Jump to content

Can't install Malwarebytes because Maleware stopping it


Recommended Posts

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Uninstall Avast, it is counterproductive running two AV`s on your system.....

 

Next,

 

Read the following link before we continue and run Combofix:

ComboFix usage, Questions, Help? - Look here

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.infospyware.net/antimalware/combofix/

 

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

*EXTRA NOTES*

  •    
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
       
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
       
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)


Post those two logs in next reply please...

Kevin
 

 

Fixlist.txt

Link to post
Share on other sites

Following all of the steps. Here is the log. Thank you for your help. I don't know if it worked yet - but I have hope. 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-10-2014 02
Ran by Sandi at 2014-10-14 14:15:19 Run:1
Running from C:\Users\Sandi\Desktop
Loaded Profile: Sandi (Available profiles: Sandi)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
HKU\S-1-5-21-1202798352-640541576-699603743-1000\...\MountPoints2: {276e7aae-45cd-11e2-82ec-001fc66f9d3c} - E:\unlock.exe autoplay=true
HKU\S-1-5-21-1202798352-640541576-699603743-1000\...\MountPoints2: {ebd5ae93-1ea9-11e2-87c3-001fc66f9d3c} - F:\MI.exe
HKU\S-1-5-21-1202798352-640541576-699603743-1000\...\MountPoints2: {fa00c986-3a31-11e2-9183-001fc66f9d3c} - E:\LaunchU3.exe -a
C:\$Recycle.Bin\S-1-5-21-1202798352-640541576-699603743-1000\$a6c9cf38495df04812aae794c62035cc
C:\Users\Sandi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpeeoeux.dll
Task: {43007B75-AB72-4295-BBFD-9FED0E750361} - System32\Tasks\Run RoboForm Process => C:\Users\Sandi\AppData\Local\Temp\RoboForm\RoboTaskBarIcon.exe [2014-10-14] (Siber Systems) <==== ATTENTION
C:\Users\Sandi\AppData\Local\Temp\RoboForm
AlternateDataStreams: C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe:BDU
AlternateDataStreams: C:\Users\Sandi\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Sandi\Desktop\mbar-1.07.0.1012.exe.j85sjmx.partial:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\AdwCleaner.exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\adwcleaner_4.000.exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\avast_free_antivirus_setup_online.exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\camtasia.exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\chromeinstall-7u60.exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\chromeinstall-7u67.exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\DesktopUploader1.1.1.0.exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\Dropbox 2.4.4.exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\Evernote_5.0.1.1188.exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\g2m_download.exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\GeForce_Experience_v1.8.2.0.exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\googlecalendarsync_installer(1).exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\googlecalendarsync_installer(2).exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\GoogleCalendarSync_Installer(3).exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\GoogleCalendarSync_Installer(4).exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\googlecalendarsync_installer.exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\GoProStudioPC-2.0.1.319 (1).exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\GoProStudioPC-2.0.1.319.exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\install_flashplayer11x32axau_ltr5x64d_awc_aih (1).exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\install_flashplayer11x32axau_ltr5x64d_awc_aih.exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\install_reader11_en_mssd_awc_aih.exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\iTunes64Setup.exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\JRT.exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\jxpiinstall.exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\Lexmark_Pro800-Pro900_Series_C082511_00_FWUpdate(1).exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\LGS_8.53.154_x64_Logitech.exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\mbam-setup-2.0.3.1025 (1).exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\mbam-setup-2.0.3.1025.exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\mbam_premium.exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\rkill.exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\RoboForm-2Go-Setup (1).exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\RoboForm-2Go-Setup (2).exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\RoboForm-2Go-Setup (3).exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\RoboForm-2Go-Setup(1).exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\RoboForm-2Go-Setup(2).exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\RoboForm-Setup (1).exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\setup.exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\SkypeSetup.exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\wintv7_cd_3.2.exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\z53133L13.exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\z54922L9.exe:BDU
AlternateDataStreams: C:\Users\Sandi\Downloads\ZipOpenerSetup.exe:BDU
EmptyTemp:
End
 
 
*****************
 
"HKU\S-1-5-21-1202798352-640541576-699603743-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{276e7aae-45cd-11e2-82ec-001fc66f9d3c}" => Key deleted successfully.
"HKCR\CLSID\{276e7aae-45cd-11e2-82ec-001fc66f9d3c}" => Key not found.
"HKU\S-1-5-21-1202798352-640541576-699603743-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebd5ae93-1ea9-11e2-87c3-001fc66f9d3c}" => Key deleted successfully.
"HKCR\CLSID\{ebd5ae93-1ea9-11e2-87c3-001fc66f9d3c}" => Key not found.
"HKU\S-1-5-21-1202798352-640541576-699603743-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa00c986-3a31-11e2-9183-001fc66f9d3c}" => Key deleted successfully.
"HKCR\CLSID\{fa00c986-3a31-11e2-9183-001fc66f9d3c}" => Key not found.
C:\$Recycle.Bin\S-1-5-21-1202798352-640541576-699603743-1000\$a6c9cf38495df04812aae794c62035cc => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpeeoeux.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{43007B75-AB72-4295-BBFD-9FED0E750361}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43007B75-AB72-4295-BBFD-9FED0E750361}" => Key deleted successfully.
C:\Windows\System32\Tasks\Run RoboForm Process => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run RoboForm Process" => Key deleted successfully.
 
"C:\Users\Sandi\AppData\Local\Temp\RoboForm" directory move:
 
