Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant Player Update Warnings (caught from sports website ads)


  • This topic is locked This topic is locked
30 replies to this topic

#1 baymyke

baymyke

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 28 May 2013 - 05:54 PM

Two weeks ago I really wanted to see a playoff hockey game so after some searching I found a site called firstrow1.eu.  Without thinking I started allowing it to update flash players etc in order to see the game.  I finally got a clear screen and was able to watch, but later that night I started thinking about what I'd done and started to panic after some further research.

 

Before actually seeing any symptoms, I disconnected from the internet and started removing sensitive files.  I could see some new programs had been installed when I carelessly clicked through the ads to get to the game.  First I tried restoring my system to a date before the hockey viewing, but the programs remained no matter how far back I went.  Then I disabled system restore and started running full scans with every program I could find to help including:

 

 

Microsoft Security Essentials

Trend Micro's House Call ESET's Online Scanner Microsoft Safety Scanner McAfee Stinger Malwarebytes' Anti-Malware Superantispyware Lavasoft AdAware Safer Networking's Spybot Search & Destroy

 

Kaspersky Rescue Disk  F-Secure's Rescue CD Windows Defender Offline (WDO)

 

 

 

The only ones that found anything were:

 

Superantispyware Lavasoft AdAware Safer Networking's Spybot Search & Destroy

 

ESET's Online Scanner

 

 

 

Mostly they found tracking cookies, but some found more critical threats like trojans and exe files.  All threats were deleted.  ESET found the following:

 

 

C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.7z Win32/Bundled.Toolbar.Ask.B application   C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.dll Win32/Bundled.Toolbar.Ask.B application   C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application   C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z Win32/Bundled.Toolbar.Ask.B application deleted - quarantined C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll Win32/Bundled.Toolbar.Ask.B application cleaned by deleting - quarantined C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined C:\Users\Michael\AppData\Local\Temp\DIQM\FlashPlayer_151\DomaIQ.exe Win32/DomaIQ.E application cleaned by deleting - quarantined C:\Users\Michael\AppData\Local\Temp\DIQM\FlashPlayer_151\DomaIQ10.exe Win32/DomaIQ.E application cleaned by deleting - quarantined C:\Users\Michael\AppData\Local\Temp\DIQM\FlashPlayer_151\exes.zip Win32/DomaIQ.E application deleted - quarantined C:\Users\Michael\AppData\Local\Temp\DIQM\FlashPlayer_151\setup__120.exe a variant of Win32/Amonetize.D application cleaned by deleting - quarantined C:\Users\Michael\AppData\Local\Temp\DIQM\FlashPlayer_151\software\OptimizerPro.exe a variant of Win32/SpeedingUpMyPC.B application cleaned by deleting - quarantined C:\Users\Michael\AppData\Local\Temp\DIQM\FlashPlayer_151\software\Yontoo.exe multiple threats cleaned by deleting - quarantined

 

 

Then Spybot found some root registry problems that I deleted.  It was at that point I started getting the constant update player warnings for the first time, with that weird looking Adobe-like icon, and a separate pop up window that says message from windows to update player. 

 

Now Superantispyware keeps finding the same two registry key problems but they can't be deleted because they may be in use by memory?  So I'm at a loss what to do next.  Below is my dds log, and I'm attaching the attach text file.  I will greatly appreciate any help you can provide.  Thank you!

