:51 AM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for Start with the following error:  Access is denied.

2/12/2014 2:06:54 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8024002d: Security Update for Microsoft Works 9 (KB2754670).

2/12/2014 1:30:13 AM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

2/12/2014 1:23:06 AM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.

.

==== End Of File ===========================

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.6.2

Run by Joe at 15:44:42 on 2014-02-16

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.15351.12395 [GMT -6:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\atieclxx.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

C:\VIA_XHCI\usb3Monitor.exe

C:\Windows\System32\US800Pan.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\System32\regsvr32.exe

C:\Windows\Twain_32\CA561A\SnapDetect.exe

C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe

C:\Windows\SysWOW64\regsvr32.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Brownie\BrStsW64.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Joe\Desktop\ProcessExplorer\procexp.exe

C:\Users\Joe\AppData\Local\Temp\procexp64.exe

C:\Windows\syswow64\dllhost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Microsoft Security Client\MpCmdRun.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.


mWinlogon: Userinit = userinit.exe,

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

uRun: [uSmedia] regsvr32.exe C:\Users\Joe\AppData\Local\USmedia\diskWeb.dll

uRun: [CTRegRun] C:\Windows\CTRegRun.EXE

mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [brStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ICATCH~1.LNK - C:\Windows\Twain_32\CA561A\SnapDetect.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}








TCP: NameServer = 209.18.47.61 209.18.47.62 192.168.1.1

TCP: Interfaces\{3DD211B6-BE5E-4485-B3F0-972C156B6B70} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Notify: SDWinLogon - SDWinLogon.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

x64-Run: [VIAxHCUtl] C:\VIA_XHCI\usb3Monitor.exe

x64-Run: [uS800Pane] US800Pan.exe

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [iSW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"

x64-RunOnce: [DSUpdateLauncher] "c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat"




x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\is0zfuzo.default\

FF - prefs.js: browser.search.selectedEngine - Google



FF - prefs.js: network.proxy.type - 2

FF - component: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\is0zfuzo.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\npjpi170_06.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.id - e62ebf470000000000006cfdb922e7a9

FF - user.js: extensions.BabylonToolbar_i.hardId - e62ebf470000000000006cfdb922e7a9

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15374

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:19:21

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100486

FF - user.js: extensions.BabylonToolbar_i.babExt - 

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-25 55280]

R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/08/24 15:09:08];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-8-24 146928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-12-11 202752]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-24 13592]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-3 33672]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-11-3 827520]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 134944]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-1-26 3921880]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-1-26 1042272]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-1-26 171416]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-7-13 648432]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-15 349800]

R3 VUSB3HUB;VIA USB 3 Root Hub Service;C:\Windows\System32\drivers\ViaHub3.sys [2013-7-15 204800]

R3 xhcdrv;VIA USB eXtensible Host Controller Service;C:\Windows\System32\drivers\xhcdrv.sys [2013-7-15 256000]

S1 US800_AA;Service for US-800 Driver;C:\Windows\System32\drivers\US800Drv.sys [2012-8-19 90208]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-12-16 93712]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-7-15 79360]

S3 ICDUSB3;ICDUSB3;C:\Windows\System32\drivers\ICDUSB3.sys [2010-1-7 13312]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]

S3 MRV6X64P;Vista 64-bits Native WiFi Driver;C:\Windows\System32\drivers\MRVW13C.sys [2007-5-3 244736]

S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]

S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\System32\drivers\Rtnic64.sys [2009-6-10 51712]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]

S3 US800_01;Service for US800 WDM;C:\Windows\System32\drivers\US800Wdm.sys [2012-8-19 36960]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-5 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

.

=============== Created Last 30 ================

.

2014-02-16 00:26:13 119000 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2014-02-15 18:22:07 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{78766EA0-F4F0-44A9-8E4A-F8D342965F5E}\mpengine.dll

2014-02-14 09:33:52 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-02-13 09:00:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2014-02-12 22:39:47 -------- d-----w- C:\Program Files (x86)\Handbrake

2014-02-12 09:58:01 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-02-12 08:44:35 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2014-02-12 08:26:51 -------- d-----w- C:\Windows\pss

2014-02-12 08:09:41 -------- d-----w- C:\Windows\Migration

2014-02-12 07:41:46 -------- d-sh--w- C:\found.000

2014-02-12 07:23:50 -------- d-----w- C:\Program Files\CCleaner

2014-02-10 04:37:51 -------- d-----w- C:\ProgramData\Package Cache

2014-02-10 04:37:09 -------- d-----w- C:\Program Files (x86)\Seagate

2014-02-01 08:07:23 -------- d-----w- C:\Users\Joe\AppData\Local\EdgeOfReality

2014-01-27 00:25:17 -------- d-----w- C:\Users\Joe\AppData\Roaming\Malwarebytes

2014-01-27 00:25:06 -------- d-----w- C:\ProgramData\Malwarebytes

2014-01-27 00:25:05 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2014-01-27 00:25:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-27 00:18:10 21040 ----a-w- C:\Windows\System32\sdnclean64.exe

2014-01-27 00:18:04 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2014-01-27 00:17:48 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-01-27 00:17:22 -------- d-----w- C:\Users\Joe\AppData\Local\Programs

2014-01-24 19:17:17 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9E2D613B-D405-4DBE-BEFC-7B80E8B1E348}\gapaengine.dll

.

==================== Find3M  ====================

.

2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll

2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll

2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll

2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll

2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll

2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl

2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll

2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll

2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll

2014-02-05 18:27:18 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-02-05 18:27:18 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe

2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll

2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll

2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll

2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll

2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll

2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll

2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll

2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll

2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll

2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll

2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe

2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe

2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe

2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe

2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll

2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll

2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll

2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll

2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll

2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe

2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe

2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe

2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe

2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys

2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys

2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys

2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys

2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys

2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll

2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-11-22 22:48:21 3928064 ----a-w- C:\Windows\System32\d2d1.dll

2010-03-31 17:36:24 81920 ----a-w- C:\Program Files\devcon_amd64.exe

.