C:\Users\Sandi\AppData\Local\Temp\RoboForm\affid.txt => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\ar-Arabic.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\br-Brasilian.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\cn-Chinese.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\cz-Czech.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\dbghelp.dll => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\de-German.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\dk-Danish.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\dndhandle.gif => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\en-english.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\es-Spanish.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\fa-Persian.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\fi-Finnish.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\fr-French.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\he-Hebrew.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\hr-Croatian.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\hu-Hungarian.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\id-Indonesian.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\identities.exe => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\install.bmp => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\it-Italian.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\jp-Japanese.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\kr-Korean.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\license-ar.txt => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\license-br.txt => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\license-cn.txt => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\license-cz.txt => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\license-de.txt => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\license-dk.txt => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\license-en.txt => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\license-es.txt => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\license-fi.txt => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\license-fr.txt => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\license-he.txt => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\license-hr.txt => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\license-it.txt => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\license-jp.txt => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\license-kr.txt => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\license-lt.txt => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\license-nl.txt => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\license-pl.txt => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\license-ru.txt => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\license-sb.txt => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\license-sc.txt => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\license-se.txt => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\license-tr.txt => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\license-ua.txt => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\license-zh.txt => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\lt-Lithuanian.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\nl-Dutch.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\no-Norwegian.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\passwordgenerator.exe => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\pl-Polish.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\PortableRoboForm.exe => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\print-template.html => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\resize_horizontal.png => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\resize_vertical.png => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\rfwipeout.exe => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\roboform-x64.dll => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\roboform.dll => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\robotaskbaricon-x64.exe => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\robotaskbaricon.exe => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\ru-Russian.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\sb-Serbian.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\sc-Serbian.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\se-Swedish.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\sk-Slovak.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\tr-Turkish.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\ua-Ukrainian.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\zh-Chinese.rfi => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\start-page\close.png => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\start-page\control_sprites.png => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\start-page\home.png => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\start-page\jquery-ui.min.js => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\start-page\jquery.cookie.js => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\start-page\jquery.min.js => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\start-page\json2.min.js => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\start-page\rf_3.png => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\start-page\search.png => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\start-page\start-page.css => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\start-page\start-page.html => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\start-page\start-page.js => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Opera\arrow.png => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Opera\background.html => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Opera\background.js => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Opera\horiz.ico => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Opera\loading.gif => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Opera\manifest.json => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Opera\options.html => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Opera\options.js => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Opera\popup.html => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Opera\popup.js => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Opera\proxy-np.js => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Opera\rf-opera.oex => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Opera\rfdis19.png => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Opera\robo128.png => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Opera\robo16.png => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Opera\robo32.png => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Opera\robo48.png => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Opera\search-history.png => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Opera\search.ico => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Opera\vert.ico => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Opera\includes\common.js => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Opera\includes\content.js => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Opera\includes\filler.js => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Firefox\bootstrap.js => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Firefox\icon.png => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Firefox\install.rdf => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Firefox\js.manifest => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Firefox\options.xul => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Firefox\rf-firefox-11.dll => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Firefox\rf-firefox-22.dll => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Firefox\rf-firefox-30.dll => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Firefox\rf-firefox-x64.dll => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Firefox\rf-firefox.dll => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Firefox\roboform.jar => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Chrome\arrow.png => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Chrome\background.js => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Chrome\common.js => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Chrome\content.js => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Chrome\filler.js => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Chrome\horiz.ico => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Chrome\loading.gif => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Chrome\manifest.json => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Chrome\options.html => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Chrome\options.js => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Chrome\popup.html => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Chrome\popup.js => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Chrome\proxy-chrome-nm.js => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Chrome\rf-chrome-nm-host.exe => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Chrome\rf-chrome-nm-host.json => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Chrome\rf-chrome.crx => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Chrome\rfdis19.png => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Chrome\robo128.png => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Chrome\robo16.png => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Chrome\robo32.png => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Chrome\robo48.png => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Chrome\search-history.png => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Chrome\search.ico => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Chrome\vert.ico => Moved successfully.
C:\Users\Sandi\AppData\Local\Temp\RoboForm\Chrome\plugin\np-rf-plugin.dll => Moved successfully.
Could not move "C:\Users\Sandi\AppData\Local\Temp\RoboForm" directory. => Scheduled to move on reboot.
 
C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Desktop\FRST64.exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Desktop\mbar-1.07.0.1012.exe.j85sjmx.partial => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\AdwCleaner.exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\adwcleaner_4.000.exe => ":BDU" ADS removed successfully.
"C:\Users\Sandi\Downloads\avast_free_antivirus_setup_online.exe" => ":BDU" ADS not found.
C:\Users\Sandi\Downloads\camtasia.exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\chromeinstall-7u60.exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\chromeinstall-7u67.exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\DesktopUploader1.1.1.0.exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\Dropbox 2.4.4.exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\Evernote_5.0.1.1188.exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\g2m_download.exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\GeForce_Experience_v1.8.2.0.exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\googlecalendarsync_installer(1).exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\googlecalendarsync_installer(2).exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\GoogleCalendarSync_Installer(3).exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\GoogleCalendarSync_Installer(4).exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\googlecalendarsync_installer.exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\GoProStudioPC-2.0.1.319 (1).exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\GoProStudioPC-2.0.1.319.exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\install_flashplayer11x32axau_ltr5x64d_awc_aih (1).exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\install_flashplayer11x32axau_ltr5x64d_awc_aih.exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\install_reader11_en_mssd_awc_aih.exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\iTunes64Setup.exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\JRT.exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\jxpiinstall.exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\Lexmark_Pro800-Pro900_Series_C082511_00_FWUpdate(1).exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\LGS_8.53.154_x64_Logitech.exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\mbam-setup-2.0.3.1025 (1).exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\mbam-setup-2.0.3.1025.exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\mbam_premium.exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\rkill.exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\RoboForm-2Go-Setup (1).exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\RoboForm-2Go-Setup (2).exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\RoboForm-2Go-Setup (3).exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\RoboForm-2Go-Setup(1).exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\RoboForm-2Go-Setup(2).exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\RoboForm-Setup (1).exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\setup.exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\SkypeSetup.exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\wintv7_cd_3.2.exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\z53133L13.exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\z54922L9.exe => ":BDU" ADS removed successfully.
C:\Users\Sandi\Downloads\ZipOpenerSetup.exe => ":BDU" ADS removed successfully.
Link to post
Share on other sites

Next:

 

 