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.6001.19418  BrowserJavaVersion: 10.21.2
Run by Michael at 18:10:58 on 2013-05-28
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.6134.4281 [GMT -4:00]
.
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\WUDFHost.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\PROGRA~2\SQUEEZ~1\server\SQUEEZ~3.EXE
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe
C:\Windows\splwow64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uURLSearchHooks: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Sing Along: {6492E171-2427-4932-B414-33574A089F5E} - C:\Program Files (x86)\SingAlong\singalng.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{F42EED6D-5CEF-42E1-A8EA-0429370E0F9E} : DHCPNameServer = 75.75.76.76 75.75.75.75
LSA: Authentication Packages =  msv1_0 relog_ap
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-5-19 14456]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-3-20 53488]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-7 143088]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-3-18 1236336]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-3-21 88576]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-5-22 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2010-12-21 987704]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2010-12-21 399416]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-1-23 92592]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-3-21 316544]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DefaultTabUpdate;DefaultTabUpdate;"C:\Users\Michael\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe" --> C:\Users\Michael\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [?]
S3 ncplelhp;NCP Secure Client NDIS6 Driver;C:\Windows\System32\drivers\ncplelhp.sys [2009-9-16 149800]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-6-22 89920]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-05-22 21:50:21 47496 ----a-w- C:\Windows\System32\sbbd.exe
2013-05-22 21:50:21 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
2013-05-20 22:13:33 0 ----a-w- C:\Windows\System32\snapapi.dll
2013-05-20 22:13:33 0 ----a-w- C:\Windows\System32\OLEPRO32.DLL
2013-05-20 22:13:33 0 ----a-w- C:\Windows\System32\MSVCR71.dll
2013-05-20 22:13:33 0 ----a-w- C:\Windows\System32\MSVCR100.dll
2013-05-20 22:13:33 0 ----a-w- C:\Windows\System32\MSVCP71.dll
2013-05-20 22:13:33 0 ----a-w- C:\Windows\System32\MSVCP100.dll
2013-05-20 22:13:33 0 ----a-w- C:\Windows\System32\acrotls.dll
2013-05-20 07:03:29 75016696 ----a-w- C:\Windows\System32\mrt.exe
2013-05-20 02:26:53 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-20 02:26:53 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-06 05:25:49 9333248 ----a-w- C:\Windows\System32\mshtml.dll
2013-05-06 05:24:20 6013440 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-05-05 20:18:05 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-05 19:58:35 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-03 19:57:46 72607752 ----a-w- C:\Windows\SysWow64\MRT.exe
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-21 18:52:58 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-21 18:52:54 263584 ----a-w- C:\Windows\SysWow64\javaws.exe
2013-04-21 18:52:54 174496 ----a-w- C:\Windows\SysWow64\javaw.exe
2013-04-21 18:52:54 174496 ----a-w- C:\Windows\SysWow64\java.exe
2013-04-21 18:52:53 866720 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-04-21 18:52:53 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-04-15 14:17:12 901496 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-13 03:34:30 47104 ----a-w- C:\Windows\System32\cdd.dll
2013-04-09 01:55:57 2774016 ----a-w- C:\Windows\System32\win32k.sys
2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-04 11:37:01 1147392 ----a-w- C:\Windows\System32\wininet.dll
2013-04-04 11:36:44 1489408 ----a-w- C:\Windows\System32\urlmon.dll
2013-04-04 11:36:44 108032 ----a-w- C:\Windows\System32\url.dll
2013-04-04 11:35:09 243712 ----a-w- C:\Windows\System32\occache.dll
2013-04-04 11:33:26 1062912 ----a-w- C:\Windows\System32\mstime.dll
2013-04-04 11:33:00 98304 ----a-w- C:\Windows\System32\mshtmled.dll
2013-04-04 11:32:55 742912 ----a-w- C:\Windows\System32\msfeeds.dll
2013-04-04 11:32:55 71680 ----a-w- C:\Windows\System32\msfeedsbs.dll
2013-04-04 11:32:23 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2013-04-04 11:32:09 31744 ----a-w- C:\Windows\System32\jsproxy.dll
2013-04-04 11:32:02 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-04-04 11:31:49 219136 ----a-w- C:\Windows\System32\ieui.dll
2013-04-04 11:31:48 77312 ----a-w- C:\Windows\System32\iesetup.dll
2013-04-04 11:31:48 2356736 ----a-w- C:\Windows\System32\iertutil.dll
2013-04-04 11:31:48 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2013-04-04 11:31:47 72192 ----a-w- C:\Windows\System32\iernonce.dll
2013-04-04 11:31:47 252416 ----a-w- C:\Windows\System32\iepeers.dll
2013-04-04 11:31:47 12508160 ----a-w- C:\Windows\System32\ieframe.dll
2013-04-04 11:31:43 459776 ----a-w- C:\Windows\System32\iedkcs32.dll
2013-04-04 10:10:30 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-04 10:10:07 1212928 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-04-04 10:10:07 105984 ----a-w- C:\Windows\SysWow64\url.dll
2013-04-04 10:09:47 479232 ----a-w- C:\Windows\System32\html.iec
2013-04-04 10:08:15 206848 ----a-w- C:\Windows\SysWow64\occache.dll
2013-04-04 10:06:20 611840 ----a-w- C:\Windows\SysWow64\mstime.dll
2013-04-04 10:05:44 67072 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-04-04 10:05:39 630272 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-04-04 10:05:39 55296 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
2013-04-04 10:04:49 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2013-04-04 10:04:36 25600 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-04-04 10:04:24 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-04-04 10:04:07 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-04-04 10:04:07 2004992 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-04-04 10:04:07 164352 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-04-04 10:04:07 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-04-04 10:04:06 55808 ----a-w- C:\Windows\SysWow64\iernonce.dll
2013-04-04 10:04:06 184320 ----a-w- C:\Windows\SysWow64\iepeers.dll
2013-04-04 10:04:06 11111424 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-04-04 10:04:01 387584 ----a-w- C:\Windows\SysWow64\iedkcs32.dll
2013-04-04 08:26:52 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-04-04 08:26:43 70656 ----a-w- C:\Windows\System32\ie4uinit.exe
2013-04-04 08:24:56 12288 ----a-w- C:\Windows\System32\msfeedssync.exe
2013-04-04 08:23:20 385024 ----a-w- C:\Windows\SysWow64\html.iec
2013-04-04 06:43:00 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-04-04 06:42:12 174080 ----a-w- C:\Windows\SysWow64\ie4uinit.exe
2013-04-04 06:40:06 13312 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
2013-04-02 14:09:52 4550656 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2013-03-11 13:33:42 4691304 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-09 04:16:35 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-09 01:48:36 75264 ----a-w- C:\Windows\System32\smss.exe
2013-03-08 04:18:52 451072 ----a-w- C:\Windows\System32\winsrv.dll
2013-03-08 04:17:12 2425344 ----a-w- C:\Windows\System32\mstscax.dll
2013-03-08 03:52:22 2067968 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-03-03 19:13:14 1513320 ----a-w- C:\Windows\System32\drivers\ntfs.sys
.
============= FINISH: 18:11:28.39 ===============
 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:43 AM

