Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nothing Will Open On Computer


  • This topic is locked This topic is locked
29 replies to this topic

#1 KDenning

KDenning

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 14 May 2013 - 08:31 PM

I have an ACER Inspire 5532-5535 running Windows 7 64 bit Home Edition.

 

About a week ago, I turned on my computer and I was unable to open anything. I am able to turn on the computer and I am able to log on. But then, nothing is responsive when I click anything. For example, I will click Word, it seems like it will open but, it does not.

 

Pressing Ctrl+Alt+Del does not work either, when I attempt to press those buttons, a warning message appears. The warning message says "The logon process was unable to display security and logon options when CTRL + ALT + DELETE was pressed. If the operating system does not respond, press ESC or restart the computer by using the power switch." I have also noticed that the internet keeps attempting to connect but, is unsuccessful.

 

The only way that I am able to turn off my computer is by holding down on the power button. If I turn off and on my computer several times in this fashion it will occasionally work. When it does work, it is responsive but, it is very slowly. Also, the sound barely works when I get my computer to work.

 

Thanks, any help would be greatly appreciated.



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,385 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:28 PM

Posted 18 May 2013 - 02:30 PM

Greetings KDenning and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

Please allow me some time to review your situation. While I am doing that consider and perform the following, if you would please.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps are a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and let me know.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Helping me Help You

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

===================================================

Additional Information
  • If you have since resolved the original problem you were having, I would appreciate you letting me know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
  • If you are unsure about any of these characteristics just post what you can and I will guide you.
  • Explain as best you can what happens with your computer, i.e. it beeps three times, the the black screen starts then goes blank, etc
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
===================================================

Create DDS.txt and Attach.txt

I would like to see some information about what is happening in your machine. Please perform the following scan (again):
  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

DDS.com
DDS.pif

  • Double click on the icon then select Run
  • Leave the default settings then click Next
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Please copy and paste the contents of both results in your post.
  • Close the program window, and delete the program from your desktop.
You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • DDS.txt
  • Attach.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 KDenning

KDenning
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 20 May 2013 - 01:20 PM

Thank you so much for the help! I really appreciate it. Here are the logs:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.21.2
Run by Keith at 14:12:26 on 2013-05-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2812.1356 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Keith\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Users\Keith\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Users\Keith\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Keith\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\Keith\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Users\Keith\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Keith\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Keith\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Keith\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Keith\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Keith\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Keith\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com?o=14196&l=dis
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27361209d535l0334z185t4802x241
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - 
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: BitTorrentBar Toolbar: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\Keith\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\Keith\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [MusicManager] "C:\Users\Keith\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [Akamai NetSession Interface] "C:\Users\Keith\AppData\Local\Akamai\netsession_win.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [SkyDrive] "C:\Users\Keith\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNjMwNzYzNDYxLUZQOSs2LVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMS1MSUMrNzctU1AxKzEtRkwxMCsxLVNQMVMyKzEtU1VEKzEtUzFJKzEtU1UzKzE"&"prod=90"&"ver=10.0.1382
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - 
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - 
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{25B43BE2-156C-41BE-82C5-21FD7D02B0DA} : DHCPNameServer = 168.213.64.92 168.213.64.93
TCP: Interfaces\{E8E3FEF3-C0FC-44BC-ACA6-BC61361C84F5} : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{E8E3FEF3-C0FC-44BC-ACA6-BC61361C84F5}\05343524D27657563747 : DHCPNameServer = 168.213.64.92 168.213.64.93
TCP: Interfaces\{E8E3FEF3-C0FC-44BC-ACA6-BC61361C84F5}\2656C6B696E6E2731356 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E8E3FEF3-C0FC-44BC-ACA6-BC61361C84F5}\84440227F657475627D27657563747 : DHCPNameServer = 65.32.5.111 65.32.5.112 192.168.33.1
TCP: Interfaces\{E8E3FEF3-C0FC-44BC-ACA6-BC61361C84F5}\C696E6B6379737 : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{E8E3FEF3-C0FC-44BC-ACA6-BC61361C84F5}\D453537524 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - 
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - 
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [PocketCloud Location] "C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe"
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - 
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - 
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - 
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\7gjeukzk.default\
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Keith\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Keith\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\Keith\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll
FF - plugin: C:\Users\Keith\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Keith\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Keith\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-13 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-13 189936]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-30 55856]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-6-8 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-6-8 378432]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-21 203264]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-6-8 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-6-8 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-16 46808]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-8-21 844320]
R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-1-6 72216]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2011-8-3 828944]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-21 240160]
R2 WysePocketCloud;Wyse PocketCloud;C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2012-11-5 191488]
R2 WyseRemoteAccess;Wyse Remote Access;C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [2012-11-5 1436160]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2009-11-13 67072]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-10-15 34872]
S2 BingDesktopUpdate;Bing Desktop Update service;"C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" --> C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 BBSvc;Bing Bar Update Service;"C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE" --> C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [?]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-21 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2010-12-7 271640]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech Webcam 250(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2010-12-7 4865568]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-1-11 34304]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-2-22 28160]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-29 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-15 222208]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-29 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-26 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 47128]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-05-19 20:29:20 -------- d-----w- C:\Program Files\iPod
2013-05-19 20:29:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-19 20:29:18 -------- d-----w- C:\Program Files\iTunes
2013-05-15 23:13:59 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 23:13:58 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 23:13:58 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-15 23:03:04 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-15 23:02:43 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-15 23:02:40 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-15 23:02:39 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-15 23:02:39 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-15 23:01:59 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-05-15 23:01:59 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-05-15 21:34:15 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-05-08 00:31:05 92256 ----a-w- C:\ProgramData\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe
2013-04-30 01:12:25 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2013-04-30 01:12:22 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-04-30 01:12:21 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-04-30 01:12:21 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-04-30 01:12:09 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2013-04-30 01:12:08 57856 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2013-04-29 23:19:25 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-29 19:41:56 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-04-29 19:41:55 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-04-29 19:41:53 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-04-29 19:41:51 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-04-29 19:41:49 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-04-29 19:41:44 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-04-29 19:41:39 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-04-29 18:17:59 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-04-29 18:17:58 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-04-27 21:10:44 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-24 22:55:56 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
.
==================== Find3M  ====================
.
2013-05-15 20:15:52 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 20:15:52 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:07 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-05-09 08:59:07 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr
2013-04-29 23:19:25 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-02 14:09:52 4550656 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-19 01:14:17 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-03-19 01:13:50 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-03-19 01:13:49 963488 ----a-w- C:\Windows\System32\deployJava1.dll
2013-03-12 03:43:50 0 ----a-w- C:\Windows\SysWow64\shoF287.tmp
2013-03-06 04:00:40 0 ----a-w- C:\Windows\SysWow64\shoDFA0.tmp
2013-03-05 14:16:28 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-05 14:16:28 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-01 22:10:53 4024320 ----a-w- C:\Program Files (x86)\GUTE5A1.tmp
2012-08-01 22:08:28 4024320 ----a-w- C:\Program Files (x86)\GUTC008.tmp
2012-06-02 14:35:06 78 ----a-w- C:\Program Files\update-gtasa.bat
2010-04-14 01:45:22 764432 ----a-w- C:\Program Files (x86)\netsight_setup_5.2.4.10_MP_Production_mid60531865643_p.exe
2010-03-31 03:04:30 1228240 ----a-w- C:\Program Files (x86)\ADBEPPROCS4_LS7.exe
2010-01-10 23:32:13 4182178 ----a-w- C:\Program Files (x86)\Avisynth_258.exe
2008-10-24 00:12:10 56105 ----a-w- C:\Program Files\Photoshop CS4.exe
.
============= FINISH: 14:15:58.05 ===============
 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 12/11/2009 9:10:01 PM
System Uptime: 5/20/2013 1:31:12 PM (1 hours ago)
.
Motherboard: Acer       |  | Aspire 5532     
Processor: AMD Athlon™ Processor TF-20 | Socket S1G1 | 800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 137 GiB total, 4.012 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Nielsen WFP Driver
Device ID: ROOT\LEGACY_NNFWDK\0000
Manufacturer: 
Name: Nielsen WFP Driver
PNP Device ID: ROOT\LEGACY_NNFWDK\0000
Service: nnfwdk
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&AD203BD&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&AD203BD&0&01
Service: vwifimp
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: LogMeIn Kernel Information Provider
Device ID: ROOT\LEGACY_LMIINFO\0000
Manufacturer: 
Name: LogMeIn Kernel Information Provider
PNP Device ID: ROOT\LEGACY_LMIINFO\0000
Service: LMIInfo
.
==== System Restore Points ===================
.
RP451: 5/16/2013 8:52:15 PM - Installed The Sims 3
RP452: 5/16/2013 9:04:51 PM - Installed The Sims 3
.
==== Installed Programs ======================
.
µTorrent
Acer Arcade Deluxe
Acer Assist
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer GridVista
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color Video Profiles AE CS4
Adobe Community Help
Adobe CS4 American English Speech Analysis Models
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop Express Uploader
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader X (10.1.7)
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
AdobeColorCommonSetRGB
Akamai NetSession Interface
Akamai NetSession Interface Service
ALPS Touch Pad Driver
AMD USB Filter Driver
Any Video Converter 3.3.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
avast! Free Antivirus
AviSynth 2.5
beginning
Bing Bar
Bing Desktop
BitTorrentBar Toolbar
Bonjour
CameraHelperMsi
Canon RAW Codec
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Compatibility Pack for the 2007 Office system
D3DX10
DebugMode Wax 2.0
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 5: Boom
DivX Version Checker
EA Download Manager
eBay Worldwide
erLT
Facebook Video Calling 1.2.0.287
FlipShare
Google Chrome
Google Drive
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
iCloud
Identity Card
iFunbox (v1.99.958.697), iFunbox DevTeam
Internet TV for Windows Media Center
iTunes
Java 7 Update 17 (64-bit)
Java 7 Update 21
Java Auto Updater
Java™ 6 Update 29
JavaFX 2.1.1
Junk Mail filter update
Launch Manager
Logitech Webcam Software
Logitech Webcam Software Driver Package
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Mouse and Keyboard Center
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2010
Microsoft Office on Demand Browser Add-ons
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files 
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server VSS Writer
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
MobileMe Control Panel
Mozilla Firefox (3.6b5)
Mozilla Firefox 9.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Manager
Netflix in Windows Media Center
Nielsen
ooVoo
Photoshop Camera Raw
Picasa 3
Pixel Bender Toolkit
PocketCloud Windows Companion
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB2251487)
Service Pack 1 for SQL Server 2008 (KB968369)
Skype Click to Call
Skype™ 6.0
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
Suite Shared Configuration CS4
Swag_Bucks Toolbar
swMSM
The Sims™ 3
TI-83 Plus Flash Debugger
TI Connect 1.6
TightVNC 2.0.4
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
Videora iPhone 4 Converter 6
Videora iPod touch Converter 5.04
Viper 1.5.00
VirtualCloneDrive
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Welcome Center
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Windows Movie Maker 2.6
WinRAR 4.20 (64-bit)
World Of Goo [SteamDePowered]
Yontoo Layers Client 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
5/20/2013 2:06:40 PM, Error: atikmdag [43029]  - Display is not active
5/20/2013 2:06:38 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
5/19/2013 8:39:08 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  nnfwdk
5/19/2013 8:38:04 PM, Error: Service Control Manager [7000]  - The SeaPort service failed to start due to the following error:  The system cannot find the file specified.
5/19/2013 8:37:58 PM, Error: Service Control Manager [7000]  - The LogMeIn Kernel Information Provider service failed to start due to the following error:  The system cannot find the path specified.
5/19/2013 8:37:45 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the FlipShare Service service to connect.
5/19/2013 8:37:45 PM, Error: Service Control Manager [7000]  - The FlipShare Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/19/2013 8:36:43 PM, Error: atikmdag [52236]  - CPLIB :: General - Invalid Parameter
5/19/2013 7:39:07 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
5/19/2013 7:38:37 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
5/19/2013 7:38:07 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
5/19/2013 7:37:37 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
5/19/2013 7:21:16 PM, Error: Service Control Manager [7022]  - The Wyse Remote Access service hung on starting.
5/19/2013 7:19:08 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
5/19/2013 7:16:32 PM, Error: Service Control Manager [7022]  - The Windows Search service hung on starting.
5/19/2013 7:14:27 PM, Error: Service Control Manager [7022]  - The Windows Media Player Network Sharing Service service hung on starting.
5/19/2013 7:12:22 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
5/19/2013 7:12:22 PM, Error: Service Control Manager [7000]  - The Software Protection service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/19/2013 7:08:40 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.
5/19/2013 7:08:40 PM, Error: Service Control Manager [7000]  - The SQL Server (SQLEXPRESS) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/19/2013 6:31:18 PM, Error: Service Control Manager [7043]  - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
5/19/2013 6:21:35 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
5/19/2013 6:21:35 PM, Error: Service Control Manager [7000]  - The Apple Mobile Device service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/19/2013 6:19:31 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Office Software Protection Platform service to connect.
5/19/2013 6:19:31 PM, Error: Service Control Manager [7000]  - The Office Software Protection Platform service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/19/2013 6:19:27 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
5/19/2013 6:18:57 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
5/19/2013 6:18:57 PM, Error: Service Control Manager [7000]  - The Application Experience service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/19/2013 6:18:27 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.
5/19/2013 6:17:27 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
5/19/2013 6:16:57 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
5/19/2013 5:12:43 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
5/19/2013 4:36:45 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Acer ePower Service service to connect.
5/19/2013 4:36:45 PM, Error: Service Control Manager [7000]  - The Acer ePower Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/19/2013 4:21:50 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FlipShare Service service.
5/19/2013 4:21:50 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EFS service.
5/17/2013 10:27:17 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RpcSs service.
5/17/2013 10:22:10 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Updater Service service to connect.
5/17/2013 10:22:10 PM, Error: Service Control Manager [7000]  - The Updater Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
5/17/2013 10:18:48 PM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The pipe has been ended.
5/17/2013 10:18:48 PM, Error: Service Control Manager [7000]  - The Application Virtualization Client service failed to start due to the following error:  The pipe has been ended.
5/17/2013 10:18:46 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error:  A system shutdown is in progress.
5/17/2013 10:18:46 PM, Error: Service Control Manager [7000]  - The Windows Live ID Sign-in Assistant service failed to start due to the following error:  The pipe has been ended.
5/17/2013 10:18:45 PM, Error: Service Control Manager [7000]  - The TightVNC Server service failed to start due to the following error:  The pipe has been ended.
5/15/2013 6:56:18 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the FlipShare Server service to connect.
5/14/2013 3:07:40 PM, Error: Service Control Manager [7022]  - The Windows Modules Installer service hung on starting.
5/14/2013 3:07:40 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  After starting, the service hung in a start-pending state.
5/14/2013 3:07:37 PM, Error: Service Control Manager [7022]  - The Function Discovery Provider Host service hung on starting.
5/14/2013 2:31:26 PM, Error: NetBT [4300]  - The driver could not be created.
5/14/2013 2:31:18 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ProfSvc service.
5/14/2013 2:30:43 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PolicyAgent service.
5/13/2013 5:16:13 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UMVPFSrv service.
5/13/2013 10:45:37 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SDRSVC service.
.
==== End Of File ===========================