ComboFix 14-10-13.01 - Sandi 10/14/2014  14:56:28.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6143.3251 [GMT -5:00]
Running from: c:\users\Sandi\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Bitdefender Antivirus *Disabled/Outdated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Bitdefender Antispyware *Disabled/Outdated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1338305154.bdinstall.bin
c:\programdata\1342191872.10220.bin
c:\programdata\1342191872.3340.bin
c:\programdata\1342191872.4296.bin
c:\programdata\1342191872.4896.bin
c:\programdata\1342191872.4948.bin
c:\programdata\1342191872.5432.bin
c:\programdata\1342191872.6836.bin
c:\programdata\1342191872.7952.bin
c:\programdata\1342191872.8520.bin
c:\programdata\1342191872.9624.bin
c:\programdata\1342191872.9916.bin
c:\programdata\1343744280.bdinstall.bin
c:\programdata\1343745974.bdinstall.bin
c:\users\Sandi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{450C381D-352F-4B28-A995-CE6FAE44FEBD}.xps
c:\users\Sandi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{69EB42B3-86DF-4CE5-BEDB-7529F996FE90}.xps
c:\users\Sandi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9D8AA327-7AC6-4E58-A894-2C740AB1D536}.xps
c:\users\Sandi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A0418B40-94E3-4FFF-A38F-ABD1749BBD27}.xps
c:\users\Sandi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B5566978-CE0E-4BE6-AAF1-E8FC448D0534}.xps
c:\users\Sandi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BFDE480A-50C8-4388-A214-2402E212333C}.xps
c:\users\Sandi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C1617DA0-3BC4-4445-A46F-C85967C27824}.xps
c:\users\Sandi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DF41FE9C-0719-44A3-9A61-52520AC5FB0F}.xps
c:\users\Sandi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E660F235-7775-47F4-874D-7EA49631EDE1}.xps
c:\users\Sandi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F304EED2-ACE0-4298-BBA2-1FA252CD5653}.xps
c:\users\Sandi\AppData\Local\Temp\_MEI35762\_ctypes.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\_elementtree.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\_hashlib.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\_multiprocessing.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\_socket.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\_ssl.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\hashobjs_ext.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\pyexpat.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\pysqlite2._sqlite.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\python27.dll
c:\users\Sandi\AppData\Local\Temp\_MEI35762\pythoncom27.dll
c:\users\Sandi\AppData\Local\Temp\_MEI35762\PyWinTypes27.dll
c:\users\Sandi\AppData\Local\Temp\_MEI35762\select.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\unicodedata.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\win32api.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\win32com.shell.shell.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\win32crypt.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\win32event.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\win32file.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\win32gui.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\win32inet.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\win32pdh.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\win32pipe.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\win32process.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\win32profile.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\win32security.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\win32ts.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\windows._lib_cacheinvalidation.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\wx._animate.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\wx._controls_.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\wx._core_.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\wx._gdi_.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\wx._html2.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\wx._misc_.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\wx._windows_.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\wx._wizard.pyd
c:\users\Sandi\AppData\Local\Temp\_MEI35762\wxbase294u_net_vc90.dll
c:\users\Sandi\AppData\Local\Temp\_MEI35762\wxbase294u_vc90.dll
c:\users\Sandi\AppData\Local\Temp\_MEI35762\wxmsw294u_adv_vc90.dll
c:\users\Sandi\AppData\Local\Temp\_MEI35762\wxmsw294u_core_vc90.dll
c:\users\Sandi\AppData\Local\Temp\_MEI35762\wxmsw294u_html_vc90.dll
c:\users\Sandi\AppData\Local\Temp\_MEI35762\wxmsw294u_webview_vc90.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-14 to 2014-10-14  )))))))))))))))))))))))))))))))
.
.
2014-10-14 20:15 . 2014-10-14 20:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-14 18:18 . 2014-09-04 07:28 34960 ----a-w- c:\windows\system32\drivers\monblanking.sys
2014-10-14 16:52 . 2014-10-14 19:16 -------- d-----w- C:\FRST
2014-10-14 16:42 . 2014-10-14 16:42 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-14 14:52 . 2014-10-14 14:52 -------- d-----w- c:\windows\ERUNT
2014-09-30 19:20 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-30 19:20 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-24 08:56 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-24 08:56 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-19 21:43 . 2014-09-19 21:43 74864 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2014-09-19 21:43 . 2014-09-19 21:43 47216 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-09-19 21:43 . 2014-09-19 21:43 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2014-09-19 21:43 . 2014-09-19 21:43 20080 ----a-w- c:\program files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2014-09-19 21:43 . 2014-09-19 21:43 3231696 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dcompiler_46.dll
2014-09-19 21:43 . 2014-09-19 21:43 10397296 ----a-w- c:\program files (x86)\Mozilla Firefox\icudt52.dll
2014-09-19 21:43 . 2014-09-19 21:43 800368 ----a-w- c:\program files (x86)\Mozilla Firefox\icuuc52.dll
2014-09-19 21:43 . 2014-09-19 21:43 1023600 ----a-w- c:\program files (x86)\Mozilla Firefox\icuin52.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-22 13:09 . 2012-05-28 23:45 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-22 13:09 . 2012-05-28 23:45 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-11 08:03 . 2012-06-07 12:08 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-09-09 18:14 . 2014-09-09 18:12 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-09-09 18:12 . 2014-09-09 18:13 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-09-09 18:12 . 2014-09-09 18:13 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-09-09 18:12 . 2014-09-09 18:13 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-09-09 18:12 . 2014-09-09 18:12 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-09-09 18:12 . 2014-09-09 18:12 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-09-09 18:12 . 2014-09-09 18:12 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-09-09 18:12 . 2014-09-09 18:12 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-09-09 18:12 . 2014-09-09 18:12 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-09-09 18:11 . 2014-09-09 18:11 43152 ----a-w- c:\windows\avastSS.scr
2014-09-05 02:10 . 2014-09-11 04:46 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-05 02:05 . 2014-09-11 04:46 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-09-04 07:47 . 2012-05-29 00:03 131416 ----a-w- c:\windows\system32\gotomon_x64.dll
2014-08-23 02:07 . 2014-08-27 20:28 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-27 20:28 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-08-27 20:28 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-19 18:05 . 2014-09-11 08:12 374968 ----a-w- c:\windows\system32\iedkcs32.dll
2014-08-18 23:01 . 2014-09-11 08:12 23591424 ----a-w- c:\windows\system32\mshtml.dll
2014-08-18 22:29 . 2014-09-11 08:12 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-08-18 22:29 . 2014-09-11 08:12 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-08-18 22:20 . 2014-09-11 08:12 2793984 ----a-w- c:\windows\system32\iertutil.dll
2014-08-18 22:19 . 2014-09-11 08:12 5833728 ----a-w- c:\windows\system32\jscript9.dll
2014-08-18 22:15 . 2014-09-11 08:12 547328 ----a-w- c:\windows\system32\vbscript.dll