Posted 31 May 2013 - 08:58 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 baymyke

baymyke
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 01 June 2013 - 07:46 AM

Hi M0le,

 

Very glad to hear from you.  I'm ready to get started right away.

 

Thanks!



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:43 AM

Posted 01 June 2013 - 07:27 PM

 

Now Superantispyware keeps finding the same two registry key problems but they can't be deleted because they may be in use by memory?

 

 

 

Can you post these two registry entries for me


Posted Image
m0le is a proud member of UNITE

#5 baymyke

baymyke
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 01 June 2013 - 10:26 PM

Hi M0le,

 

I'm sorry, when I wrote my original post, I was trying to remember as much as I could from what I had done before.  Since my original post, I have done nothing more with my system.  After your last message, I went back and did a couple of scans (I didn't fix or delete any findings), and realized it wasn't Superantispyware that kept finding the two registry items, but rather it was Spybot Search and Destroy's full scan.  After running it again, here are the two threats it found:

 

Yontoo.Pagerage: [SBI $7EA79EE0] Settings (Registry key, nothing done)
  HKEY_CLASSES_ROOT\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}

Win32.Downloader.gen: [SBI $82F4FAFD]  Data (File, nothing done)
  C:\end
  Properties.size=0
  Properties.md5=D41D8CD98F00B204E9800998ECF8427E
  Properties.filedate=1368497395
  Properties.filedatetext=2013-05-13 22:09:55

--- Spybot - Search & Destroy version: 1.6.2  (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2013-05-22 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2013-04-11 Includes\Adware.sbi (*)
2013-05-28 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2013-04-11 Includes\DialerC.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2013-04-11 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2013-04-11 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-05-29 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-05-22 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2013-04-11 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-05-08 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2013-01-16 Includes\Trojans.sbi (*)
2013-05-13 Includes\TrojansC-02.sbi (*)
2013-05-29 Includes\TrojansC-03.sbi (*)
2013-05-16 Includes\TrojansC-04.sbi (*)
2013-05-08 Includes\TrojansC-05.sbi (*)
2013-04-19 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