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,385 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:28 PM

Posted 20 May 2013 - 03:38 PM

Greetings,

Welcome and it is nice to meet you. Thanks for posting the information.

----------

One thing I would like to mention is that you have very little free hard drive space (3%). Generally speaking we would like to see at least 15% available. This alone can be the cause for some performance issues although clearly there are other issues we need to deal with.

C: is FIXED (NTFS) - 137 GiB total, 4.012 GiB free.

----------

 

Let's get right down to it, shall we?

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt

===================================================

Junkware Removal Tool by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply

===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.

  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.

Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.

  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running

Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:

  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

  • AdwCleaner log
  • Junkware log
  • Combofix log
  • How is your computer running - any difference?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 KDenning

KDenning
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 21 May 2013 - 05:23 PM

Ok so the first two scans went fine. Combofix was running well also until it had to restart my computer. When it restarted it said "Preparing logs" but nothing happened and my computer eventually shut off. My computer seems to be in the same state as before. Here are the logs for the first two scans.

 

 

# AdwCleaner v2.301 - Logfile created 05/20/2013 at 17:04:53
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Keith - KEITH-PC
# Boot Mode : Normal
# Running from : C:\Users\Keith\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\7gjeukzk.default\extensions\plugin@yontoo.com.xpi
File Deleted : C:\Windows\Uninstall.exe
Folder Deleted : C:\Program Files (x86)\BitTorrentBar
Folder Deleted : C:\Program Files (x86)\Yontoo Layers Client
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Keith\AppData\Local\Conduit
Folder Deleted : C:\Users\Keith\AppData\Local\PackageAware
Folder Deleted : C:\Users\Keith\AppData\Local\Swag_Bucks
Folder Deleted : C:\Users\Keith\AppData\LocalLow\BitTorrentBar
Folder Deleted : C:\Users\Keith\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Keith\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Keith\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Keith\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\7gjeukzk.default\Conduit
Folder Deleted : C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\7gjeukzk.default\ConduitEngine
Folder Deleted : C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\7gjeukzk.default\CT2790392
Folder Deleted : C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\7gjeukzk.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
Folder Deleted : C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\7gjeukzk.default\extensions\engine@conduit.com
Folder Deleted : C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\7gjeukzk.default\jetpack
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentBar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Swag_Bucks
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\FunWebProducts
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46065129-5C05-4BCD-A81E-DB5F94F10AFB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Swag_Bucks
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\Software\BitTorrentBar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2260173
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2418376
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{46065129-5C05-4BCD-A81E-DB5F94F10AFB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E37EDCBB-D7E2-4062-AF68-B1ABA96DC281}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Swag_Bucks
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{46065129-5C05-4BCD-A81E-DB5F94F10AFB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E37EDCBB-D7E2-4062-AF68-B1ABA96DC281}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0D298CA4-FA4E-46EB-884A-3F4DF4A0ADB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentBar Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Swag_Bucks Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKU\S-1-5-21-2393778099-1793147535-3310906996-1002\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16576
 
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.ask.com?o=14196&l=dis --> hxxp://www.google.com
 
-\\ Mozilla Firefox v9.0 (en-US)
 
File : C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\7gjeukzk.default\prefs.js
 