2014-08-18 22:15 . 2014-09-11 08:12 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-08-18 22:14 . 2014-09-11 08:12 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-08-18 22:14 . 2014-09-11 08:12 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-08-18 22:08 . 2014-09-11 08:12 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-08-18 22:08 . 2014-09-11 08:12 4232704 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-08-18 22:08 . 2014-09-11 08:12 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-08-18 22:05 . 2014-09-11 08:12 596480 ----a-w- c:\windows\system32\ieui.dll
2014-08-18 22:03 . 2014-09-11 08:12 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-08-18 22:03 . 2014-09-11 08:12 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-08-18 22:03 . 2014-09-11 08:12 758272 ----a-w- c:\windows\system32\jscript9diag.dll
2014-08-18 21:57 . 2014-09-11 08:12 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-08-18 21:56 . 2014-09-11 08:12 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 21:51 . 2014-09-11 08:12 446464 ----a-w- c:\windows\system32\dxtmsft.dll
2014-08-18 21:46 . 2014-09-11 08:12 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-08-18 21:45 . 2014-09-11 08:12 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-08-18 21:45 . 2014-09-11 08:12 72704 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:44 . 2014-09-11 08:12 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44 . 2014-09-11 08:12 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-08-18 21:40 . 2014-09-11 08:12 195584 ----a-w- c:\windows\system32\msrating.dll
2014-08-18 21:39 . 2014-09-11 08:12 85504 ----a-w- c:\windows\system32\mshtmled.dll
2014-08-18 21:38 . 2014-09-11 08:12 289280 ----a-w- c:\windows\system32\dxtrans.dll
2014-08-18 21:36 . 2014-09-11 08:12 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-08-18 21:35 . 2014-09-11 08:12 597504 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-08-18 21:25 . 2014-09-11 08:12 727040 ----a-w- c:\windows\system32\msfeeds.dll
2014-08-18 21:25 . 2014-09-11 08:12 707072 ----a-w- c:\windows\system32\ie4uinit.exe
2014-08-18 21:23 . 2014-09-11 08:12 2104832 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-18 21:23 . 2014-09-11 08:12 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-08-18 21:22 . 2014-09-11 08:12 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:16 . 2014-09-11 08:12 13588480 ----a-w- c:\windows\system32\ieframe.dll
2014-08-18 21:15 . 2014-09-11 08:12 2310656 ----a-w- c:\windows\system32\wininet.dll
2014-08-18 21:08 . 2014-09-11 08:12 2014208 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-08-18 21:07 . 2014-09-11 08:12 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:55 . 2014-09-11 08:12 1447424 ----a-w- c:\windows\system32\urlmon.dll
2014-08-18 20:46 . 2014-09-11 08:12 1812992 ----a-w- c:\windows\SysWow64\wininet.dll
2014-08-18 20:38 . 2014-09-11 08:12 775168 ----a-w- c:\windows\system32\ieapfltr.dll
2014-08-13 04:57 . 2014-07-21 23:07 57584 ----a-w- c:\windows\system32\iolobtdfg.exe
2014-08-13 04:57 . 2014-07-21 23:07 26184 ----a-w- c:\windows\system32\smrgdf.exe
2014-08-13 04:41 . 2014-07-21 23:07 2155152 ----a-w- c:\windows\system32\Incinerator64.dll
2014-08-13 04:41 . 2014-07-21 23:07 2097984 ----a-w- c:\windows\SysWow64\Incinerator32.dll
2014-08-01 11:53 . 2014-09-11 04:47 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-11 04:47 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-07-25 17:55 . 2014-08-12 14:28 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-25 07:35 . 2014-07-25 07:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 04:47 . 2014-07-25 04:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-21 23:06 . 2014-07-21 23:06 74703 ----a-w- c:\windows\SysWow64\mfc45.dat
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2014-06-27 19:27 1020624 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2014-06-27 19:27 1020624 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2014-06-27 19:27 1020624 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Sandi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Sandi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Sandi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\Sandi\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-08-08 22734160]
"GoToMeeting"="c:\users\Sandi\AppData\Local\Citrix\GoToMeeting\1259\g2mstart.exe" [2014-01-20 40304]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2014-06-27 1056976]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-09-09 4085896]
.
c:\users\Sandi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sandi\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-12 36414624]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-9-11 1096032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"Intuit SyncManager"=c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTBS26.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [x]
R4 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys;c:\windows\SYSNATIVE\DRIVERS\bdvedisk.sys [x]
S1 RawDisk3;RawDisk3;c:\windows\system32\drivers\rawdsk3.sys;c:\windows\SYSNATIVE\drivers\rawdsk3.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe;c:\windows\SYSNATIVE\lxeccoms.exe [x]
S2 monblanking;monblanking;c:\windows\system32\DRIVERS\monblanking.sys;c:\windows\SYSNATIVE\DRIVERS\monblanking.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [x]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWBS2.sys [x]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys;c:\windows\SYSNATIVE\drivers\HCW85BDA.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-08 04:55 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 13:09]
.
2014-10-14 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-1202798352-640541576-699603743-1000.job
- c:\users\Sandi\AppData\Local\Citrix\GoToMeeting\1831\g2mupdate.exe [2014-10-12 19:20]
.
2014-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-28 21:02]
.
2014-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-28 21:02]
.
2014-10-09 c:\windows\Tasks\Quark Updater.job
- c:\program files (x86)\Quark\Quark Update\AutoUpdate.exe [2011-11-25 19:56]
.
2014-10-14 c:\windows\Tasks\ReclaimerUpdateFiles_Sandi.job
- c:\users\Sandi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-22 15:00]
.
2014-10-14 c:\windows\Tasks\ReclaimerUpdateXML_Sandi.job
- c:\users\Sandi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-22 15:00]
.
2014-10-14 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Sandi.job
- c:\users\Sandi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-22 15:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-09-09 18:12 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2014-06-27 19:15 1293520 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2014-06-27 19:15 1293520 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2014-06-27 19:15 1293520 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Sandi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Sandi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Sandi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Sandi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2013-02-27 20:53 269200 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2013-02-27 20:53 269200 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2013-02-27 20:53 269200 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2013-02-27 20:53 269200 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-11-20 1571072]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-01-21 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-01-21 1179576]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip Image - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0A0721FD-48CD-4937-9F1C-62977C3BD266}: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Sandi\AppData\Roaming\Mozilla\Firefox\Profiles\06d333tr.default\
FF - prefs.js: browser.search.selectedEngine - Microsoft (Bing)
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=AV01
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Citrix\GoToMyPC\g2svc.exe
c:\program files (x86)\Citrix\GoToMyPC\g2comm.exe
c:\program files (x86)\Citrix\GoToMyPC\g2pre.exe
c:\program files (x86)\Citrix\GoToMyPC\g2tray.exe
c:\program files (x86)\iolo\System Mechanic\LiveBoost.exe
c:\users\Sandi\AppData\Local\Citrix\GoToMeeting\1259\g2mcomm.exe
c:\users\Sandi\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\users\Sandi\AppData\Local\Citrix\GoToMeeting\1259\g2mlauncher.exe
.
**************************************************************************
.
Completion time: 2014-10-14  15:33:35 - machine was rebooted
ComboFix-quarantined-files.txt  2014-10-14 20:33
.
Pre-Run: 98,347,905,024 bytes free
Post-Run: 98,537,414,656 bytes free
.
- - End Of File - - 30695C82570B949F2766F750D43C8A52
A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