 

I believe the Yantoo.pagerage item is one of the same two I was seeing before, but the Win32.downloader.gen item doesn't ring a bell.  As I recall, the other item it was finding before had a similar HKEY_CLASSES_ROOT prefix.  So perhaps the thing continues to evolve?  Certainly the continual 'update player' warning popups are still with me, but they occasionally change appearance or have a slightly different message.  Hope this helps.  I will not run anything else till I hear from you, and I will not try to fix these two items.

 

Thanks for your help!



#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:43 AM

Posted 02 June 2013 - 06:28 PM

Yontoo is removed by most tools. Can I see your Malwarebytes Antimalware logs?


Posted Image
m0le is a proud member of UNITE

#7 baymyke

baymyke
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 02 June 2013 - 09:52 PM

Ok, I just ran a full Malwarebytes scan and it found nothing as follows.  In the meantime the player update warnings continue and my computer is acting strangly.  I often can't open individual email messages without several tries, and other inexplicable odd behaviors have started to appear (like my reply to this message kept switching to italics without me doing anything, and I had a hard time switching it back).  As for the Yantoo finding, as I mentioned, Spybot was the only one to find it, and when I tried to "fix" it, it said it couldn't as it may be in use by memory.  Did you not see any other problems with my various logs?  I know you are trying.  Thanks again for your help.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.03.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19418
Michael :: HOME-PC [administrator]

6/2/2013 9:10:51 PM
mbam-log-2013-06-02 (21-10-51).txt

Scan type: Full scan (C:\|D:\|J:\|K:\|L:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 466549
Time elapsed: 58 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:43 AM

Posted 03 June 2013 - 07:06 PM

You're right I can't see anything that says that these issues are malware. In fact, the symptoms you are experiencing are not usually malware-related.

 

Also this:

 

Before actually seeing any symptoms, I disconnected from the internet and started removing sensitive files

 

makes me worried about what you deleted.

 

If you are getting update requests for then reinstall the player and see if that stops the messages.

 

Can you remember which programs these updates were applied to?


Posted Image
m0le is a proud member of UNITE

#9 baymyke

baymyke
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 03 June 2013 - 08:16 PM

I just meant that I removed some personal Word and Excel documents that contained sensitive information.  Clearly these update player warnings are coming from one of those fake Adobe-like outfits.  As I explained, at least one of the malware cleaning programs I ran (Spybot) found problems that I posted for you, but it apparently can't clean them because they are somehow registry key related and possibly "in use by memory" and cannot be deleted.  If I'm not answering your questions please let me know.  I thought you guys had all sorts of your own diagnostic and cleaning tools to find and fix these types of problems.  I keep thinking you will be instructing me with some of those tools.  Your suggesting that I 'reinstall the player and see if that stops the messages' (based on the symptoms I've been describing to you) sounds irresponsible to me.  But perhaps I'm not explaining the problem as well as I think I am.  Please help me to help you.



#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:43 AM

Posted 03 June 2013 - 08:40 PM

I don't see how it is clear that the warning messages are coming from a fake Adobe-like outfit so maybe that's why I'm not seeing the problem. Spybot, which is incidentally a very poor program nowadays, has found a registry entry and maybe that is still running a file so let's run OTL which will initially scan but then can be used to remove things we want to remove.

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • This is THE Mirror
  • Save it to your desktop.
  • Double click on the otlicon.png icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the runscan.png button.
  • Two reports will open, copy and paste them in a reply here:

Edited by m0le, 03 June 2013 - 08:43 PM.

Posted Image
m0le is a proud member of UNITE

#11 baymyke

baymyke
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 03 June 2013 - 10:10 PM

Thanks for the quick response.  You're right, I'm sure it's not clear when you can't see my computer.  I tried to post a screen shot early on, of one of the warnings, but your site said that kind of attachment was not allowed.  Here's a copy of the URL for one of the warnings, in case that helps:

 

I ran OTL and am posting the two reports below.  I skimmed them myself, but of course I'm not qualified to interpret them.  I will say the following entries looked questionable to me, but don't let that influence your review.  I'm sure I don't know what's most important.