Deleted : user_pref("CT2790392..clientLogIsEnabled", true);
Deleted : user_pref("CT2790392..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2790392..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2790392.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2790392.CTID", "CT2790392");
Deleted : user_pref("CT2790392.CurrentServerDate", "1-9-2011");
Deleted : user_pref("CT2790392.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2790392.DialogsGetterLastCheckTime", "Tue Mar 29 2011 13:46:05 GMT-0400 (Eastern Daylig[...]
Deleted : user_pref("CT2790392.DownloadReferralCookieData", "");
Deleted : user_pref("CT2790392.EMailNotifierPollDate", "Tue Mar 29 2011 13:39:54 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2790392.FeedLastCount129313977501788460", 361);
Deleted : user_pref("CT2790392.FeedPollDate129313974171006416", "Tue Mar 29 2011 13:39:54 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313975698350231", "Tue Mar 29 2011 13:39:54 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313976370850190", "Tue Mar 29 2011 13:39:55 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313976648818968", "Tue Mar 29 2011 13:39:55 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313977444757117", "Tue Mar 29 2011 13:39:55 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313980389131455", "Tue Mar 29 2011 13:39:55 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313980655381977", "Tue Mar 29 2011 13:39:55 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313980886163259", "Tue Mar 29 2011 13:39:55 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313981234756535", "Tue Mar 29 2011 13:39:56 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313983226631720", "Tue Mar 29 2011 13:39:56 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313983607725691", "Tue Mar 29 2011 13:39:56 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedTTL129313974171006416", 10);
Deleted : user_pref("CT2790392.FeedTTL129313977444757117", 15);
Deleted : user_pref("CT2790392.FeedTTL129313980655381977", 5);
Deleted : user_pref("CT2790392.FeedTTL129313981234756535", 5);
Deleted : user_pref("CT2790392.FirstServerDate", "24-2-2011");
Deleted : user_pref("CT2790392.FirstTime", true);
Deleted : user_pref("CT2790392.FirstTimeFF3", true);
Deleted : user_pref("CT2790392.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2790392.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2790392.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2790392.HasUserGlobalKeys", true);
Deleted : user_pref("CT2790392.Initialize", true);
Deleted : user_pref("CT2790392.InitializeCommonPrefs", true);
Deleted : user_pref("CT2790392.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2790392.InstalledDate", "Wed Feb 23 2011 22:03:38 GMT-0500 (Eastern Standard Time)");
Deleted : user_pref("CT2790392.IsGrouping", false);
Deleted : user_pref("CT2790392.IsMulticommunity", false);
Deleted : user_pref("CT2790392.IsOpenThankYouPage", true);
Deleted : user_pref("CT2790392.IsOpenUninstallPage", true);
Deleted : user_pref("CT2790392.LanguagePackLastCheckTime", "Wed Aug 31 2011 20:46:33 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("CT2790392.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2790392.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2790392.LastLogin_3.2.5.2", "Tue Mar 29 2011 13:39:54 GMT-0400 (Eastern Daylight Time)"[...]
Deleted : user_pref("CT2790392.LastLogin_3.3.3.2", "Wed Aug 31 2011 20:46:33 GMT-0400 (Eastern Daylight Time)"[...]
Deleted : user_pref("CT2790392.LatestVersion", "3.6.0.10");
Deleted : user_pref("CT2790392.Locale", "en");
Deleted : user_pref("CT2790392.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2790392.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2790392.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2790392.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2790392.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT279[...]
Deleted : user_pref("CT2790392.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2790392.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2790392.SearchInNewTabLastCheckTime", "Wed Aug 31 2011 20:46:30 GMT-0400 (Eastern Dayli[...]
Deleted : user_pref("CT2790392.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2790392.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2790392.ServiceMapLastCheckTime", "Wed Aug 31 2011 20:46:31 GMT-0400 (Eastern Daylight [...]
Deleted : user_pref("CT2790392.SettingsLastCheckTime", "Wed Aug 31 2011 20:46:30 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2790392.SettingsLastUpdate", "1312887586");
Deleted : user_pref("CT2790392.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2790392.ThirdPartyComponentsLastCheck", "Sat Aug 27 2011 16:32:09 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT2790392.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2790392.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2790392");
Deleted : user_pref("CT2790392.UserID", "UN10973096508136160");
Deleted : user_pref("CT2790392.WeatherNetwork", "");
Deleted : user_pref("CT2790392.WeatherPollDate", "Tue Mar 29 2011 13:39:56 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2790392.WeatherUnit", "C");
Deleted : user_pref("CT2790392.alertChannelId", "1182482");
Deleted : user_pref("CT2790392.components.1000034", false);
Deleted : user_pref("CT2790392.components.1000234", false);
Deleted : user_pref("CT2790392.components.129298377186544355", false);
Deleted : user_pref("CT2790392.components.129298377187638111", false);
Deleted : user_pref("CT2790392.components.129309565073350181", false);
Deleted : user_pref("CT2790392.components.129309577647413174", false);
Deleted : user_pref("CT2790392.components.129309578575850709", false);
Deleted : user_pref("CT2790392.components.129313977501788460", false);
Deleted : user_pref("CT2790392.components.129428949113825740", false);
Deleted : user_pref("CT2790392.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2790392.globalFirstTimeInfoLastCheckTime", "Thu Sep 01 2011 00:46:33 GMT-0400 (Eastern [...]
Deleted : user_pref("CT2790392.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2790392.myStuffEnabled", true);
Deleted : user_pref("CT2790392.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2790392.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2790392.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2790392.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2790392.oldAppsList", "129298377186075601,129298377186388102,1000234,129298377186544355[...]
Deleted : user_pref("CT2790392.testingCtid", "");
Deleted : user_pref("CT2790392.toolbarAppMetaDataLastCheckTime", "Wed Aug 31 2011 20:46:33 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2790392.toolbarContextMenuLastCheckTime", "Wed Feb 23 2011 22:03:38 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2790392.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1182482/1178159/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2418376", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2790392", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.2.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2418376",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2790392",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63438653905850[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2790392&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2418376/CT2418376[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2790392/CT2790392[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2790392");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "bittorrentbar");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2790392");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "bittorrentbar");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2790392");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2790392");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue Mar 29 2011 13:46:06 GMT-04[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Apr 25 2011 14:28:45 GMT-0400 (Easte[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Aug 31 2011 20:46:29 GMT-0400 (Eastern D[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "f74a9a02-47d7-47ca-ad9e-907d987f4416");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Mar 29 2011 13:39:54 GMT-0400 (Eas[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "74df8f59-bc32-4903-83fc-e50790a608de");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2790392");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Wed Aug 31 2011 20:46:34 GMT-0400 (Eastern Da[...]
Deleted : user_pref("ConduitEngine.FirstServerDate", "03/29/2011 20");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Wed Feb 23 2011 22:03:33 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Aug 31 2011 20:46:33 GMT-0400 (Eastern Day[...]
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Wed Aug 31 2011 20:46:33 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Aug 31 2011 20:46:33 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("ConduitEngine.UserID", "UN54880838328163248");
Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Aug 31 2011 20:46:33 GMT-0400 (Easte[...]
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Thu Sep 01 2011 14:04:59 GMT-0400 (East[...]
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("extensions.engine@conduit.com.install-event-fired", true);
Deleted : user_pref("extentions.y2layers.installId", "cfb27323-3583-4e63-abf9-b758420bc1b9");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=");
 
-\\ Google Chrome v26.0.1410.64
 
File : C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [27785 octets] - [20/05/2013 17:04:53]
 
########## EOF - C:\AdwCleaner[S1].txt - [27846 octets] ##########
 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Keith on Mon 05/20/2013 at 19:49:41.94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BFA04FC0-DAFD-4336-9348-3F904C8B1268}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\syswow64\sho1D1B.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3122.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3AB8.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4207.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4A9.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho558B.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho5AB5.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6A18.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6BB7.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho80AE.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho847E.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoABF1.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB006.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB766.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC562.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC67.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCECC.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD7E0.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoDFA0.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF106.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF287.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF809.tmp
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Keith\AppData\Roaming\red kawa"
Successfully deleted: [Folder] "C:\Users\Keith\appdata\locallow\bittorrentbar"
Successfully deleted: [Folder] "C:\Users\Keith\appdata\locallow\conduit"
Failed to delete: [Folder] "C:\Program Files (x86)\red kawa"
Successfully deleted: [Empty Folder] C:\Users\Keith\appdata\local\{0704F6BE-9673-4944-A836-83A1B29DD5CB}
Successfully deleted: [Empty Folder] C:\Users\Keith\appdata\local\{0D358EC5-1458-4EE0-B9C7-2358D5123804}
Successfully deleted: [Empty Folder] C:\Users\Keith\appdata\local\{7D85FC42-5D32-4D00-86F6-64025DCD9D5F}
Successfully deleted: [Empty Folder] C:\Users\Keith\appdata\local\{91102376-F109-41EB-BBA7-75BA3E0A3F35}
Successfully deleted: [Empty Folder] C:\Users\Keith\appdata\local\{C6E25FA1-2A10-4BE8-8783-05ECD5B280D3}
Successfully deleted: [Empty Folder] C:\Users\Keith\appdata\local\{C72DB502-42ED-4059-8E51-99E14965EAF4}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 05/20/2013 at 20:03:55.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,385 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:28 PM

Posted 21 May 2013 - 05:56 PM

Greetings,

Let's see if Combofix deleted anything. Please do this.