============= FINISH: 15:45:11.51 ===============

 

Link to post
Share on other sites

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------

Link to post
Share on other sites

LlJESjW.jpgMalwarebytes Anti-Rootkit
 
Please download Malwarebytes Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
  • If malware is found, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.

If there is no malware found, please let me know as well.
----------
 

81mYIKe.jpg  AdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------

Link to post
Share on other sites

Ok Ran both. I have not yet hit clean on either yet.

 

 

MBar Report

 

======================

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
 
Database version: v2013.10.02.12
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Joe :: THEPOTENTIAL [administrator]
 
2/15/2014 6:26:18 PM
mbar-log-2014-02-15 (18-26-18).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 261756
Time elapsed: 13 minute(s), 15 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Hijack.SHELL32) -> Bad: (\\?\globalroot\Device\HarddiskVolume3\Users\Joe\AppData\Local\Temp\squnfnj\slcibrq\wow.dll) Good: (SHELL32.dll) -> Replace on reboot.
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
ADW  Report
=================================================================================
# AdwCleaner v3.018 - Report created 16/02/2014 at 20:44:37
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Joe - THEPOTENTIAL
# Running from : C:\Users\Joe\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
File Found : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\is0zfuzo.default\searchplugins\Askcom.xml
File Found : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\is0zfuzo.default\user.js
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\Premium
Folder Found C:\Users\Joe\AppData\Local\Babylon
Folder Found C:\Users\Joe\AppData\Local\PackageAware
Folder Found C:\Users\Joe\AppData\LocalLow\Conduit
Folder Found C:\Users\Joe\AppData\Roaming\Babylon
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Zugo
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\Headlight
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Zugo
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2611275
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Mozilla Firefox v3.6.13 (en-US)
 
[ File : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\is0zfuzo.default\prefs.js ]
 
Line Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Line Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Line Found : user_pref("extensions.BabylonToolbar.admin", false);
Line Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Found : user_pref("extensions.BabylonToolbar.babExt", "");
Line Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=100486");
Line Found : user_pref("extensions.BabylonToolbar.bbDpng", 4);
Line Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Found : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Line Found : user_pref("extensions.BabylonToolbar.hmpg", true);
Line Found : user_pref("extensions.BabylonToolbar.id", "e62ebf470000000000006cfdb922e7a9");
Line Found : user_pref("extensions.BabylonToolbar.instlDay", "15374");
Line Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Found : user_pref("extensions.BabylonToolbar.lastDP", 4);
Line Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1719:19:21");
Line Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
Line Found : user_pref("extensions.BabylonToolbar.newTab", true);
Line Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Line Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Found : user_pref("extensions.BabylonToolbar.propectorlck", 74735405);
Line Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Line Found : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Line Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Line Found : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Line Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Line Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1719:19:21");
Line Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Line Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100486");
Line Found : user_pref("extensions.BabylonToolbar_i.hardId", "e62ebf470000000000006cfdb922e7a9");
Line Found : user_pref("extensions.BabylonToolbar_i.id", "e62ebf470000000000006cfdb922e7a9");
Line Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15374");
Line Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:19:21");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
 
-\\ Google Chrome v32.0.1700.107
 
[ File : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [9303 octets] - [16/02/2014 20:44:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9363 octets] ##########
 
Link to post
Share on other sites

ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
Link to post
Share on other sites

While trying to download Combo fix I accidentally downloaded something else (Ad - Fake Download Button)

I don't think I installed it but I'm not positive.  I cancelled it as it started to load. I then deleted (sent to recycle bin) the fake download setup.  Sorry.

 

 

 

 

Combo Fix Log

 