There are two security systems running, Avast and BitDefender. Both have anti-virus components, that is counterproductive and will cause major problems for your operating system.

As BitDefender appears to be a full suite it maybe beneficial to remove Avast, the decision is yours on which one to remove. Before we progress any further please UNinstall one or the other......

 

Next,

 

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

ClearJavaCache::

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

CF3.jpg

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

Next,

 

Download Malwarebytes Anti-Malware to your desktop.


Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Now select > Scan > Threat scan > Scan now
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter

notepad c:\windows\debug\mrt.log

 

Let me see those logs in your next reply, also give an update on any remaining issues or concerns....

 

Thanks,

 

Kevin...

 

 

 

 

 

 

 

 

Link to post
Share on other sites

ComboFix 14-10-13.01 - Sandi 10/20/2014   9:36.2.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6143.1989 [GMT -5:00]

Running from: c:\users\Sandi\Desktop\ComboFix.exe

Command switches used :: c:\users\Sandi\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AV: Bitdefender Antivirus *Disabled/Outdated* {9B5F5313-CAF9-DD97-C460-E778420237B4}

FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Bitdefender Antispyware *Disabled/Outdated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Sandi\AppData\Local\Temp\_MEI54922\_ctypes.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\_elementtree.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\_hashlib.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\_multiprocessing.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\_socket.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\_ssl.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\hashobjs_ext.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\pyexpat.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\pysqlite2._sqlite.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\python27.dll

c:\users\Sandi\AppData\Local\Temp\_MEI54922\pythoncom27.dll

c:\users\Sandi\AppData\Local\Temp\_MEI54922\PyWinTypes27.dll

c:\users\Sandi\AppData\Local\Temp\_MEI54922\select.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\unicodedata.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\win32api.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\win32com.shell.shell.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\win32crypt.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\win32event.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\win32file.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\win32gui.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\win32inet.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\win32pdh.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\win32pipe.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\win32process.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\win32profile.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\win32security.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\win32ts.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\windows._lib_cacheinvalidation.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\wx._animate.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\wx._controls_.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\wx._core_.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\wx._gdi_.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\wx._html2.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\wx._misc_.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\wx._windows_.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\wx._wizard.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI54922\wxbase294u_net_vc90.dll

c:\users\Sandi\AppData\Local\Temp\_MEI54922\wxbase294u_vc90.dll

c:\users\Sandi\AppData\Local\Temp\_MEI54922\wxmsw294u_adv_vc90.dll

c:\users\Sandi\AppData\Local\Temp\_MEI54922\wxmsw294u_core_vc90.dll

c:\users\Sandi\AppData\Local\Temp\_MEI54922\wxmsw294u_html_vc90.dll

c:\users\Sandi\AppData\Local\Temp\_MEI54922\wxmsw294u_webview_vc90.dll

.

.

(((((((((((((((((((((((((   Files Created from 2014-09-20 to 2014-10-20  )))))))))))))))))))))))))))))))

.

.

2014-10-20 14:54 . 2014-10-20 14:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-10-16 07:44 . 2014-10-07 02:04 235184 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll

2014-10-16 07:39 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll

2014-10-16 07:38 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll

2014-10-16 07:38 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll

2014-10-15 12:36 . 2014-10-15 12:36 -------- d-----w- c:\users\Sandi\AppData\Roaming\DigitalSites

2014-10-14 18:18 . 2014-09-04 07:28 34960 ----a-w- c:\windows\system32\drivers\monblanking.sys

2014-10-14 16:52 . 2014-10-14 19:16 -------- d-----w- C:\FRST

2014-10-14 16:42 . 2014-10-14 16:42 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-10-14 14:52 . 2014-10-14 14:52 -------- d-----w- c:\windows\ERUNT

2014-09-30 19:20 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll

2014-09-30 19:20 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll

2014-09-24 08:56 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-10-16 08:03 . 2012-06-07 12:08 103265616 ----a-w- c:\windows\system32\MRT.exe

2014-09-22 13:09 . 2012-05-28 23:45 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-09-22 13:09 . 2012-05-28 23:45 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-09-19 01:02 . 2014-10-16 07:45 454656 ----a-w- c:\windows\SysWow64\vbscript.dll

2014-09-18 23:59 . 2014-10-16 07:45 1810944 ----a-w- c:\windows\SysWow64\wininet.dll

2014-09-09 21:47 . 2014-09-24 08:56 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2014-09-09 18:14 . 2014-09-09 18:12 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys

2014-09-09 18:12 . 2014-09-09 18:13 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys

2014-09-09 18:12 . 2014-09-09 18:13 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2014-09-09 18:12 . 2014-09-09 18:13 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2014-09-09 18:12 . 2014-09-09 18:12 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2014-09-09 18:12 . 2014-09-09 18:12 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2014-09-09 18:12 . 2014-09-09 18:12 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys

2014-09-09 18:12 . 2014-09-09 18:12 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2014-09-09 18:12 . 2014-09-09 18:12 307344 ----a-w- c:\windows\system32\aswBoot.exe

2014-09-09 18:11 . 2014-09-09 18:11 43152 ----a-w- c:\windows\avastSS.scr

2014-09-04 07:47 . 2012-05-29 00:03 131416 ----a-w- c:\windows\system32\gotomon_x64.dll

2014-08-29 01:44 . 2014-10-16 07:39 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll

2014-08-23 02:07 . 2014-08-27 20:28 404480 ----a-w- c:\windows\system32\gdi32.dll

2014-08-23 01:45 . 2014-08-27 20:28 311808 ----a-w- c:\windows\SysWow64\gdi32.dll

2014-08-13 04:57 . 2014-07-21 23:07 57584 ----a-w- c:\windows\system32\iolobtdfg.exe

2014-08-13 04:57 . 2014-07-21 23:07 26184 ----a-w- c:\windows\system32\smrgdf.exe