 

[2013/05/13 22:10:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Download Manager
[2013/05/13 22:08:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\xVidly
[2013/05/13 22:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/05/13 22:00:44 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\player
[2013/05/13 21:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/05/13 21:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer

 

[2013/05/13 22:10:19 | 000,000,902 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\xVidly.lnk
[2013/05/13 22:09:55 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2013/05/13 22:09:55 | 000,000,000 | ---- | M] () -- C:\end
[2013/05/13 21:59:58 | 000,757,486 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

 

[2013/05/13 22:10:19 | 000,000,902 | ---- | C] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\xVidly.lnk
[2013/05/13 22:09:55 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2013/05/13 22:09:50 | 000,000,000 | ---- | C] () -- C:\end
[2013/05/13 21:57:09 | 000,000,258 | RHS- | C] () -- C:\Users\Michael\ntuser.pol
 

 

At any rate, here is the OTL.Txt Rpt:

 

OTL logfile created on: 6/3/2013 10:13:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michael\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19418)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.99 Gb Total Physical Memory | 3.97 Gb Available Physical Memory | 66.33% Memory free
12.21 Gb Paging File | 9.84 Gb Available in Paging File | 80.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.11 Gb Total Space | 507.03 Gb Free Space | 87.25% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.68 Gb Free Space | 51.23% Space Free | Partition Type: NTFS
Drive J: | 48.83 Gb Total Space | 13.81 Gb Free Space | 28.29% Space Free | Partition Type: NTFS
Drive K: | 439.45 Gb Total Space | 405.91 Gb Free Space | 92.37% Space Free | Partition Type: NTFS
Drive L: | 443.10 Gb Total Space | 314.94 Gb Free Space | 71.07% Space Free | Partition Type: NTFS
 