ComboFix 14-02-16.01 - Joe 02/17/2014  16:22:13.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.15351.10708 [GMT -6:00]
Running from: c:\users\Joe\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: ZoneAlarm Free Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Joe\1024634.exe
c:\users\Joe\AppData\Local\._Revolution_
D:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-17 to 2014-02-17  )))))))))))))))))))))))))))))))
.
.
2014-02-17 22:32 . 2014-02-17 22:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-17 22:32 . 2014-02-17 22:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-02-17 02:44 . 2014-02-17 02:45 -------- d-----w- C:\AdwCleaner
2014-02-16 00:26 . 2014-02-17 01:05 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-02-15 18:22 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78766EA0-F4F0-44A9-8E4A-F8D342965F5E}\mpengine.dll
2014-02-14 09:33 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-13 09:00 . 2014-02-06 11:06 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-02-12 22:39 . 2014-02-12 22:39 -------- d-----w- c:\program files (x86)\Handbrake
2014-02-12 09:58 . 2014-02-17 01:08 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-12 08:44 . 2014-02-17 01:04 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-12 08:09 . 2014-02-12 08:09 -------- d-----w- c:\windows\Migration
2014-02-12 07:41 . 2014-02-12 07:41 -------- d-----w- C:\found.000
2014-02-12 07:23 . 2014-02-12 07:23 -------- d-----w- c:\program files\CCleaner
2014-02-10 04:37 . 2014-02-10 04:37 -------- d-----w- c:\programdata\Package Cache
2014-02-10 04:37 . 2014-02-10 04:37 -------- d-----w- c:\program files (x86)\Seagate
2014-02-01 08:07 . 2014-02-01 08:07 -------- d-----w- c:\users\Joe\AppData\Local\EdgeOfReality
2014-01-27 00:25 . 2014-01-27 00:25 -------- d-----w- c:\users\Joe\AppData\Roaming\Malwarebytes
2014-01-27 00:25 . 2014-01-27 00:25 -------- d-----w- c:\programdata\Malwarebytes
2014-01-27 00:25 . 2014-02-12 00:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-01-27 00:25 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-27 00:18 . 2013-09-20 16:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-01-27 00:18 . 2014-02-17 22:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-01-27 00:17 . 2014-01-27 00:19 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-01-27 00:17 . 2014-01-27 00:17 -------- d-----w- c:\users\Joe\AppData\Local\Programs
2014-01-24 19:17 . 2013-10-18 03:56 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9E2D613B-D405-4DBE-BEFC-7B80E8B1E348}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-17 09:00 . 2010-01-12 22:23 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-16 20:46 . 2010-01-29 19:22 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2014-02-16 20:46 . 2010-08-24 20:04 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2014-02-16 20:45 . 2010-08-24 20:03 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-02-10 21:18 . 2010-01-08 04:25 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-02-10 21:18 . 2010-01-08 04:25 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-02-10 21:17 . 2011-04-13 12:52 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2014-02-05 18:27 . 2012-04-02 19:29 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-05 18:27 . 2011-05-19 19:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-19 07:33 . 2010-01-08 04:07 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-10 09:01 . 2013-12-10 09:01 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-10 09:01 . 2013-12-10 09:01 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-10 09:01 . 2013-12-10 09:01 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-10 09:01 . 2013-12-10 09:01 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-10 09:01 . 2013-12-10 09:01 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-10 09:01 . 2013-12-10 09:01 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-10 09:01 . 2013-12-10 09:01 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-10 09:01 . 2013-12-10 09:01 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-10 09:01 . 2013-12-10 09:01 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-10 09:01 . 2013-12-10 09:01 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-10 09:01 . 2013-12-10 09:01 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-10 09:01 . 2013-12-10 09:01 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-10 09:01 . 2013-12-10 09:01 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-10 09:01 . 2013-12-10 09:01 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-10 09:01 . 2013-12-10 09:01 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-10 09:01 . 2013-12-10 09:01 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-10 09:01 . 2013-12-10 09:01 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-10 09:01 . 2013-12-10 09:01 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-10 09:01 . 2013-12-10 09:01 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-10 09:01 . 2013-12-10 09:01 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-10 09:01 . 2013-12-10 09:01 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-10 09:01 . 2013-12-10 09:01 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-10 09:01 . 2013-12-10 09:01 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-10 09:01 . 2013-12-10 09:01 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-10 09:01 . 2013-12-10 09:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-10 09:01 . 2013-12-10 09:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-10 09:01 . 2013-12-10 09:01 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-10 09:01 . 2013-12-10 09:01 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-10 09:01 . 2013-12-10 09:01 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-10 09:01 . 2013-12-10 09:01 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-10 09:01 . 2013-12-10 09:01 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-10 09:01 . 2013-12-10 09:01 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-10 09:01 . 2013-12-10 09:01 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-10 09:01 . 2013-12-10 09:01 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-10 09:01 . 2013-12-10 09:01 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-10 09:01 . 2013-12-10 09:01 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-10 09:01 . 2013-12-10 09:01 413696 ----a-w- c:\windows\system32\html.iec
2013-12-10 09:01 . 2013-12-10 09:01 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-10 09:01 . 2013-12-10 09:01 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-10 09:01 . 2013-12-10 09:01 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-10 09:01 . 2013-12-10 09:01 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-10 09:01 . 2013-12-10 09:01 235520 ----a-w- c:\windows\system32\url.dll
2013-12-10 09:01 . 2013-12-10 09:01 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-10 09:01 . 2013-12-10 09:01 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-10 09:01 . 2013-12-10 09:01 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-10 09:01 . 2013-12-10 09:01 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-10 09:01 . 2013-12-10 09:01 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-10 09:01 . 2013-12-10 09:01 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-10 09:01 . 2013-12-10 09:01 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-10 09:01 . 2013-12-10 09:01 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-10 09:01 . 2013-12-10 09:01 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-10 09:01 . 2013-12-10 09:01 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-27 01:41 . 2014-01-15 17:43 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:41 . 2014-01-15 17:43 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:41 . 2014-01-15 17:43 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:41 . 2014-01-15 17:43 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:41 . 2014-01-15 17:43 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:41 . 2014-01-15 17:43 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:41 . 2014-01-15 17:43 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-26 11:40 . 2014-01-15 17:43 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2013-11-26 10:32 . 2014-01-15 17:43 3156480 ----a-w- c:\windows\system32\win32k.sys
2013-11-23 18:26 . 2013-12-11 19:29 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 19:29 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2010-03-31 17:36 . 2010-03-31 17:36 81920 ----a-w- c:\program files\devcon_amd64.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USmedia"="c:\users\Joe\AppData\Local\USmedia\diskWeb.dll" [2014-01-03 26624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-10 73360]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2011-07-18 421888]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-09-15 140520]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2008-01-08 963072]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-09-28 560128]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-07-16 165104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\APC PowerChute Personal Edition\Display.exe [2009-8-25 267520]
Icatch(VI) SnapDetect.lnk - c:\windows\Twain_32\CA561A\SnapDetect.exe [2010-3-24 65536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 lhpikhsv;lhpikhsv;c:\windows\system32\drivers\lhpikhsv.sys;c:\windows\SYSNATIVE\drivers\lhpikhsv.sys [x]
R1 US800_AA;Service for US-800 Driver;c:\windows\system32\DRIVERS\US800Drv.sys;c:\windows\SYSNATIVE\DRIVERS\US800Drv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 ICDUSB3;ICDUSB3;c:\windows\system32\Drivers\ICDUSB3.sys;c:\windows\SYSNATIVE\Drivers\ICDUSB3.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MRV6X64P;Vista 64-bits Native WiFi Driver;c:\windows\system32\DRIVERS\MRVW13C.sys;c:\windows\SYSNATIVE\DRIVERS\MRVW13C.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 US800_01;Service for US800 WDM;c:\windows\system32\DRIVERS\US800Wdm.sys;c:\windows\SYSNATIVE\DRIVERS\US800Wdm.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/08/24 15:09];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl;c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\SftService.exe;c:\program files (x86)\Dell DataSafe Local Backup\SftService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMCHAMELEON
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ   nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 03:44 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:27]
.
2014-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 02:37]
.
2014-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 02:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIAxHCUtl"="c:\via_xhci\usb3Monitor.exe" [2011-07-12 331776]
"US800Pane"="US800Pan.exe" [2010-07-13 1796192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat" [2009-03-09 374]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\is0zfuzo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 2
FF - user.js: extensions.BabylonToolbar_i.id - e62ebf470000000000006cfdb922e7a9
FF - user.js: extensions.BabylonToolbar_i.hardId - e62ebf470000000000006cfdb922e7a9
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15374
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:19
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100486
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-CTRegRun - c:\windows\CTRegRun.EXE
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-ISW - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Intel® Integrated Performance Primitives 1.1 - c:\windows\system32\UninstIPP.isu
AddRemove-Knoll Light Factory EZ Studio - c:\windows\unvise32.exe
AddRemove-Magic Bullet Looks Studio - c:\windows\unvise32.exe
AddRemove-Red Giant ToonIt Studio - c:\windows\unvise32.exe
AddRemove-Star Trek Online - c:\users\Joe\Desktop\Games\Cryptic Studios\Uninstall Star Trek Online.exe
AddRemove-Trapcode 3DStroke Studio - c:\windows\unvise32.exe
AddRemove-Trapcode Particular Studio - c:\windows\unvise32.exe
AddRemove-Trapcode Shine Studio - c:\windows\unvise32.exe
AddRemove-US800 Audio Driver Setup - c:\program files (x86)\TASCAM\US800\uninst.exe Software\TASCAM\US800\Setup
AddRemove-{2460923D-1AA6-47FE-A375-76308780D20F} - c:\program files (x86)\InstallShield Installation Information\{2460923D-1AA6-47FE-A375-76308780D20F}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-17  16:35:00
ComboFix-quarantined-files.txt  2014-02-17 22:35
.
Pre-Run: 166,530,494,464 bytes free
Post-Run: 166,369,710,080 bytes free
.
- - End Of File - - 46569F13971067B81623557A89AE6A21
Link to post
Share on other sites