2014-08-13 04:41 . 2014-07-21 23:07 2155152 ----a-w- c:\windows\system32\Incinerator64.dll

2014-08-13 04:41 . 2014-07-21 23:07 2097984 ----a-w- c:\windows\SysWow64\Incinerator32.dll

2014-08-01 11:53 . 2014-09-11 04:47 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll

2014-08-01 11:35 . 2014-09-11 04:47 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll

2014-07-25 17:55 . 2014-08-12 14:28 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-07-25 07:35 . 2014-07-25 07:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll

2014-07-25 04:47 . 2014-07-25 04:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2014-06-27 19:27 1020624 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2014-06-27 19:27 1020624 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2014-06-27 19:27 1020624 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\Sandi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\Sandi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\Sandi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="c:\users\Sandi\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-08-08 22734160]

"GoToMeeting"="c:\users\Sandi\AppData\Local\Citrix\GoToMeeting\1259\g2mstart.exe" [2014-01-20 40304]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]

"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2014-06-27 1056976]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-09-09 4085896]

.

c:\users\Sandi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Sandi\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-12 36414624]

EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-9-11 1096032]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

"Intuit SyncManager"=c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]

R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTBS26.SYS [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [x]

R4 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]

S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]

S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]

S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys;c:\windows\SYSNATIVE\DRIVERS\bdvedisk.sys [x]

S1 RawDisk3;RawDisk3;c:\windows\system32\drivers\rawdsk3.sys;c:\windows\SYSNATIVE\drivers\rawdsk3.sys [x]

S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]

S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe;c:\windows\SYSNATIVE\lxeccoms.exe [x]

S2 monblanking;monblanking;c:\windows\system32\DRIVERS\monblanking.sys;c:\windows\SYSNATIVE\DRIVERS\monblanking.sys [x]

S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]

S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]

S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [x]

S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [x]

S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]

S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]

S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWBS2.sys [x]

S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys;c:\windows\SYSNATIVE\drivers\HCW85BDA.sys [x]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]

S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]

S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-10-14 20:54 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 13:09]

.

2014-10-20 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-1202798352-640541576-699603743-1000.job

- c:\users\Sandi\AppData\Local\Citrix\GoToMeeting\1831\g2mupdate.exe [2014-10-12 19:20]

.

2014-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-28 06:54]

.

2014-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-28 06:54]

.

2014-10-16 c:\windows\Tasks\Quark Updater.job

- c:\program files (x86)\Quark\Quark Update\AutoUpdate.exe [2011-11-25 19:56]

.

2014-10-19 c:\windows\Tasks\ReclaimerUpdateFiles_Sandi.job

- c:\users\Sandi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-22 15:00]

.

2014-10-19 c:\windows\Tasks\ReclaimerUpdateXML_Sandi.job

- c:\users\Sandi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-22 15:00]

.

2014-10-20 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Sandi.job

- c:\users\Sandi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-22 15:00]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-09-09 18:12 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2014-06-27 19:15 1293520 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2014-06-27 19:15 1293520 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2014-06-27 19:15 1293520 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 164760 ----a-w- c:\users\Sandi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 164760 ----a-w- c:\users\Sandi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 164760 ----a-w- c:\users\Sandi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 164760 ----a-w- c:\users\Sandi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]

@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"

[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]

2013-02-27 20:53 269200 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]

@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"

[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]

2013-02-27 20:53 269200 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]

@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"

[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]

2013-02-27 20:53 269200 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]

@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"

[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]

2013-02-27 20:53 269200 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-11-20 1571072]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]

"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]

"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]

"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-01-21 2234144]

"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-01-21 1179576]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Clip Image - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4

IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3

IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1

IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{0A0721FD-48CD-4937-9F1C-62977C3BD266}: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Sandi\AppData\Roaming\Mozilla\Firefox\Profiles\06d333tr.default\

FF - prefs.js: browser.search.selectedEngine - Microsoft (Bing)

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=AV01

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.15"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

"Key"="ActionsPane3"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Citrix\GoToMyPC\g2svc.exe

c:\program files (x86)\Citrix\GoToMyPC\g2comm.exe

c:\program files (x86)\Citrix\GoToMyPC\g2pre.exe

c:\program files (x86)\Citrix\GoToMyPC\g2tray.exe

c:\program files (x86)\iolo\System Mechanic\LiveBoost.exe

c:\program files (x86)\real\realplayer\RealPlay.exe

c:\users\Sandi\AppData\Roaming\Dropbox\bin\Dropbox.exe

c:\users\Sandi\AppData\Local\Citrix\GoToMeeting\1259\g2mcomm.exe

c:\users\Sandi\AppData\Local\Citrix\GoToMeeting\1259\g2mlauncher.exe

.

**************************************************************************

.

Completion time: 2014-10-20  10:17:25 - machine was rebooted

ComboFix-quarantined-files.txt  2014-10-20 15:17

ComboFix2.txt  2014-10-14 20:33

.

Pre-Run: 95,424,602,112 bytes free

Post-Run: 95,070,294,016 bytes free

.

- - End Of File - - E94DF7D24EA37EB37089B19832A1EB9E

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

# AdwCleaner v4.000 - Report created 20/10/2014 at 13:42:02

# DB v2014-10-19.11

# Updated 12/10/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Sandi - SANDI-PC

# Running from : C:\Users\Sandi\Desktop\AdwCleaner (1).exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\Sandi\AppData\Roaming\DigitalSites

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKCU\Software\dsiteproducts

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17344

 

 

-\\ Mozilla Firefox v32.0.2 (x86 en-US)

 

 

-\\ Google Chrome v38.0.2125.104

 

Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

 

*************************

 

AdwCleaner[R0].txt - [42632 octets] - [20/10/2014 11:14:52]

AdwCleaner[R1].txt - [42900 octets] - [20/10/2014 11:15:04]

AdwCleaner[R2].txt - [1312 octets] - [20/10/2014 13:39:50]

AdwCleaner[s0].txt - [1222 octets] - [20/10/2014 13:42:02]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1282 octets] ##########
Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

File::c:\windows\system32\drivers\bdsandbox.sysc:\windows\system32\DRIVERS\bdvedisk.sysFolder::c:\program files\Bitdefenderc:\program files\common files\bitdefenderDriver::BDSandBoxBdDesktopParentalBdfNdisfbdfwfpfBDVEDISKSafeBoxUPDATESRVRegistry::[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Bdagent"=-SecCenter::{9B5F5313-CAF9-DD97-C460-E778420237B4}{A364D236-8096-DCCF-EF3F-4E4DBCD170CF}{203EB2F7-ECC3-D219-FED0-DC0A39857D09}

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

CF3.jpg

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

Next,

 

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

 

There are three buttons to choose from with different names on, select the first one and save it to your desktop.