Computer Name: HOME-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/03 22:12:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2013/05/19 22:26:53 | 000,813,448 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe
PRC - [2013/03/18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2013/03/18 03:25:44 | 018,828,128 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
PRC - [2013/01/31 11:11:58 | 000,542,632 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2012/03/14 05:49:48 | 014,057,569 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Squeezebox\server\SqueezeSvr.exe
PRC - [2012/03/14 05:48:58 | 003,051,619 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
PRC - [2012/01/23 00:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/06/12 21:27:43 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/12/21 08:04:30 | 000,987,704 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2010/12/21 08:04:30 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2010/12/21 08:04:30 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/04/09 21:42:00 | 000,492,896 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2008/04/09 20:23:22 | 000,909,208 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2008/04/09 20:14:28 | 000,136,472 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2008/04/09 20:11:24 | 002,595,792 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/06/03 18:25:32 | 000,098,415 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\19febd96672ffdb7ea244cef36aaa062\Zlib.dll
MOD - [2013/06/03 18:25:31 | 000,032,881 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\b6bd87c968599725b8ab2e5c25d3046a\API.dll
MOD - [2013/06/03 18:25:29 | 000,061,547 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\bc147d83c7c868eeee67082dcf55430c\File.dll
MOD - [2013/06/03 18:25:28 | 000,017,920 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\8fedeb86a4a984edfc1fb255d4ea965c\XS.dll
MOD - [2013/06/03 18:25:18 | 004,547,584 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\38a10ee333cf1a9afec3f0acdf1bbebc\Scan.dll
MOD - [2013/06/03 18:25:18 | 000,020,587 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\c668a322917d32a5ea22894518aa9897\Base64.dll
MOD - [2013/06/03 18:25:17 | 000,608,256 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\e2e81dd6b3e5a36f0bdae076393cc11d\SQLite.dll
MOD - [2013/06/03 18:25:17 | 000,361,472 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\aff7ee779ea184f884ed432c30a58f5d\Scale.dll
MOD - [2013/06/03 18:25:17 | 000,110,705 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\7f2598c08178217a0e2c754f3d568f28\Byte.dll
MOD - [2013/06/03 18:25:17 | 000,061,546 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\4f2c03383aab0133b8dc0a3fa2dd92fa\Storable.dll
MOD - [2013/06/03 18:25:17 | 000,032,878 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
MOD - [2013/06/03 18:25:17 | 000,030,208 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\0665c25e931c1ac0151b062449e91028\XSAccessor.dll
MOD - [2013/06/03 18:25:17 | 000,024,701 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
MOD - [2013/06/03 18:25:17 | 000,024,695 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\cf5fe81e2f5dcbfecfd0495e1648c991\Unicode.dll
MOD - [2013/06/03 18:25:17 | 000,024,679 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\c19d5e3dc664d9f4ce700001e2621cee\MD5.dll
MOD - [2013/06/03 18:25:17 | 000,024,670 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\3a8764e0d7c5d453e01d9ad08cf7fb58\IO.dll
MOD - [2013/06/03 18:25:17 | 000,020,596 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\3b7106dd14676048b10bbb09a990f74c\XS.dll
MOD - [2013/06/03 18:25:17 | 000,020,596 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\d1c77e404b5c4b954fa537ed63c8fb7b\File.dll
MOD - [2013/06/03 18:25:16 | 000,184,414 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\bd5179a413bc0c4b82eedc22c6cab101\re.dll
MOD - [2013/06/03 18:25:16 | 000,182,272 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\d0bf009923f29116535c26d228271d6d\Scan.dll
MOD - [2013/06/03 18:25:16 | 000,138,752 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\44727051c604ef6b79894b64d4c63832\Expat.dll
MOD - [2013/06/03 18:25:16 | 000,118,918 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
MOD - [2013/06/03 18:25:16 | 000,094,334 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\eb138ef0e4282611dbf485a302784646\LibYAML.dll
MOD - [2013/06/03 18:25:16 | 000,090,213 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\961b0d62fa52b1dd29c795a822fbf1cf\DBI.dll
MOD - [2013/06/03 18:25:16 | 000,082,048 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
MOD - [2013/06/03 18:25:16 | 000,082,033 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
MOD - [2013/06/03 18:25:16 | 000,077,824 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\7f177c338672436e01c4f0bdbcf94491\EV.dll
MOD - [2013/06/03 18:25:16 | 000,061,540 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\e56c61f7248672819579325af3387035\POSIX.dll
MOD - [2013/06/03 18:25:16 | 000,053,340 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
MOD - [2013/06/03 18:25:16 | 000,041,080 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\2b1fc61b36a6711ea149b18bf3b41500\Parser.dll
MOD - [2013/06/03 18:25:16 | 000,036,964 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\f233f63b6654362865c7577442edb9e3\Win32.dll
MOD - [2013/06/03 18:25:16 | 000,030,720 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\dacfd0ab9b5fd029ed8d29e4482b0775\XS.dll
MOD - [2013/06/03 18:25:16 | 000,028,779 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
MOD - [2013/06/03 18:25:16 | 000,028,774 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
MOD - [2013/06/03 18:25:16 | 000,024,694 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\c344fd5536724b2af2e6453833b60203\SHA1.dll
MOD - [2013/06/03 18:25:16 | 000,024,681 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\c199d3c1960e7aeeecb599487952bed2\HiRes.dll
MOD - [2013/06/03 18:25:16 | 000,024,679 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
MOD - [2013/06/03 18:25:16 | 000,024,676 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
MOD - [2013/06/03 18:25:16 | 000,024,672 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\17d0b152e63e6bfe81b4b19588538896\mro.dll
MOD - [2013/06/03 18:25:16 | 000,020,601 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\4461f48e31bde5c56b31b973b773de09\List.dll
MOD - [2013/06/03 18:25:16 | 000,020,592 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\b979ace6da01e63d651cce9ee2474fdc\Name.dll