Hi,
 
I am sure you are fine.   :)
 
81mYIKe.jpg  AdwCleaner
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------
 
Post the new log and let me know how your system is running now.   :)

Link to post
Share on other sites

I ran ADW and cleaned. So far I am not having any problems

 

# AdwCleaner v3.018 - Report created 18/02/2014 at 09:11:55
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Joe - THEPOTENTIAL
# Running from : C:\Users\Joe\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\Joe\AppData\Local\Babylon
Folder Deleted : C:\Users\Joe\AppData\Local\PackageAware
Folder Deleted : C:\Users\Joe\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Joe\AppData\Roaming\Babylon
File Deleted : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\is0zfuzo.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\is0zfuzo.default\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2611275
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Mozilla Firefox v3.6.13 (en-US)
 
[ File : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\is0zfuzo.default\prefs.js ]
 
Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Line Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=100486");
Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 4);
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "e62ebf470000000000006cfdb922e7a9");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15374");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.lastDP", 4);
Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1719:19:21");
Line Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
Line Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 74735405);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1719:19:21");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100486");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "e62ebf470000000000006cfdb922e7a9");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "e62ebf470000000000006cfdb922e7a9");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15374");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:19:21");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
 
-\\ Google Chrome v32.0.1700.107
 
[ File : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [9483 octets] - [16/02/2014 20:44:37]
AdwCleaner[R1].txt - [9176 octets] - [18/02/2014 09:07:43]
AdwCleaner[s0].txt - [8872 octets] - [18/02/2014 09:11:55]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8932 octets] ##########
Link to post
Share on other sites

When I run Combofix, it gets to Completed 4 stage and then freezes. I have run it several times, and I have let it run for several hours, but it won't move past that point.  All of my Anti-virus programs have been turned off. Also, I do have a few iexplorer programs still running in the background, but I have not had a dllhost issue.

Link to post
Share on other sites

Ok I was able to get it to run. However in safemode it told me that Microsoft SE & Spybot were on, when I know that they were not. 

 