===================================================

Obtaining Current ComboFix.txt

--------------------

Please copy and paste the contents of the following file in your reply.
 

C:\ComboFix.txt


===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 KDenning

KDenning
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 21 May 2013 - 09:36 PM

I looked for the Combofix log but it says that it does not exist. By the way you can call me by my first name, Keith :)



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,385 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:28 PM

Posted 21 May 2013 - 09:43 PM

Hi Keith,

Thanks for trying to hunt that down. Please attempt to rerun Combofix. We may find that if successful the log generated will show deletions from the previous run.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 KDenning

KDenning
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 22 May 2013 - 03:36 PM

Combofix worked this time. Here is the log:

 

 

ComboFix 13-05-22.01 - Keith 05/22/2013  14:18:32.2.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2812.1520 [GMT -4:00]
Running from: c:\users\Keith\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Keith\AppData\Local\Temp\_MEI41002\_ctypes.pyd
c:\users\Keith\AppData\Local\Temp\_MEI41002\_elementtree.pyd
c:\users\Keith\AppData\Local\Temp\_MEI41002\_hashlib.pyd
c:\users\Keith\AppData\Local\Temp\_MEI41002\_multiprocessing.pyd
c:\users\Keith\AppData\Local\Temp\_MEI41002\_socket.pyd
c:\users\Keith\AppData\Local\Temp\_MEI41002\_ssl.pyd
c:\users\Keith\AppData\Local\Temp\_MEI41002\pyexpat.pyd
c:\users\Keith\AppData\Local\Temp\_MEI41002\pysqlite2._sqlite.pyd
c:\users\Keith\AppData\Local\Temp\_MEI41002\python27.dll
c:\users\Keith\AppData\Local\Temp\_MEI41002\pythoncom27.dll
c:\users\Keith\AppData\Local\Temp\_MEI41002\PyWinTypes27.dll
c:\users\Keith\AppData\Local\Temp\_MEI41002\select.pyd
c:\users\Keith\AppData\Local\Temp\_MEI41002\unicodedata.pyd
c:\users\Keith\AppData\Local\Temp\_MEI41002\win32api.pyd
c:\users\Keith\AppData\Local\Temp\_MEI41002\win32com.shell.shell.pyd
c:\users\Keith\AppData\Local\Temp\_MEI41002\win32crypt.pyd
c:\users\Keith\AppData\Local\Temp\_MEI41002\win32event.pyd
c:\users\Keith\AppData\Local\Temp\_MEI41002\win32file.pyd
c:\users\Keith\AppData\Local\Temp\_MEI41002\win32inet.pyd
c:\users\Keith\AppData\Local\Temp\_MEI41002\win32pdh.pyd
c:\users\Keith\AppData\Local\Temp\_MEI41002\win32process.pyd
c:\users\Keith\AppData\Local\Temp\_MEI41002\win32profile.pyd
c:\users\Keith\AppData\Local\Temp\_MEI41002\win32security.pyd
c:\users\Keith\AppData\Local\Temp\_MEI41002\win32ts.pyd
c:\users\Keith\AppData\Local\Temp\_MEI41002\windows._cacheinvalidation.pyd
c:\users\Keith\AppData\Local\Temp\_MEI41002\wx._controls_.pyd
c:\users\Keith\AppData\Local\Temp\_MEI41002\wx._core_.pyd
c:\users\Keith\AppData\Local\Temp\_MEI41002\wx._gdi_.pyd
c:\users\Keith\AppData\Local\Temp\_MEI41002\wx._html2.pyd
c:\users\Keith\AppData\Local\Temp\_MEI41002\wx._misc_.pyd
c:\users\Keith\AppData\Local\Temp\_MEI41002\wx._windows_.pyd
c:\users\Keith\AppData\Local\Temp\_MEI41002\wx._wizard.pyd
c:\users\Keith\AppData\Local\Temp\_MEI41002\wxbase294u_net_vc90.dll
c:\users\Keith\AppData\Local\Temp\_MEI41002\wxbase294u_vc90.dll
c:\users\Keith\AppData\Local\Temp\_MEI41002\wxmsw294u_adv_vc90.dll
c:\users\Keith\AppData\Local\Temp\_MEI41002\wxmsw294u_core_vc90.dll
c:\users\Keith\AppData\Local\Temp\_MEI41002\wxmsw294u_html_vc90.dll
c:\users\Keith\AppData\Local\Temp\_MEI41002\wxmsw294u_webview_vc90.dll
.
---- Previous Run -------
.
c:\program files (x86)\netsight_setup_5.2.4.10_MP_Production_mid60531865643_p.exe
c:\users\Keith\AppData\Local\Temp\_MEI32163\_ctypes.pyd
c:\users\Keith\AppData\Local\Temp\_MEI32163\_elementtree.pyd
c:\users\Keith\AppData\Local\Temp\_MEI32163\_hashlib.pyd
c:\users\Keith\AppData\Local\Temp\_MEI32163\_multiprocessing.pyd
c:\users\Keith\AppData\Local\Temp\_MEI32163\_socket.pyd
c:\users\Keith\AppData\Local\Temp\_MEI32163\_ssl.pyd
c:\users\Keith\AppData\Local\Temp\_MEI32163\pyexpat.pyd
c:\users\Keith\AppData\Local\Temp\_MEI32163\pysqlite2._sqlite.pyd
c:\users\Keith\AppData\Local\Temp\_MEI32163\python27.dll
c:\users\Keith\AppData\Local\Temp\_MEI32163\pythoncom27.dll
c:\users\Keith\AppData\Local\Temp\_MEI32163\PyWinTypes27.dll
c:\users\Keith\AppData\Local\Temp\_MEI32163\select.pyd
c:\users\Keith\AppData\Local\Temp\_MEI32163\unicodedata.pyd
c:\users\Keith\AppData\Local\Temp\_MEI32163\win32api.pyd
c:\users\Keith\AppData\Local\Temp\_MEI32163\win32com.shell.shell.pyd
c:\users\Keith\AppData\Local\Temp\_MEI32163\win32crypt.pyd
c:\users\Keith\AppData\Local\Temp\_MEI32163\win32event.pyd
c:\users\Keith\AppData\Local\Temp\_MEI32163\win32file.pyd
c:\users\Keith\AppData\Local\Temp\_MEI32163\win32inet.pyd
c:\users\Keith\AppData\Local\Temp\_MEI32163\win32pdh.pyd
c:\users\Keith\AppData\Local\Temp\_MEI32163\win32process.pyd
c:\users\Keith\AppData\Local\Temp\_MEI32163\win32profile.pyd
c:\users\Keith\AppData\Local\Temp\_MEI32163\win32security.pyd
c:\users\Keith\AppData\Local\Temp\_MEI32163\win32ts.pyd
c:\users\Keith\AppData\Local\Temp\_MEI32163\windows._cacheinvalidation.pyd
c:\users\Keith\AppData\Local\Temp\_MEI32163\wx._controls_.pyd
c:\users\Keith\AppData\Local\Temp\_MEI32163\wx._core_.pyd
c:\users\Keith\AppData\Local\Temp\_MEI32163\wx._gdi_.pyd
c:\users\Keith\AppData\Local\Temp\_MEI32163\wx._html2.pyd
c:\users\Keith\AppData\Local\Temp\_MEI32163\wx._misc_.pyd
c:\users\Keith\AppData\Local\Temp\_MEI32163\wx._windows_.pyd
c:\users\Keith\AppData\Local\Temp\_MEI32163\wx._wizard.pyd
c:\users\Keith\AppData\Local\Temp\_MEI32163\wxbase294u_net_vc90.dll
c:\users\Keith\AppData\Local\Temp\_MEI32163\wxbase294u_vc90.dll
c:\users\Keith\AppData\Local\Temp\_MEI32163\wxmsw294u_adv_vc90.dll
c:\users\Keith\AppData\Local\Temp\_MEI32163\wxmsw294u_core_vc90.dll
c:\users\Keith\AppData\Local\Temp\_MEI32163\wxmsw294u_html_vc90.dll
c:\users\Keith\AppData\Local\Temp\_MEI32163\wxmsw294u_webview_vc90.dll
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-22 to 2013-05-22  )))))))))))))))))))))))))))))))
.
.
2013-05-22 18:36 . 2013-05-22 18:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-20 23:49 . 2013-05-20 23:49 -------- d-----w- c:\windows\ERUNT
2013-05-20 23:49 . 2013-05-20 23:49 -------- d-----w- C:\JRT
2013-05-19 20:29 . 2013-05-19 20:29 -------- d-----w- c:\program files\iPod
2013-05-19 20:29 . 2013-05-19 20:30 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-19 20:29 . 2013-05-19 20:30 -------- d-----w- c:\program files\iTunes
2013-05-15 23:13 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 23:13 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 23:13 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 23:03 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 23:02 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 23:02 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 23:02 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 23:02 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 23:02 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 23:02 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 23:01 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 23:01 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 21:39 . 2013-05-15 21:39 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2013-05-15 21:34 . 2013-05-15 21:34 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-05-08 00:31 . 2013-03-26 21:59 92256 ----a-w- c:\programdata\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe
2013-04-30 01:12 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-04-30 01:12 . 2012-08-23 13:40 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-04-30 01:12 . 2012-08-23 13:41 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-04-30 01:12 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2013-04-30 01:12 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2013-04-30 01:12 . 2012-08-23 14:07 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2013-04-29 23:19 . 2013-04-29 23:19 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-29 19:41 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-04-29 19:41 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-04-29 19:41 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-04-29 19:41 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-04-29 19:41 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-04-29 19:41 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-04-29 19:41 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-04-29 18:17 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-04-29 18:17 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-04-27 21:11 . 2013-04-27 21:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-27 21:10 . 2013-04-04 09:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-24 22:55 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 04:15 . 2009-12-12 17:11 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 20:15 . 2012-04-24 23:28 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 20:15 . 2011-09-03 17:42 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 18:41 . 2010-06-24 15:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-09 08:59 . 2013-03-14 02:20 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2013-03-14 02:20 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2012-03-16 18:21 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2011-06-08 22:12 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2011-06-08 22:11 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2011-06-08 22:11 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2011-06-08 22:12 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2011-06-08 22:11 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2011-06-08 22:11 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2011-06-08 22:11 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-04-13 05:49 . 2013-05-15 23:03 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 23:03 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 23:03 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 23:03 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 23:03 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 23:03 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-04 18:50 . 2010-04-04 22:13 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\SysWow64\GPhotos.scr