 


Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7/8, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
If the tool does not run from any of the links provided, please let me know.

 

Next,

 

Download Malwarebytes Anti-Malware to your desktop.


Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Now select > Scan > Threat scan > Scan now
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 


After the restart (If applicable) once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

Let me see those logs, give an update on remaining issues or concerns...

 

Kevin...

Link to post
Share on other sites

ComboFix 14-10-13.01 - Sandi 10/20/2014  14:25:04.3.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6143.3838 [GMT -5:00]

Running from: c:\users\Sandi\Desktop\ComboFix.exe

Command switches used :: c:\users\Sandi\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AV: Bitdefender Antivirus *Disabled/Outdated* {9B5F5313-CAF9-DD97-C460-E778420237B4}

FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Bitdefender Antispyware *Disabled/Outdated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Sandi\AppData\Local\Temp\_MEI39922\_ctypes.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\_elementtree.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\_hashlib.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\_multiprocessing.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\_socket.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\_ssl.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\hashobjs_ext.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\pyexpat.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\pysqlite2._sqlite.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\python27.dll

c:\users\Sandi\AppData\Local\Temp\_MEI39922\pythoncom27.dll

c:\users\Sandi\AppData\Local\Temp\_MEI39922\PyWinTypes27.dll

c:\users\Sandi\AppData\Local\Temp\_MEI39922\select.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\unicodedata.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\win32api.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\win32com.shell.shell.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\win32crypt.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\win32event.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\win32file.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\win32gui.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\win32inet.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\win32pdh.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\win32pipe.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\win32process.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\win32profile.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\win32security.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\win32ts.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\windows._lib_cacheinvalidation.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\wx._animate.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\wx._controls_.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\wx._core_.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\wx._gdi_.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\wx._html2.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\wx._misc_.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\wx._windows_.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\wx._wizard.pyd

c:\users\Sandi\AppData\Local\Temp\_MEI39922\wxbase294u_net_vc90.dll

c:\users\Sandi\AppData\Local\Temp\_MEI39922\wxbase294u_vc90.dll

c:\users\Sandi\AppData\Local\Temp\_MEI39922\wxmsw294u_adv_vc90.dll

c:\users\Sandi\AppData\Local\Temp\_MEI39922\wxmsw294u_core_vc90.dll

c:\users\Sandi\AppData\Local\Temp\_MEI39922\wxmsw294u_html_vc90.dll

c:\users\Sandi\AppData\Local\Temp\_MEI39922\wxmsw294u_webview_vc90.dll

.

.

(((((((((((((((((((((((((   Files Created from 2014-09-20 to 2014-10-20  )))))))))))))))))))))))))))))))

.

.

2014-10-20 19:41 . 2014-10-20 19:41 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-10-20 16:14 . 2014-10-20 18:42 -------- d-----w- C:\AdwCleaner

2014-10-16 07:44 . 2014-10-07 02:04 235184 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll

2014-10-16 07:39 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll

2014-10-16 07:38 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll

2014-10-16 07:38 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll

2014-10-14 18:18 . 2014-09-04 07:28 34960 ----a-w- c:\windows\system32\drivers\monblanking.sys

2014-10-14 16:52 . 2014-10-14 19:16 -------- d-----w- C:\FRST

2014-10-14 16:42 . 2014-10-14 16:42 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-10-14 14:52 . 2014-10-14 14:52 -------- d-----w- c:\windows\ERUNT

2014-09-30 19:20 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll

2014-09-30 19:20 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll

2014-09-24 08:56 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll

2014-09-24 08:56 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-10-16 08:03 . 2012-06-07 12:08 103265616 ----a-w- c:\windows\system32\MRT.exe

2014-09-22 13:09 . 2012-05-28 23:45 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-09-22 13:09 . 2012-05-28 23:45 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-09-18 23:59 . 2014-10-16 07:45 1810944 ----a-w- c:\windows\SysWow64\wininet.dll

2014-09-09 18:14 . 2014-09-09 18:12 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys

2014-09-09 18:12 . 2014-09-09 18:13 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys

2014-09-09 18:12 . 2014-09-09 18:13 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2014-09-09 18:12 . 2014-09-09 18:13 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2014-09-09 18:12 . 2014-09-09 18:12 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2014-09-09 18:12 . 2014-09-09 18:12 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2014-09-09 18:12 . 2014-09-09 18:12 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys

2014-09-09 18:12 . 2014-09-09 18:12 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2014-09-09 18:12 . 2014-09-09 18:12 307344 ----a-w- c:\windows\system32\aswBoot.exe

2014-09-09 18:11 . 2014-09-09 18:11 43152 ----a-w- c:\windows\avastSS.scr

2014-09-04 07:47 . 2012-05-29 00:03 131416 ----a-w- c:\windows\system32\gotomon_x64.dll

2014-08-23 02:07 . 2014-08-27 20:28 404480 ----a-w- c:\windows\system32\gdi32.dll

2014-08-23 01:45 . 2014-08-27 20:28 311808 ----a-w- c:\windows\SysWow64\gdi32.dll

2014-08-13 04:57 . 2014-07-21 23:07 57584 ----a-w- c:\windows\system32\iolobtdfg.exe

2014-08-13 04:57 . 2014-07-21 23:07 26184 ----a-w- c:\windows\system32\smrgdf.exe

2014-08-13 04:41 . 2014-07-21 23:07 2155152 ----a-w- c:\windows\system32\Incinerator64.dll

2014-08-13 04:41 . 2014-07-21 23:07 2097984 ----a-w- c:\windows\SysWow64\Incinerator32.dll

2014-08-01 11:53 . 2014-09-11 04:47 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll

2014-08-01 11:35 . 2014-09-11 04:47 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll

2014-07-25 17:55 . 2014-08-12 14:28 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-07-25 07:35 . 2014-07-25 07:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll

2014-07-25 04:47 . 2014-07-25 04:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2014-06-27 19:27 1020624 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2014-06-27 19:27 1020624 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2014-06-27 19:27 1020624 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\Sandi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\Sandi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\Sandi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="c:\users\Sandi\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-08-08 22734160]

"GoToMeeting"="c:\users\Sandi\AppData\Local\Citrix\GoToMeeting\1259\g2mstart.exe" [2014-01-20 40304]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]