ComboFix 14-02-18.01 - Joe 02/19/2014  13:25:09.5.8 - x64 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.15351.13274 [GMT -6:00]
Running from: c:\users\Joe\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\is0zfuzo.default\searchplugins\bing-zugo.xml
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-19 to 2014-02-19  )))))))))))))))))))))))))))))))
.
.
2014-02-19 20:06 . 2014-02-19 20:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-02-19 20:06 . 2014-02-19 20:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-19 15:28 . 2014-02-19 19:21 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{84B982B8-8910-4335-A3B0-9A35B6A30D17}\offreg.dll
2014-02-19 15:27 . 2013-10-18 03:56 965000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{006D1476-D394-4EBA-BE26-C3D45F1CAEA0}\gapaengine.dll
2014-02-19 15:27 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{84B982B8-8910-4335-A3B0-9A35B6A30D17}\mpengine.dll
2014-02-19 03:32 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-17 02:44 . 2014-02-18 15:11 -------- d-----w- C:\AdwCleaner
2014-02-16 00:26 . 2014-02-17 01:05 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-02-13 09:00 . 2014-02-06 11:06 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-02-12 22:39 . 2014-02-12 22:39 -------- d-----w- c:\program files (x86)\Handbrake
2014-02-12 09:58 . 2014-02-18 15:07 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-12 08:44 . 2014-02-17 01:04 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-12 08:09 . 2014-02-12 08:09 -------- d-----w- c:\windows\Migration
2014-02-12 07:41 . 2014-02-12 07:41 -------- d-----w- C:\found.000
2014-02-12 07:23 . 2014-02-12 07:23 -------- d-----w- c:\program files\CCleaner
2014-02-10 04:37 . 2014-02-10 04:37 -------- d-----w- c:\programdata\Package Cache
2014-02-10 04:37 . 2014-02-10 04:37 -------- d-----w- c:\program files (x86)\Seagate
2014-02-01 08:07 . 2014-02-01 08:07 -------- d-----w- c:\users\Joe\AppData\Local\EdgeOfReality
2014-01-27 00:25 . 2014-01-27 00:25 -------- d-----w- c:\users\Joe\AppData\Roaming\Malwarebytes
2014-01-27 00:25 . 2014-01-27 00:25 -------- d-----w- c:\programdata\Malwarebytes
2014-01-27 00:25 . 2014-02-12 00:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-01-27 00:25 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-27 00:18 . 2013-09-20 16:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-01-27 00:18 . 2014-02-17 22:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-01-27 00:17 . 2014-01-27 00:19 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-01-27 00:17 . 2014-01-27 00:17 -------- d-----w- c:\users\Joe\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-18 15:38 . 2010-01-08 04:25 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-02-18 15:38 . 2010-01-08 04:25 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-02-18 15:38 . 2011-04-13 12:52 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2014-02-18 15:37 . 2010-01-08 04:25 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-02-17 09:00 . 2010-01-12 22:23 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-16 20:46 . 2010-01-29 19:22 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2014-02-16 20:46 . 2010-08-24 20:04 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2014-02-16 20:45 . 2010-08-24 20:03 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-02-05 18:27 . 2012-04-02 19:29 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-05 18:27 . 2011-05-19 19:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-19 07:33 . 2010-01-08 04:07 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-10 09:01 . 2013-12-10 09:01 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-10 09:01 . 2013-12-10 09:01 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-10 09:01 . 2013-12-10 09:01 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-10 09:01 . 2013-12-10 09:01 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-10 09:01 . 2013-12-10 09:01 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-10 09:01 . 2013-12-10 09:01 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-10 09:01 . 2013-12-10 09:01 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-10 09:01 . 2013-12-10 09:01 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-10 09:01 . 2013-12-10 09:01 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-10 09:01 . 2013-12-10 09:01 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-10 09:01 . 2013-12-10 09:01 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-10 09:01 . 2013-12-10 09:01 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-10 09:01 . 2013-12-10 09:01 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-10 09:01 . 2013-12-10 09:01 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-10 09:01 . 2013-12-10 09:01 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-10 09:01 . 2013-12-10 09:01 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-10 09:01 . 2013-12-10 09:01 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-10 09:01 . 2013-12-10 09:01 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-10 09:01 . 2013-12-10 09:01 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-10 09:01 . 2013-12-10 09:01 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-10 09:01 . 2013-12-10 09:01 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-10 09:01 . 2013-12-10 09:01 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-10 09:01 . 2013-12-10 09:01 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-10 09:01 . 2013-12-10 09:01 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-10 09:01 . 2013-12-10 09:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-10 09:01 . 2013-12-10 09:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-10 09:01 . 2013-12-10 09:01 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-10 09:01 . 2013-12-10 09:01 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-10 09:01 . 2013-12-10 09:01 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-10 09:01 . 2013-12-10 09:01 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-10 09:01 . 2013-12-10 09:01 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-10 09:01 . 2013-12-10 09:01 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-10 09:01 . 2013-12-10 09:01 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-10 09:01 . 2013-12-10 09:01 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-10 09:01 . 2013-12-10 09:01 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-10 09:01 . 2013-12-10 09:01 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-10 09:01 . 2013-12-10 09:01 413696 ----a-w- c:\windows\system32\html.iec
2013-12-10 09:01 . 2013-12-10 09:01 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-10 09:01 . 2013-12-10 09:01 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-10 09:01 . 2013-12-10 09:01 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-10 09:01 . 2013-12-10 09:01 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-10 09:01 . 2013-12-10 09:01 235520 ----a-w- c:\windows\system32\url.dll
2013-12-10 09:01 . 2013-12-10 09:01 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-10 09:01 . 2013-12-10 09:01 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-10 09:01 . 2013-12-10 09:01 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-10 09:01 . 2013-12-10 09:01 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-10 09:01 . 2013-12-10 09:01 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-10 09:01 . 2013-12-10 09:01 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-10 09:01 . 2013-12-10 09:01 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-10 09:01 . 2013-12-10 09:01 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-10 09:01 . 2013-12-10 09:01 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-10 09:01 . 2013-12-10 09:01 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-27 01:41 . 2014-01-15 17:43 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:41 . 2014-01-15 17:43 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:41 . 2014-01-15 17:43 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:41 . 2014-01-15 17:43 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:41 . 2014-01-15 17:43 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:41 . 2014-01-15 17:43 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:41 . 2014-01-15 17:43 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-26 11:40 . 2014-01-15 17:43 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2013-11-26 10:32 . 2014-01-15 17:43 3156480 ----a-w- c:\windows\system32\win32k.sys
2013-11-23 18:26 . 2013-12-11 19:29 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 19:29 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2010-03-31 17:36 . 2010-03-31 17:36 81920 ----a-w- c:\program files\devcon_amd64.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USmedia"="c:\users\Joe\AppData\Local\USmedia\diskWeb.dll" [2014-01-03 26624]
"GameServer528"="c:\users\Joe\AppData\Roaming\GetRightToGo\WIN12CC.exe" [2014-02-19 154624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-10 73360]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2011-07-18 421888]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-09-15 140520]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2008-01-08 963072]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-09-28 560128]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-07-16 165104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\APC PowerChute Personal Edition\Display.exe [2009-8-25 267520]
Icatch(VI) SnapDetect.lnk - c:\windows\Twain_32\CA561A\SnapDetect.exe [2010-3-24 65536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 lhpikhsv;lhpikhsv;c:\windows\system32\drivers\lhpikhsv.sys;c:\windows\SYSNATIVE\drivers\lhpikhsv.sys [x]
R1 US800_AA;Service for US-800 Driver;c:\windows\system32\DRIVERS\US800Drv.sys;c:\windows\SYSNATIVE\DRIVERS\US800Drv.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\SftService.exe;c:\program files (x86)\Dell DataSafe Local Backup\SftService.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 ICDUSB3;ICDUSB3;c:\windows\system32\Drivers\ICDUSB3.sys;c:\windows\SYSNATIVE\Drivers\ICDUSB3.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MRV6X64P;Vista 64-bits Native WiFi Driver;c:\windows\system32\DRIVERS\MRVW13C.sys;c:\windows\SYSNATIVE\DRIVERS\MRVW13C.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 US800_01;Service for US800 WDM;c:\windows\system32\DRIVERS\US800Wdm.sys;c:\windows\SYSNATIVE\DRIVERS\US800Wdm.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ   nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 03:44 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:27]
.
2014-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 02:37]
.
2014-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 02:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIAxHCUtl"="c:\via_xhci\usb3Monitor.exe" [2011-07-12 331776]
"US800Pane"="US800Pan.exe" [2010-07-13 1796192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 1125504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat" [2009-03-09 374]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = localhost:21320
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\is0zfuzo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 2
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Intel® Integrated Performance Primitives 1.1 - c:\windows\system32\UninstIPP.isu
AddRemove-Knoll Light Factory EZ Studio - c:\windows\unvise32.exe
AddRemove-Magic Bullet Looks Studio - c:\windows\unvise32.exe
AddRemove-Red Giant ToonIt Studio - c:\windows\unvise32.exe
AddRemove-Star Trek Online - c:\users\Joe\Desktop\Games\Cryptic Studios\Uninstall Star Trek Online.exe
AddRemove-Trapcode 3DStroke Studio - c:\windows\unvise32.exe
AddRemove-Trapcode Particular Studio - c:\windows\unvise32.exe
AddRemove-Trapcode Shine Studio - c:\windows\unvise32.exe
AddRemove-US800 Audio Driver Setup - c:\program files (x86)\TASCAM\US800\uninst.exe Software\TASCAM\US800\Setup
AddRemove-{2460923D-1AA6-47FE-A375-76308780D20F} - c:\program files (x86)\InstallShield Installation Information\{2460923D-1AA6-47FE-A375-76308780D20F}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-19  14:08:24
ComboFix-quarantined-files.txt  2014-02-19 20:08
ComboFix2.txt  2014-02-17 22:35
.
Pre-Run: 156,192,571,392 bytes free
Post-Run: 158,168,207,360 bytes free
.
- - End Of File - - AB162B66A577CA15D3D1082EBAFCE0BF
Link to post
Share on other sites