2013-03-19 06:04 . 2013-04-12 21:01 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-12 21:01 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-12 21:01 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-12 21:01 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-12 21:01 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-12 21:01 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-19 01:14 . 2013-03-19 01:14 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-19 01:13 . 2013-03-19 01:15 310688 ----a-w- c:\windows\system32\javaws.exe
2013-03-19 01:13 . 2013-03-19 01:14 188832 ----a-w- c:\windows\system32\javaw.exe
2013-03-19 01:13 . 2013-03-19 01:14 188320 ----a-w- c:\windows\system32\java.exe
2013-03-19 01:13 . 2013-03-19 01:15 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-19 01:13 . 2013-03-19 01:15 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-13 01:54 . 2013-03-13 01:54 558248 ----a-w- c:\users\Keith\AppData\Roaming\Microsoft\Office on Demand\office_en-us_.exe
2013-03-05 14:16 . 2012-06-12 20:14 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-05 14:16 . 2010-04-26 12:26 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-01 22:10 . 2012-08-01 22:08 4024320 ----a-w- c:\program files (x86)\GUTE5A1.tmp
2012-08-01 22:08 . 2012-08-01 22:08 4024320 ----a-w- c:\program files (x86)\GUTC008.tmp
2012-06-02 14:35 . 2012-06-07 02:20 78 ----a-w- c:\program files\update-gtasa.bat
2010-03-31 03:04 . 2010-03-31 02:41 1228240 ----a-w- c:\program files (x86)\ADBEPPROCS4_LS7.exe
2010-01-10 23:32 . 2010-01-10 23:32 4182178 ----a-w- c:\program files (x86)\Avisynth_258.exe
2008-10-24 00:12 . 2009-12-26 22:50 56105 ----a-w- c:\program files\Photoshop CS4.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-18 22:41 222808 ----a-w- c:\users\Keith\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-18 22:41 222808 ----a-w- c:\users\Keith\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-18 22:41 222808 ----a-w- c:\users\Keith\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 39408]
"Facebook Update"="c:\users\Keith\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-01 138096]
"MusicManager"="c:\users\Keith\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2013-04-23 7331840]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720]
"Akamai NetSession Interface"="c:\users\Keith\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]
"SkyDrive"="c:\users\Keith\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-03-18 256600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-07-28 1157128]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2010-08-12 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2010-08-13 181480]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"tvncontrol"="c:\program files (x86)\TightVNC\tvnserver.exe" [2011-08-03 828944]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 nnfwdk;Nielsen WFP Driver;c:\program files (x86)\NetRatingsNetSight\NetSight\meter2\nnfwdk64.sys [x]
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 WysePocketCloud;Wyse PocketCloud;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2012-11-05 191488]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-02 75928]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2009-04-30 271640]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 222208]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-26 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-29 55856]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 80816]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2011-08-03 828944]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S2 WyseRemoteAccess;Wyse Remote Access;c:\program files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [2012-11-05 1436160]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-13 67072]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ   Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 20:15]
.
2013-05-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2393778099-1793147535-3310906996-1002Core.job
- c:\users\Keith\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-20 22:08]
.
2013-05-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2393778099-1793147535-3310906996-1002UA.job
- c:\users\Keith\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-20 22:08]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-01 18:58]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-01 18:58]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2393778099-1793147535-3310906996-1002Core.job
- c:\users\Keith\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-29 13:43]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2393778099-1793147535-3310906996-1002UA.job
- c:\users\Keith\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-29 13:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-18 22:42 261704 ----a-w- c:\users\Keith\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-18 22:42 261704 ----a-w- c:\users\Keith\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-18 22:42 261704 ----a-w- c:\users\Keith\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-06-11 301056]
"PocketCloud Location"="c:\program files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe" [2012-11-05 935312]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
FF - ProfilePath - c:\users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\7gjeukzk.default\
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{8BA85C75-763B-4103-94EB-9470F12FE0F7} - c:\program files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
ShellIconOverlayIdentifiers-{CD55129A-B1A1-438E-A425-CEBC7DC684EE} - c:\program files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
ShellIconOverlayIdentifiers-{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} - c:\program files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKLM-Run-BingDesktop - c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{8BA85C75-763B-4103-94EB-9470F12FE0F7} - c:\program files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
ShellIconOverlayIdentifiers-{CD55129A-B1A1-438E-A425-CEBC7DC684EE} - c:\program files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
ShellIconOverlayIdentifiers-{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} - c:\program files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
HKLM-Run-AdobeAAMUpdater-1.0 - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
HKLM-Run-LogMeIn GUI - c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe
AddRemove-Age of Empires 2.0 - c:\program files (x86)\Microsoft Games\Age of Empires II\UNINSTAL.EXE
AddRemove-Age of Empires II: The Conquerors Expansion 1.0 - c:\program files (x86)\Microsoft Games\Age of Empires II\UNINSTALX.EXE
AddRemove-BFG-Diner Dash 5 - Boom - c:\program files (x86)\Diner Dash 5 - Boom\Uninstall.exe
AddRemove-EADM - c:\program files (x86)\Electronic Arts\EADM\EADMUI\EADMUninstall.exe
AddRemove-Microsoft Visual Basic 2008 Express Edition with SP1 - ENU - c:\program files (x86)\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition with SP1 - ENU\setup.exe
AddRemove-NetSight - c:\progra~2\NETRAT~1\NetSight\NSSetup.exe
AddRemove-Videora iPhone 4 Converter - c:\program files (x86)\Red Kawa\Video Converter App\uninstaller.exe
AddRemove-Videora iPod touch Converter - c:\program files (x86)\Red Kawa\Video Converter App\uninstaller.exe
AddRemove-Viper - c:\program files (x86)\Kerigwa\Viper Client\uninst.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\NetRatingsNetSight]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
.
**************************************************************************
.
Completion time: 2013-05-22  14:53:44 - machine was rebooted
ComboFix-quarantined-files.txt  2013-05-22 18:53
.
Pre-Run: 4,286,566,400 bytes free
Post-Run: 3,920,863,232 bytes free
.
- - End Of File - - 4E54C710EC62D7A8BB63CC14F926695D