"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2014-06-27 1056976]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-09-09 4085896]

.

c:\users\Sandi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Sandi\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-12 36414624]

EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-9-11 1096032]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

"Intuit SyncManager"=c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]

R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTBS26.SYS [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [x]

R4 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]

S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]

S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]

S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys;c:\windows\SYSNATIVE\DRIVERS\bdvedisk.sys [x]

S1 RawDisk3;RawDisk3;c:\windows\system32\drivers\rawdsk3.sys;c:\windows\SYSNATIVE\drivers\rawdsk3.sys [x]

S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]

S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe;c:\windows\SYSNATIVE\lxeccoms.exe [x]

S2 monblanking;monblanking;c:\windows\system32\DRIVERS\monblanking.sys;c:\windows\SYSNATIVE\DRIVERS\monblanking.sys [x]

S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]

S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]

S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [x]

S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [x]

S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]

S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]

S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWBS2.sys [x]

S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys;c:\windows\SYSNATIVE\drivers\HCW85BDA.sys [x]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]

S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]

S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-10-14 20:54 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 13:09]

.

2014-10-20 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-1202798352-640541576-699603743-1000.job

- c:\users\Sandi\AppData\Local\Citrix\GoToMeeting\1831\g2mupdate.exe [2014-10-12 19:20]

.

2014-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-28 06:54]

.

2014-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-28 06:54]

.

2014-10-16 c:\windows\Tasks\Quark Updater.job

- c:\program files (x86)\Quark\Quark Update\AutoUpdate.exe [2011-11-25 19:56]

.

2014-10-19 c:\windows\Tasks\ReclaimerUpdateFiles_Sandi.job

- c:\users\Sandi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-22 15:00]

.

2014-10-20 c:\windows\Tasks\ReclaimerUpdateXML_Sandi.job

- c:\users\Sandi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-22 15:00]

.

2014-10-20 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Sandi.job

- c:\users\Sandi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-22 15:00]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-09-09 18:12 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2014-06-27 19:15 1293520 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2014-06-27 19:15 1293520 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2014-06-27 19:15 1293520 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 164760 ----a-w- c:\users\Sandi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 164760 ----a-w- c:\users\Sandi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 164760 ----a-w- c:\users\Sandi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 164760 ----a-w- c:\users\Sandi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]

@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"

[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]

2013-02-27 20:53 269200 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]

@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"

[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]

2013-02-27 20:53 269200 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]

@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"

[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]

2013-02-27 20:53 269200 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]

@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"

[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]

2013-02-27 20:53 269200 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-11-20 1571072]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]

"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]

"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]

"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-01-21 2234144]

"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-01-21 1179576]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Clip Image - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4

IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3

IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1

IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{0A0721FD-48CD-4937-9F1C-62977C3BD266}: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Sandi\AppData\Roaming\Mozilla\Firefox\Profiles\06d333tr.default\

FF - prefs.js: browser.search.selectedEngine - Microsoft (Bing)

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=AV01

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.15"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

"Key"="ActionsPane3"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Citrix\GoToMyPC\g2svc.exe

c:\program files (x86)\Citrix\GoToMyPC\g2comm.exe

c:\program files (x86)\Citrix\GoToMyPC\g2pre.exe

c:\program files (x86)\Citrix\GoToMyPC\g2tray.exe

c:\program files (x86)\iolo\System Mechanic\LiveBoost.exe

c:\users\Sandi\AppData\Roaming\Dropbox\bin\Dropbox.exe

c:\users\Sandi\AppData\Local\Citrix\GoToMeeting\1259\g2mcomm.exe

c:\users\Sandi\AppData\Local\Citrix\GoToMeeting\1259\g2mlauncher.exe

.

**************************************************************************

.

Completion time: 2014-10-20  14:58:41 - machine was rebooted

ComboFix-quarantined-files.txt  2014-10-20 19:58

ComboFix2.txt  2014-10-20 15:17

ComboFix3.txt  2014-10-14 20:33

.

Pre-Run: 94,682,275,840 bytes free

Post-Run: 94,131,376,128 bytes free

.

- - End Of File - - D292C5D4CBC672C014732BC7B25405B5

A36C5E4F47E84449FF07ED3517B43A31

Link to post
Share on other sites

Rkill 2.6.8 by Lawrence Abrams (Grinler)


Copyright 2008-2014 BleepingComputer.com

More Information about Rkill can be found at this link:


 

Program started at: 10/20/2014 03:02:58 PM in x64 mode.

Windows Version: Windows 7 Home Premium Service Pack 1

 

Checking for Windows services to stop:

 

 * No malware services found to stop.

 

Checking for processes to terminate:

 

 * C:\Users\Sandi\AppData\Roaming\Google\Google Talk\googletalk.exe (PID: 5228) [uP-HEUR]

 * C:\Users\Sandi\AppData\Local\Citrix\GoToMeeting\1259\g2mcomm.exe (PID: 5268) [uP-HEUR]

 

2 proccesses terminated!

 

Checking Registry for malware related settings:

 

 * No issues found in the Registry.

 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

 

Performing miscellaneous checks:

 

 * Windows Defender Disabled

 

   [HKLM\SOFTWARE\Microsoft\Windows Defender]

   "DisableAntiSpyware" = dword:00000001

 

 * Windows Firewall Disabled

 

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

   "EnableFirewall" = dword:00000000

 

Checking Windows Service Integrity: 

 

 * Windows Defender (WinDefend) is not Running.

   Startup Type set to: Automatic

 

Searching for Missing Digital Signatures: 

 

 * No issues found.

 

Checking HOSTS File: 

 

 * HOSTS file entries found: 

 

  127.0.0.1       localhost

 

Program finished at: 10/20/2014 03:05:31 PM

Execution time: 0 hours(s), 2 minute(s), and 32 seconds(s)
Link to post
Share on other sites

Thanks for the update, run CF again and post the new log, Now try the following for Malwarebytes...

 

Run the clean up tool available here: xxxx link removed xxxx   re-boot when the clean up tool finishes...

 

When reinstalling the program please try the latest version from here:

http://www.malwarebytes.org/mwb-download/

 

When the istall completes do the following:

 

Open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 

Kevin

 

 

 

Post updated [02/12/2021 - AdvancedSetup]

The following MBST tool should be used to perform a clean removal and reinstall

https://support.malwarebytes.com/hc/en-us/articles/360039023473-Uninstall-and-reinstall-using-the-Malwarebytes-Support-Tool

 

Edited by AdvancedSetup
updated information
Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.