Sorry for any delay....work, school exams and family have been hectic.   :)
 
Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
c:\windows\SYSNATIVE\drivers\lhpikhsv.sys
 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.
----------

Link to post
Share on other sites

Thanks for that.   :)
 
ComboFix

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::
     
    DDS::
    uInternet Settings,ProxyServer = localhost:21320

    File::
    c:\windows\SYSNATIVE\drivers\lhpikhsv.sys
     
    Folder::
    c:\users\Joe\AppData\Roaming\GetRightToGo
     
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GameServer528"=- 

    Driver::
    lhpikhsv
     

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
     
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

 

Post the new ComboFix log and let me know how your system is running now.  :)

Link to post
Share on other sites

Got it to run and post.  So far everything is looking quite good. I notice it seems like less runs on start-up. 

 

ComboFix 14-02-23.01 - Joe 02/23/2014  22:58:11.7.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.15351.12732 [GMT -6:00]
Running from: c:\users\Joe\Desktop\ComboFix.exe
Command switches used :: c:\users\Joe\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
FILE ::
"c:\windows\system32\drivers\lhpikhsv.sys"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Joe\AppData\Roaming\GetRightToGo
c:\users\Joe\AppData\Roaming\GetRightToGo\Download_DriverDetective-6.3.1.2.data
c:\users\Joe\AppData\Roaming\GetRightToGo\Studio_Ult_Col_14_Upg_en.data
c:\users\Joe\AppData\Roaming\GetRightToGo\Studio_Ult_Col_14_Upg_en.data0
c:\users\Joe\AppData\Roaming\GetRightToGo\WIN12CC.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_lhpikhsv
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-24 to 2014-02-24  )))))))))))))))))))))))))))))))
.
.
2014-02-24 06:27 . 2014-02-24 06:27 17858952 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-02-24 05:29 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{28053D57-ABE9-4F74-85E2-1B3B1B5F0B57}\mpengine.dll
2014-02-24 05:14 . 2014-02-24 05:14 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-02-24 05:14 . 2014-02-24 05:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-19 15:27 . 2013-10-18 03:56 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{006D1476-D394-4EBA-BE26-C3D45F1CAEA0}\gapaengine.dll
2014-02-19 15:27 . 2014-02-06 09:01 10536864 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-17 02:44 . 2014-02-18 15:11 -------- d-----w- C:\AdwCleaner
2014-02-16 00:26 . 2014-02-17 01:05 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-02-13 09:00 . 2014-02-06 11:06 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-02-12 22:39 . 2014-02-12 22:39 -------- d-----w- c:\program files (x86)\Handbrake
2014-02-12 09:58 . 2014-02-18 15:07 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-12 08:44 . 2014-02-17 01:04 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-12 08:09 . 2014-02-12 08:09 -------- d-----w- c:\windows\Migration
2014-02-12 07:41 . 2014-02-12 07:41 -------- d-----w- C:\found.000
2014-02-12 07:23 . 2014-02-12 07:23 -------- d-----w- c:\program files\CCleaner
2014-02-10 04:37 . 2014-02-10 04:37 -------- d-----w- c:\programdata\Package Cache
2014-02-10 04:37 . 2014-02-10 04:37 -------- d-----w- c:\program files (x86)\Seagate
2014-02-01 08:07 . 2014-02-01 08:07 -------- d-----w- c:\users\Joe\AppData\Local\EdgeOfReality
2014-01-27 00:25 . 2014-01-27 00:25 -------- d-----w- c:\users\Joe\AppData\Roaming\Malwarebytes
2014-01-27 00:25 . 2014-01-27 00:25 -------- d-----w- c:\programdata\Malwarebytes
2014-01-27 00:25 . 2014-02-12 00:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-01-27 00:25 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-27 00:18 . 2013-09-20 16:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-01-27 00:18 . 2014-02-17 22:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-01-27 00:17 . 2014-01-27 00:19 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-01-27 00:17 . 2014-01-27 00:17 -------- d-----w- c:\users\Joe\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-24 06:27 . 2012-04-02 19:29 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-24 06:27 . 2011-05-19 19:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-18 15:38 . 2010-01-08 04:25 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-02-18 15:38 . 2010-01-08 04:25 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-02-18 15:38 . 2011-04-13 12:52 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2014-02-18 15:37 . 2010-01-08 04:25 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-02-17 09:00 . 2010-01-12 22:23 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-16 20:46 . 2010-01-29 19:22 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2014-02-16 20:46 . 2010-08-24 20:04 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2014-02-16 20:45 . 2010-08-24 20:03 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-01-19 07:33 . 2010-01-08 04:07 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-10 09:01 . 2013-12-10 09:01 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-10 09:01 . 2013-12-10 09:01 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-10 09:01 . 2013-12-10 09:01 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-10 09:01 . 2013-12-10 09:01 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-10 09:01 . 2013-12-10 09:01 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-10 09:01 . 2013-12-10 09:01 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-10 09:01 . 2013-12-10 09:01 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-10 09:01 . 2013-12-10 09:01 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-10 09:01 . 2013-12-10 09:01 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-10 09:01 . 2013-12-10 09:01 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-10 09:01 . 2013-12-10 09:01 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-10 09:01 . 2013-12-10 09:01 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-10 09:01 . 2013-12-10 09:01 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-10 09:01 . 2013-12-10 09:01 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-10 09:01 . 2013-12-10 09:01 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-10 09:01 . 2013-12-10 09:01 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-10 09:01 . 2013-12-10 09:01 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-10 09:01 . 2013-12-10 09:01 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-10 09:01 . 2013-12-10 09:01 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-10 09:01 . 2013-12-10 09:01 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-10 09:01 . 2013-12-10 09:01 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-10 09:01 . 