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,385 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:28 PM

Posted 22 May 2013 - 04:35 PM

Greetings Keith,

Please do these things for me.

===================================================

Running Combofix Script

-------------------
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text below into the Notepad document
DDS::
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=-
  • Save this on your desktop as CFScript.txt

CFScriptB-4.gif

  • Referring to the picture above, drag CFScript.txt into ComboFix.exe
  • When finished, it will create a log for you at C:\ComboFix.txt. Please copy/paste the information in your next reply.
===================================================

Unhide

--------------------
  • Please download Unhide to your desktop
  • Double click the icon
  • Once the program has completed a Windows alert will be displayed stating your files have been restored
  • Reboot your computer
  • If you are unable to launch programs and/or you still get the "The logon process was unable..." please run the program a second time
  • Please copy and paste the contents of the Unhide.txt document which will be created on your desktop
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • Unhide log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 KDenning

KDenning
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 22 May 2013 - 10:21 PM

It seems like my computer is working again! Here are the logs:

 

 

ComboFix 13-05-22.01 - Keith 05/22/2013  21:14:48.3.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2812.1329 [GMT -4:00]
Running from: c:\users\Keith\Desktop\ComboFix.exe
Command switches used :: c:\users\Keith\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Keith\AppData\Local\Temp\_MEI51802\_ctypes.pyd
c:\users\Keith\AppData\Local\Temp\_MEI51802\_elementtree.pyd
c:\users\Keith\AppData\Local\Temp\_MEI51802\_hashlib.pyd
c:\users\Keith\AppData\Local\Temp\_MEI51802\_multiprocessing.pyd
c:\users\Keith\AppData\Local\Temp\_MEI51802\_socket.pyd
c:\users\Keith\AppData\Local\Temp\_MEI51802\_ssl.pyd
c:\users\Keith\AppData\Local\Temp\_MEI51802\pyexpat.pyd
c:\users\Keith\AppData\Local\Temp\_MEI51802\pysqlite2._sqlite.pyd
c:\users\Keith\AppData\Local\Temp\_MEI51802\python27.dll
c:\users\Keith\AppData\Local\Temp\_MEI51802\pythoncom27.dll
c:\users\Keith\AppData\Local\Temp\_MEI51802\PyWinTypes27.dll
c:\users\Keith\AppData\Local\Temp\_MEI51802\select.pyd
c:\users\Keith\AppData\Local\Temp\_MEI51802\unicodedata.pyd
c:\users\Keith\AppData\Local\Temp\_MEI51802\win32api.pyd
c:\users\Keith\AppData\Local\Temp\_MEI51802\win32com.shell.shell.pyd
c:\users\Keith\AppData\Local\Temp\_MEI51802\win32crypt.pyd
c:\users\Keith\AppData\Local\Temp\_MEI51802\win32event.pyd
c:\users\Keith\AppData\Local\Temp\_MEI51802\win32file.pyd
c:\users\Keith\AppData\Local\Temp\_MEI51802\win32inet.pyd
c:\users\Keith\AppData\Local\Temp\_MEI51802\win32pdh.pyd
c:\users\Keith\AppData\Local\Temp\_MEI51802\win32process.pyd
c:\users\Keith\AppData\Local\Temp\_MEI51802\win32profile.pyd
c:\users\Keith\AppData\Local\Temp\_MEI51802\win32security.pyd
c:\users\Keith\AppData\Local\Temp\_MEI51802\win32ts.pyd
c:\users\Keith\AppData\Local\Temp\_MEI51802\windows._cacheinvalidation.pyd
c:\users\Keith\AppData\Local\Temp\_MEI51802\wx._controls_.pyd
c:\users\Keith\AppData\Local\Temp\_MEI51802\wx._core_.pyd
c:\users\Keith\AppData\Local\Temp\_MEI51802\wx._gdi_.pyd
c:\users\Keith\AppData\Local\Temp\_MEI51802\wx._html2.pyd
c:\users\Keith\AppData\Local\Temp\_MEI51802\wx._misc_.pyd
c:\users\Keith\AppData\Local\Temp\_MEI51802\wx._windows_.pyd
c:\users\Keith\AppData\Local\Temp\_MEI51802\wx._wizard.pyd
c:\users\Keith\AppData\Local\Temp\_MEI51802\wxbase294u_net_vc90.dll
c:\users\Keith\AppData\Local\Temp\_MEI51802\wxbase294u_vc90.dll
c:\users\Keith\AppData\Local\Temp\_MEI51802\wxmsw294u_adv_vc90.dll
c:\users\Keith\AppData\Local\Temp\_MEI51802\wxmsw294u_core_vc90.dll
c:\users\Keith\AppData\Local\Temp\_MEI51802\wxmsw294u_html_vc90.dll
c:\users\Keith\AppData\Local\Temp\_MEI51802\wxmsw294u_webview_vc90.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-23 to 2013-05-23  )))))))))))))))))))))))))))))))
.
.
2013-05-23 01:32 . 2013-05-23 01:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-20 23:49 . 2013-05-20 23:49 -------- d-----w- c:\windows\ERUNT
2013-05-20 23:49 . 2013-05-20 23:49 -------- d-----w- C:\JRT
2013-05-19 20:29 . 2013-05-19 20:29 -------- d-----w- c:\program files\iPod
2013-05-19 20:29 . 2013-05-19 20:30 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-19 20:29 . 2013-05-19 20:30 -------- d-----w- c:\program files\iTunes
2013-05-15 23:13 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 23:13 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 23:13 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 23:03 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 23:02 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 23:02 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 23:02 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 23:02 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 23:02 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 23:02 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 23:01 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 23:01 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 21:39 . 2013-05-15 21:39 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2013-05-15 21:34 . 2013-05-15 21:34 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-05-08 00:31 . 2013-03-26 21:59 92256 ----a-w- c:\programdata\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe
2013-04-30 01:12 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-04-30 01:12 . 2012-08-23 13:40 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-04-30 01:12 . 2012-08-23 13:41 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-04-30 01:12 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2013-04-30 01:12 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2013-04-30 01:12 . 2012-08-23 14:07 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2013-04-29 23:19 . 2013-04-29 23:19 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-29 19:41 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-04-29 19:41 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-04-29 19:41 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-04-29 19:41 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-04-29 19:41 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-04-29 19:41 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-04-29 19:41 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-04-29 18:17 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-04-29 18:17 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-04-27 21:11 . 2013-04-27 21:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-27 21:10 . 2013-04-04 09:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-24 22:55 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 04:15 . 2009-12-12 17:11 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 20:15 . 2012-04-24 23:28 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 20:15 . 2011-09-03 17:42 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 18:41 . 2010-06-24 15:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-09 08:59 . 2013-03-14 02:20 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2013-03-14 02:20 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2012-03-16 18:21 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2011-06-08 22:12 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2011-06-08 22:11 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2011-06-08 22:11 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2011-06-08 22:12 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2011-06-08 22:11 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2011-06-08 22:11 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2011-06-08 22:11 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-04-13 05:49 . 2013-05-15 23:03 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 23:03 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 23:03 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 23:03 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 23:03 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 23:03 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-04 18:50 . 2010-04-04 22:13 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\SysWow64\GPhotos.scr
2013-03-19 06:04 . 2013-04-12 21:01 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-12 21:01 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-12 21:01 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-12 21:01 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-12 21:01 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-12 21:01 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-19 01:14 . 2013-03-19 01:14 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-19 01:13 . 2013-03-19 01:15 310688 ----a-w- c:\windows\system32\javaws.exe
2013-03-19 01:13 . 2013-03-19 01:14 188832 ----a-w- c:\windows\system32\javaw.exe
2013-03-19 01:13 . 2013-03-19 01:14 188320 ----a-w- c:\windows\system32\java.exe
2013-03-19 01:13 . 2013-03-19 01:15 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-19 01:13 . 2013-03-19 01:15 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-13 01:54 . 2013-03-13 01:54 558248 ----a-w- c:\users\Keith\AppData\Roaming\Microsoft\Office on Demand\office_en-us_.exe
2013-03-05 14:16 . 2012-06-12 20:14 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-05 14:16 . 2010-04-26 12:26 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-01 22:10 . 2012-08-01 22:08 4024320 ----a-w- c:\program files (x86)\GUTE5A1.tmp
2012-08-01 22:08 . 2012-08-01 22:08 4024320 ----a-w- c:\program files (x86)\GUTC008.tmp
2012-06-02 14:35 . 2012-06-07 02:20 78 ----a-w- c:\program files\update-gtasa.bat
2010-03-31 03:04 . 2010-03-31 02:41 1228240 ----a-w- c:\program files (x86)\ADBEPPROCS4_LS7.exe
2010-01-10 23:32 . 2010-01-10 23:32 4182178 ----a-w- c:\program files (x86)\Avisynth_258.exe
2008-10-24 00:12 . 2009-12-26 22:50 56105 ----a-w- c:\program files\Photoshop CS4.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-18 22:41 222808 ----a-w- c:\users\Keith\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-18 22:41 222808 ----a-w- c:\users\Keith\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-18 22:41 222808 ----a-w- c:\users\Keith\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 39408]
"Facebook Update"="c:\users\Keith\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-01 138096]
"MusicManager"="c:\users\Keith\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2013-04-23 7331840]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720]
"Akamai NetSession Interface"="c:\users\Keith\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]
"SkyDrive"="c:\users\Keith\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-03-18 256600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-07-28 1157128]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2010-08-12 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2010-08-13 181480]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"tvncontrol"="c:\program files (x86)\TightVNC\tvnserver.exe" [2011-08-03 828944]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 nnfwdk;Nielsen WFP Driver;c:\program files (x86)\NetRatingsNetSight\NetSight\meter2\nnfwdk64.sys [x]
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-02 75928]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2009-04-30 271640]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 222208]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-26 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-29 55856]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 80816]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2011-08-03 828944]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S2 WysePocketCloud;Wyse PocketCloud;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2012-11-05 191488]
S2 WyseRemoteAccess;Wyse Remote Access;c:\program files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [2012-11-05 1436160]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-13 67072]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ   Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 20:15]
.
2013-05-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2393778099-1793147535-3310906996-1002Core.job
- c:\users\Keith\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-20 22:08]
.
2013-05-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2393778099-1793147535-3310906996-1002UA.job
- c:\users\Keith\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-20 22:08]
.
2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-01 18:58]
.
2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-01 18:58]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2393778099-1793147535-3310906996-1002Core.job
- c:\users\Keith\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-29 13:43]
.
2013-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2393778099-1793147535-3310906996-1002UA.job
- c:\users\Keith\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-29 13:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-18 22:42 261704 ----a-w- c:\users\Keith\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-18 22:42 261704 ----a-w- c:\users\Keith\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-18 22:42 261704 ----a-w- c:\users\Keith\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-06-11 301056]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [BU]
"PocketCloud Location"="c:\program files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe" [2012-11-05 935312]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [BU]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
FF - ProfilePath - c:\users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\7gjeukzk.default\
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{8BA85C75-763B-4103-94EB-9470F12FE0F7} - (no file)
ShellIconOverlayIdentifiers-{CD55129A-B1A1-438E-A425-CEBC7DC684EE} - (no file)
ShellIconOverlayIdentifiers-{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} - (no file)
AddRemove-Age of Empires 2.0 - c:\program files (x86)\Microsoft Games\Age of Empires II\UNINSTAL.EXE
AddRemove-Age of Empires II: The Conquerors Expansion 1.0 - c:\program files (x86)\Microsoft Games\Age of Empires II\UNINSTALX.EXE
AddRemove-BFG-Diner Dash 5 - Boom - c:\program files (x86)\Diner Dash 5 - Boom\Uninstall.exe
AddRemove-EADM - c:\program files (x86)\Electronic Arts\EADM\EADMUI\EADMUninstall.exe
AddRemove-Microsoft Visual Basic 2008 Express Edition with SP1 - ENU - c:\program files (x86)\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition with SP1 - ENU\setup.exe
AddRemove-NetSight - c:\progra~2\NETRAT~1\NetSight\NSSetup.exe
AddRemove-Videora iPhone 4 Converter - c:\program files (x86)\Red Kawa\Video Converter App\uninstaller.exe
AddRemove-Videora iPod touch Converter - c:\program files (x86)\Red Kawa\Video Converter App\uninstaller.exe
AddRemove-Viper - c:\program files (x86)\Kerigwa\Viper Client\uninst.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\NetRatingsNetSight]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
.
**************************************************************************
.
Completion time: 2013-05-22  21:56:28 - machine was rebooted
ComboFix-quarantined-files.txt  2013-05-23 01:56
ComboFix2.txt  2013-05-22 18:53
.
Pre-Run: 3,947,118,592 bytes free
Post-Run: 3,659,796,480 bytes free
.
- - End Of File - - 25E2D517775C2A6857CDAB2C17148591
 