2013-12-10 09:01 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-10 09:01 . 2013-12-10 09:01 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-10 09:01 . 2013-12-10 09:01 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-10 09:01 . 2013-12-10 09:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-10 09:01 . 2013-12-10 09:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-10 09:01 . 2013-12-10 09:01 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-10 09:01 . 2013-12-10 09:01 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-10 09:01 . 2013-12-10 09:01 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-10 09:01 . 2013-12-10 09:01 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-10 09:01 . 2013-12-10 09:01 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-10 09:01 . 2013-12-10 09:01 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-10 09:01 . 2013-12-10 09:01 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-10 09:01 . 2013-12-10 09:01 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-10 09:01 . 2013-12-10 09:01 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-10 09:01 . 2013-12-10 09:01 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-10 09:01 . 2013-12-10 09:01 413696 ----a-w- c:\windows\system32\html.iec
2013-12-10 09:01 . 2013-12-10 09:01 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-10 09:01 . 2013-12-10 09:01 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-10 09:01 . 2013-12-10 09:01 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-10 09:01 . 2013-12-10 09:01 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-10 09:01 . 2013-12-10 09:01 235520 ----a-w- c:\windows\system32\url.dll
2013-12-10 09:01 . 2013-12-10 09:01 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-10 09:01 . 2013-12-10 09:01 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-10 09:01 . 2013-12-10 09:01 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-10 09:01 . 2013-12-10 09:01 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-10 09:01 . 2013-12-10 09:01 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-10 09:01 . 2013-12-10 09:01 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-10 09:01 . 2013-12-10 09:01 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-10 09:01 . 2013-12-10 09:01 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-10 09:01 . 2013-12-10 09:01 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-10 09:01 . 2013-12-10 09:01 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-27 01:41 . 2014-01-15 17:43 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:41 . 2014-01-15 17:43 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:41 . 2014-01-15 17:43 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:41 . 2014-01-15 17:43 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:41 . 2014-01-15 17:43 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:41 . 2014-01-15 17:43 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:41 . 2014-01-15 17:43 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-26 11:40 . 2014-01-15 17:43 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2013-11-26 10:32 . 2014-01-15 17:43 3156480 ----a-w- c:\windows\system32\win32k.sys
2010-03-31 17:36 . 2010-03-31 17:36 81920 ----a-w- c:\program files\devcon_amd64.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USmedia"="c:\users\Joe\AppData\Local\USmedia\diskWeb.dll" [2014-01-03 26624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-10 73360]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2011-07-18 421888]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-09-15 140520]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2008-01-08 963072]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-09-28 560128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\APC PowerChute Personal Edition\Display.exe [2009-8-25 267520]
Icatch(VI) SnapDetect.lnk - c:\windows\Twain_32\CA561A\SnapDetect.exe [2010-3-24 65536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 US800_AA;Service for US-800 Driver;c:\windows\system32\DRIVERS\US800Drv.sys;c:\windows\SYSNATIVE\DRIVERS\US800Drv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 ICDUSB3;ICDUSB3;c:\windows\system32\Drivers\ICDUSB3.sys;c:\windows\SYSNATIVE\Drivers\ICDUSB3.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MRV6X64P;Vista 64-bits Native WiFi Driver;c:\windows\system32\DRIVERS\MRVW13C.sys;c:\windows\SYSNATIVE\DRIVERS\MRVW13C.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 US800_01;Service for US800 WDM;c:\windows\system32\DRIVERS\US800Wdm.sys;c:\windows\SYSNATIVE\DRIVERS\US800Wdm.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/08/24 15:09];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl;c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\SftService.exe;c:\program files (x86)\Dell DataSafe Local Backup\SftService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ   nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-23 19:50 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 06:27]
.
2014-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 02:37]
.
2014-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 02:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIAxHCUtl"="c:\via_xhci\usb3Monitor.exe" [2011-07-12 331776]
"US800Pane"="US800Pan.exe" [2010-07-13 1796192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 1125504]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\is0zfuzo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 2
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Intel® Integrated Performance Primitives 1.1 - c:\windows\system32\UninstIPP.isu
AddRemove-Knoll Light Factory EZ Studio - c:\windows\unvise32.exe
AddRemove-Magic Bullet Looks Studio - c:\windows\unvise32.exe
AddRemove-Red Giant ToonIt Studio - c:\windows\unvise32.exe
AddRemove-Star Trek Online - c:\users\Joe\Desktop\Games\Cryptic Studios\Uninstall Star Trek Online.exe
AddRemove-Trapcode 3DStroke Studio - c:\windows\unvise32.exe
AddRemove-Trapcode Particular Studio - c:\windows\unvise32.exe
AddRemove-Trapcode Shine Studio - c:\windows\unvise32.exe
AddRemove-US800 Audio Driver Setup - c:\program files (x86)\TASCAM\US800\uninst.exe Software\TASCAM\US800\Setup
AddRemove-{2460923D-1AA6-47FE-A375-76308780D20F} - c:\program files (x86)\InstallShield Installation Information\{2460923D-1AA6-47FE-A375-76308780D20F}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
.
**************************************************************************
.
Completion time: 2014-02-24  01:37:50 - machine was rebooted
ComboFix-quarantined-files.txt  2014-02-24 07:37
ComboFix2.txt  2014-02-19 20:08
ComboFix3.txt  2014-02-17 22:35
.
Pre-Run: 166,292,099,072 bytes free
Post-Run: 165,170,089,984 bytes free
.
- - End Of File - - 8E8D0F0253A9A11D283BC273983E305C
Link to post
Share on other sites

Good...let's check for anything else hiding....
 
VBJ9QO9.jpgJava
 
Please go to Start > Control Panel > Programs and Features > uninstall all the Java Programs you see, now download the latest Java from the following link and install it:
 
http://java.com/en/download/index.jsp
----------
 
See this page for instructions on how to clear java's cache.
 
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Installed Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

----------
 

GUZVCQN.jpgMalwarebytes
 
Please open Malwarebytes, update it and then run a Quick Scan.  Save the log that is created for your next reply.
----------
 

ESET Online Scanner
 
Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------

Link to post
Share on other sites

Alright ran everything, so far everything is still looking pretty good.

 

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.02.24.08

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16518

Joe :: THEPOTENTIAL [administrator]

 

2/24/2014 1:45:37 PM

mbam-log-2014-02-24 (13-45-37).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 279657

Time elapsed: 11 minute(s), 37 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

ESET

 


C:\AdwCleaner\Quarantine\C\Users\Joe\AppData\Local\Babylon\Setup\BExternal.dll.vir a variant of Win32/Toolbar.Babylon.F potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Joe\AppData\Local\Babylon\Setup\IECookieLow.dll.vir a variant of Win32/Toolbar.Babylon.E potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Joe\AppData\Local\Babylon\Setup\Setup.exe.vir a variant of Win32/Toolbar.Babylon.H potentially unwanted application

C:\Program Files (x86)\CheckPoint\Install\CUninstaller.exe Win32/Toolbar.Conduit potentially unwanted application

C:\Program Files (x86)\CheckPoint\Install\Install.exe Win32/Toolbar.Conduit potentially unwanted application

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application

C:\Qoobox\Quarantine\C\Users\Joe\1024634.exe.vir a variant of Win32/Kryptik.BVGU trojan

C:\Users\Joe\AppData\Local\USmedia\diskWeb.dll a variant of Win32/Sefnit.CW trojan

C:\Users\Joe\Desktop\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\Joe\Desktop\Installs\Codec-V.exe Win32/InstallMate.A potentially unwanted application

C:\Users\Joe\Desktop\Installs\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

C:\Users\Joe\Desktop\Installs\spsetup117.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application

C:\Users\Joe\Desktop\Installs\spsetup120.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application

C:\Users\Joe\Desktop\Installs\zaSetupWeb_101_065_000.exe Win32/Toolbar.Conduit potentially unwanted application

Link to post
Share on other sites

ComboFix

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::
     
    File::
    C:\Program Files (x86)\CheckPoint\Install\CUninstaller.exe 
    C:\Program Files (x86)\CheckPoint\Install\Install.exe
    C:\Users\Joe\AppData\Local\USmedia\diskWeb.dll 
    C:\Users\Joe\Desktop\ccsetup410.exe 
    C:\Users\Joe\Desktop\Installs\Codec-V.exe 
    C:\Users\Joe\Desktop\Installs\CuteWriter.exe 
    C:\Users\Joe\Desktop\Installs\spsetup117.exe 
    C:\Users\Joe\Desktop\Installs\spsetup120.exe 
    C:\Users\Joe\Desktop\Installs\zaSetupWeb_101_065_000.exe

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
     
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
 
Post the new log and let me know what remaining malware problems you are having.   :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.