 

 

Unhide by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
 
Program started at: 05/22/2013 10:01:12 PM
Windows Version: Windows 7
 
Please be patient while your files are made visible again.
 
Processing the C:\ drive
Finished processing the C:\ drive. 288981 files processed.
 
Processing the Q:\ drive
Finished processing the Q:\ drive. 0 files processed.
 
The C:\Users\Keith\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
 
Searching for Windows Registry changes made by FakeHDD rogues.
 - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
 - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.
 
Program finished at: 05/22/2013 10:11:12 PM
Execution time: 0 hours(s), 9 minute(s), and 59 seconds(s)


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,385 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:28 PM

Posted 22 May 2013 - 11:14 PM

Hi Keith,

 

That is encouraging news.

 

I would like you to scan your computer with Combofix again and post the results please.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,385 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:28 PM

Posted 26 May 2013 - 08:27 AM

Hi Keith,

Are you still with me?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 KDenning

KDenning
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 26 May 2013 - 02:39 PM

Sorry it took me awhile to get back to you. Unfortunately, my computer's problem has not gone away. It took me many tries to get Combofix to run completely. Here is the log:

 

 

ComboFix 13-05-25.02 - Keith 05/26/2013  11:21:05.5.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2812.1380 [GMT -4:00]
Running from: c:\users\Keith\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Keith\AppData\Local\Temp\_MEI34442\_ctypes.pyd
c:\users\Keith\AppData\Local\Temp\_MEI34442\_elementtree.pyd
c:\users\Keith\AppData\Local\Temp\_MEI34442\_hashlib.pyd
c:\users\Keith\AppData\Local\Temp\_MEI34442\_multiprocessing.pyd
c:\users\Keith\AppData\Local\Temp\_MEI34442\_socket.pyd
c:\users\Keith\AppData\Local\Temp\_MEI34442\_ssl.pyd
c:\users\Keith\AppData\Local\Temp\_MEI34442\pyexpat.pyd
c:\users\Keith\AppData\Local\Temp\_MEI34442\pysqlite2._sqlite.pyd
c:\users\Keith\AppData\Local\Temp\_MEI34442\python27.dll
c:\users\Keith\AppData\Local\Temp\_MEI34442\pythoncom27.dll
c:\users\Keith\AppData\Local\Temp\_MEI34442\PyWinTypes27.dll
c:\users\Keith\AppData\Local\Temp\_MEI34442\select.pyd
c:\users\Keith\AppData\Local\Temp\_MEI34442\unicodedata.pyd
c:\users\Keith\AppData\Local\Temp\_MEI34442\win32api.pyd
c:\users\Keith\AppData\Local\Temp\_MEI34442\win32com.shell.shell.pyd
c:\users\Keith\AppData\Local\Temp\_MEI34442\win32crypt.pyd
c:\users\Keith\AppData\Local\Temp\_MEI34442\win32event.pyd
c:\users\Keith\AppData\Local\Temp\_MEI34442\win32file.pyd
c:\users\Keith\AppData\Local\Temp\_MEI34442\win32inet.pyd
c:\users\Keith\AppData\Local\Temp\_MEI34442\win32pdh.pyd
c:\users\Keith\AppData\Local\Temp\_MEI34442\win32process.pyd
c:\users\Keith\AppData\Local\Temp\_MEI34442\win32profile.pyd
c:\users\Keith\AppData\Local\Temp\_MEI34442\win32security.pyd
c:\users\Keith\AppData\Local\Temp\_MEI34442\win32ts.pyd
c:\users\Keith\AppData\Local\Temp\_MEI34442\windows._cacheinvalidation.pyd
c:\users\Keith\AppData\Local\Temp\_MEI34442\wx._controls_.pyd
c:\users\Keith\AppData\Local\Temp\_MEI34442\wx._core_.pyd
c:\users\Keith\AppData\Local\Temp\_MEI34442\wx._gdi_.pyd
c:\users\Keith\AppData\Local\Temp\_MEI34442\wx._html2.pyd
c:\users\Keith\AppData\Local\Temp\_MEI34442\wx._misc_.pyd
c:\users\Keith\AppData\Local\Temp\_MEI34442\wx._windows_.pyd
c:\users\Keith\AppData\Local\Temp\_MEI34442\wx._wizard.pyd
c:\users\Keith\AppData\Local\Temp\_MEI34442\wxbase294u_net_vc90.dll
c:\users\Keith\AppData\Local\Temp\_MEI34442\wxbase294u_vc90.dll
c:\users\Keith\AppData\Local\Temp\_MEI34442\wxmsw294u_adv_vc90.dll
c:\users\Keith\AppData\Local\Temp\_MEI34442\wxmsw294u_core_vc90.dll
c:\users\Keith\AppData\Local\Temp\_MEI34442\wxmsw294u_html_vc90.dll
c:\users\Keith\AppData\Local\Temp\_MEI34442\wxmsw294u_webview_vc90.dll
.
---- Previous Run -------
.
c:\users\Keith\AppData\Local\Temp\_MEI42362\_ctypes.pyd
c:\users\Keith\AppData\Local\Temp\_MEI42362\_elementtree.pyd
c:\users\Keith\AppData\Local\Temp\_MEI42362\_hashlib.pyd
c:\users\Keith\AppData\Local\Temp\_MEI42362\_multiprocessing.pyd
c:\users\Keith\AppData\Local\Temp\_MEI42362\_socket.pyd
c:\users\Keith\AppData\Local\Temp\_MEI42362\_ssl.pyd
c:\users\Keith\AppData\Local\Temp\_MEI42362\pyexpat.pyd
c:\users\Keith\AppData\Local\Temp\_MEI42362\pysqlite2._sqlite.pyd
c:\users\Keith\AppData\Local\Temp\_MEI42362\python27.dll
c:\users\Keith\AppData\Local\Temp\_MEI42362\pythoncom27.dll
c:\users\Keith\AppData\Local\Temp\_MEI42362\PyWinTypes27.dll
c:\users\Keith\AppData\Local\Temp\_MEI42362\select.pyd
c:\users\Keith\AppData\Local\Temp\_MEI42362\unicodedata.pyd
c:\users\Keith\AppData\Local\Temp\_MEI42362\win32api.pyd
c:\users\Keith\AppData\Local\Temp\_MEI42362\win32com.shell.shell.pyd
c:\users\Keith\AppData\Local\Temp\_MEI42362\win32crypt.pyd
c:\users\Keith\AppData\Local\Temp\_MEI42362\win32event.pyd
c:\users\Keith\AppData\Local\Temp\_MEI42362\win32file.pyd
c:\users\Keith\AppData\Local\Temp\_MEI42362\win32inet.pyd
c:\users\Keith\AppData\Local\Temp\_MEI42362\win32pdh.pyd
c:\users\Keith\AppData\Local\Temp\_MEI42362\win32process.pyd
c:\users\Keith\AppData\Local\Temp\_MEI42362\win32profile.pyd
c:\users\Keith\AppData\Local\Temp\_MEI42362\win32security.pyd
c:\users\Keith\AppData\Local\Temp\_MEI42362\win32ts.pyd
c:\users\Keith\AppData\Local\Temp\_MEI42362\windows._cacheinvalidation.pyd
c:\users\Keith\AppData\Local\Temp\_MEI42362\wx._controls_.pyd
c:\users\Keith\AppData\Local\Temp\_MEI42362\wx._core_.pyd
c:\users\Keith\AppData\Local\Temp\_MEI42362\wx._gdi_.pyd
c:\users\Keith\AppData\Local\Temp\_MEI42362\wx._html2.pyd
c:\users\Keith\AppData\Local\Temp\_MEI42362\wx._misc_.pyd
c:\users\Keith\AppData\Local\Temp\_MEI42362\wx._windows_.pyd
c:\users\Keith\AppData\Local\Temp\_MEI42362\wx._wizard.pyd
c:\users\Keith\AppData\Local\Temp\_MEI42362\wxbase294u_net_vc90.dll
c:\users\Keith\AppData\Local\Temp\_MEI42362\wxbase294u_vc90.dll
c:\users\Keith\AppData\Local\Temp\_MEI42362\wxmsw294u_adv_vc90.dll
c:\users\Keith\AppData\Local\Temp\_MEI42362\wxmsw294u_core_vc90.dll
c:\users\Keith\AppData\Local\Temp\_MEI42362\wxmsw294u_html_vc90.dll
c:\users\Keith\AppData\Local\Temp\_MEI42362\wxmsw294u_webview_vc90.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-26 to 2013-05-26  )))))))))))))))))))))))))))))))
.
.
2013-05-26 15:39 . 2013-05-26 15:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-20 23:49 . 2013-05-20 23:49 -------- d-----w- c:\windows\ERUNT
2013-05-20 23:49 . 2013-05-20 23:49 -------- d-----w- C:\JRT
2013-05-19 20:29 . 2013-05-19 20:29 -------- d-----w- c:\program files\iPod
2013-05-19 20:29 . 2013-05-19 20:30 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-19 20:29 . 2013-05-19 20:30 -------- d-----w- c:\program files\iTunes
2013-05-15 23:13 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 23:13 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 23:13 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 23:03 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 23:02 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 23:02 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 23:02 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 23:02 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 23:02 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 23:02 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 23:01 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 23:01 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 21:39 . 2013-05-15 21:39 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2013-05-15 21:34 . 2013-05-15 21:34 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-05-08 00:31 . 2013-03-26 21:59 92256 ----a-w- c:\programdata\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe
2013-04-30 01:12 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-04-30 01:12 . 2012-08-23 13:40 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-04-30 01:12 . 2012-08-23 13:41 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-04-30 01:12 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2013-04-30 01:12 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2013-04-30 01:12 . 2012-08-23 14:07 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2013-04-29 23:19 . 2013-04-29 23:19 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-29 19:41 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-04-29 19:41 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-04-29 19:41 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-04-29 19:41 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-04-29 19:41 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-04-29 19:41 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-04-29 19:41 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-04-29 18:17 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-04-29 18:17 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-04-27 21:11 . 2013-04-27 21:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-27 21:10 . 2013-04-04 09:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 04:15 . 2009-12-12 17:11 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 20:15 . 2012-04-24 23:28 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 20:15 . 2011-09-03 17:42 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 18:41 . 2010-06-24 15:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-09 08:59 . 2013-03-14 02:20 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2013-03-14 02:20 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2012-03-16 18:21 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2011-06-08 22:12 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2011-06-08 22:11 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2011-06-08 22:11 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2011-06-08 22:12 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2011-06-08 22:11 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2011-06-08 22:11 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2011-06-08 22:11 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-04-13 05:49 . 2013-05-15 23:03 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 23:03 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 23:03 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 23:03 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 23:03 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 23:03 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 22:55 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-04 18:50 . 2010-04-04 22:13 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\SysWow64\GPhotos.scr
2013-03-19 06:04 . 2013-04-12 21:01 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-12 21:01 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-12 21:01 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-12 21:01 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-12 21:01 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-12 21:01 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-19 01:14 . 2013-03-19 01:14 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-19 01:13 . 2013-03-19 01:15 310688 ----a-w- c:\windows\system32\javaws.exe
2013-03-19 01:13 . 2013-03-19 01:14 188832 ----a-w- c:\windows\system32\javaw.exe
2013-03-19 01:13 . 2013-03-19 01:14 188320 ----a-w- c:\windows\system32\java.exe
2013-03-19 01:13 . 2013-03-19 01:15 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-19 01:13 . 2013-03-19 01:15 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-13 01:54 . 2013-03-13 01:54 558248 ----a-w- c:\users\Keith\AppData\Roaming\Microsoft\Office on Demand\office_en-us_.exe
2013-03-05 14:16 . 2012-06-12 20:14 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-05 14:16 . 2010-04-26 12:26 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-01 22:10 . 2012-08-01 22:08 4024320 ----a-w- c:\program files (x86)\GUTE5A1.tmp
2012-08-01 22:08 . 2012-08-01 22:08 4024320 ----a-w- c:\program files (x86)\GUTC008.tmp
2012-06-02 14:35 . 2012-06-07 02:20 78 ----a-w- c:\program files\update-gtasa.bat
2010-03-31 03:04 . 2010-03-31 02:41 1228240 ----a-w- c:\program files (x86)\ADBEPPROCS4_LS7.exe
2010-01-10 23:32 . 2010-01-10 23:32 4182178 ----a-w- c:\program files (x86)\Avisynth_258.exe
2008-10-24 00:12 . 2009-12-26 22:50 56105 ----a-w- c:\program files\Photoshop CS4.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-18 22:41 222808 ----a-w- c:\users\Keith\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-18 22:41 222808 ----a-w- c:\users\Keith\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-18 22:41 222808 ----a-w- c:\users\Keith\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 39408]
"Facebook Update"="c:\users\Keith\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-01 138096]
"MusicManager"="c:\users\Keith\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2013-04-23 7331840]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720]
"Akamai NetSession Interface"="c:\users\Keith\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]
"SkyDrive"="c:\users\Keith\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-03-18 256600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-07-28 1157128]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2010-08-12 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2010-08-13 181480]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"tvncontrol"="c:\program files (x86)\TightVNC\tvnserver.exe" [2011-08-03 828944]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 nnfwdk;Nielsen WFP Driver;c:\program files (x86)\NetRatingsNetSight\NetSight\meter2\nnfwdk64.sys [x]
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-02 75928]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2009-04-30 271640]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 222208]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-26 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-29 55856]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 80816]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2011-08-03 828944]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S2 WysePocketCloud;Wyse PocketCloud;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2012-11-05 191488]
S2 WyseRemoteAccess;Wyse Remote Access;c:\program files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [2012-11-05 1436160]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-13 67072]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ   Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 20:15]
.
2013-05-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2393778099-1793147535-3310906996-1002Core.job
- c:\users\Keith\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-20 22:08]
.
2013-05-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2393778099-1793147535-3310906996-1002UA.job
- c:\users\Keith\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-20 22:08]
.
2013-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-01 18:58]
.
2013-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-01 18:58]
.
2013-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2393778099-1793147535-3310906996-1002Core.job
- c:\users\Keith\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-29 13:43]
.
2013-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2393778099-1793147535-3310906996-1002UA.job
- c:\users\Keith\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-29 13:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-18 22:42 261704 ----a-w- c:\users\Keith\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-18 22:42 261704 ----a-w- c:\users\Keith\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-18 22:42 261704 ----a-w- c:\users\Keith\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-06-11 301056]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [BU]
"PocketCloud Location"="c:\program files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe" [2012-11-05 935312]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [BU]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
FF - ProfilePath - c:\users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\7gjeukzk.default\
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{8BA85C75-763B-4103-94EB-9470F12FE0F7} - (no file)
ShellIconOverlayIdentifiers-{CD55129A-B1A1-438E-A425-CEBC7DC684EE} - (no file)
ShellIconOverlayIdentifiers-{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} - (no file)
AddRemove-Age of Empires 2.0 - c:\program files (x86)\Microsoft Games\Age of Empires II\UNINSTAL.EXE
AddRemove-Age of Empires II: The Conquerors Expansion 1.0 - c:\program files (x86)\Microsoft Games\Age of Empires II\UNINSTALX.EXE
AddRemove-BFG-Diner Dash 5 - Boom - c:\program files (x86)\Diner Dash 5 - Boom\Uninstall.exe
AddRemove-EADM - c:\program files (x86)\Electronic Arts\EADM\EADMUI\EADMUninstall.exe
AddRemove-Microsoft Visual Basic 2008 Express Edition with SP1 - ENU - c:\program files (x86)\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition with SP1 - ENU\setup.exe
AddRemove-NetSight - c:\progra~2\NETRAT~1\NetSight\NSSetup.exe
AddRemove-Videora iPhone 4 Converter - c:\program files (x86)\Red Kawa\Video Converter App\uninstaller.exe
AddRemove-Videora iPod touch Converter - c:\program files (x86)\Red Kawa\Video Converter App\uninstaller.exe
AddRemove-Viper - c:\program files (x86)\Kerigwa\Viper Client\uninst.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\NetRatingsNetSight]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
.
**************************************************************************
.
Completion time: 2013-05-26  13:48:15 - machine was rebooted
ComboFix-quarantined-files.txt  2013-05-26 17:48
ComboFix2.txt  2013-05-23 01:56
ComboFix3.txt  2013-05-22 18:53
.
Pre-Run: 5,120,602,112 bytes free
Post-Run: 5,099,020,288 bytes free
.
- - End Of File - - 6E3D01B26EFF447D1027780083DB6764


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,385 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:28 PM

Posted 26 May 2013 - 02:55 PM

Hi Keith,

I suspected that which is the reason I had you run Combofix again. I wanted to see if the same files showed up again, which they did.

Please run this for me.

===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Vista/7 users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • When prompted, Click Scan
  • When the Status box shows Scan Finished click Delete
  • Click Report
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Run TDSSKiller by Kaspersky on Vista/7

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log
  • TDSSKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users