MOD - [2013/06/03 18:25:16 | 000,020,590 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
MOD - [2013/06/03 18:25:16 | 000,020,590 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\fa9e3c814aa32db2ad5f17bdfbc22746\attributes.dll
MOD - [2013/06/03 18:25:16 | 000,020,576 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
MOD - [2013/06/03 18:25:15 | 000,001,024 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-5016\e2e81dd6b3e5a36f0bdae076393cc11d\icudt46.dll
MOD - [2013/06/03 18:24:41 | 000,024,701 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-3668\93e7e3d6030f426844228042348210cf\Service.dll
MOD - [2013/06/03 18:24:40 | 000,184,414 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-3668\bd5179a413bc0c4b82eedc22c6cab101\re.dll
MOD - [2013/06/03 18:24:40 | 000,118,918 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-3668\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
MOD - [2013/06/03 18:24:40 | 000,094,334 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-3668\eb138ef0e4282611dbf485a302784646\LibYAML.dll
MOD - [2013/06/03 18:24:40 | 000,082,048 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-3668\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
MOD - [2013/06/03 18:24:40 | 000,082,033 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-3668\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
MOD - [2013/06/03 18:24:40 | 000,061,540 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-3668\e56c61f7248672819579325af3387035\POSIX.dll
MOD - [2013/06/03 18:24:40 | 000,053,340 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-3668\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
MOD - [2013/06/03 18:24:40 | 000,036,964 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-3668\f233f63b6654362865c7577442edb9e3\Win32.dll
MOD - [2013/06/03 18:24:40 | 000,024,676 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-3668\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
MOD - [2013/06/03 18:24:40 | 000,020,601 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-3668\4461f48e31bde5c56b31b973b773de09\List.dll
MOD - [2013/06/03 18:24:40 | 000,020,590 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-3668\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
MOD - [2013/06/03 18:24:40 | 000,020,576 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-3668\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
MOD - [2013/06/03 18:24:39 | 000,032,878 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-3668\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
MOD - [2013/06/03 18:24:39 | 000,028,779 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-3668\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
MOD - [2013/06/03 18:24:39 | 000,024,701 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-3668\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
MOD - [2013/06/03 18:24:39 | 000,024,679 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-3668\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
MOD - [2013/06/03 18:24:02 | 000,028,774 | R--- | M] () -- C:\Users\Michael\AppData\Local\Temp\pdk-Michael-3668\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/04/09 18:46:56 | 001,328,408 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\fox.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/07 18:37:15 | 000,143,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008/12/22 03:37:34 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/10/17 06:24:26 | 000,905,216 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/19 22:26:54 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/12/21 08:04:30 | 000,987,704 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2010/12/21 08:04:30 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/04/09 21:42:00 | 000,492,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2008/04/09 20:15:00 | 000,605,464 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/05/22 17:50:21 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/09/01 04:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\psi_mf.sys -- (PSI)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/07/22 15:24:30 | 000,149,800 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ncplelhp.sys -- (ncplelhp)
DRV:64bit: - [2009/06/23 21:20:26 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2009/06/23 21:20:25 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\timntr.sys -- (timounter)
DRV:64bit: - [2009/06/23 21:19:52 | 000,235,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\snapman.sys -- (snapman)
DRV:64bit: - [2009/06/23 21:19:49 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2008/12/22 03:37:14 | 000,185,248 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2008/10/17 06:24:30 | 004,709,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2008/10/17 06:24:30 | 004,709,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/09/28 08:46:48 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2008/09/28 04:22:14 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/05/23 16:54:38 | 000,033,888 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1578236593-3675630618-1148527252-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1578236593-3675630618-1148527252-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1578236593-3675630618-1148527252-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1578236593-3675630618-1148527252-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 5F 47 B9 FB 54 CE 01  [binary data]
IE - HKU\S-1-5-21-1578236593-3675630618-1148527252-1000\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No CLSID value found
IE - HKU\S-1-5-21-1578236593-3675630618-1148527252-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1578236593-3675630618-1148527252-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1578236593-3675630618-1148527252-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1578236593-3675630618-1148527252-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\singalong@xenophesoft.com: C:\Program Files (x86)\SingAlong\FF\ [2013/05/22 21:52:51 | 000,000,000 | ---D | M]
 
[2009/09/04 21:40:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions
[2009/09/04 21:40:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
 
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (DownloadTerms) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Michael\AppData\Local\DownloadTerms\temp.dat File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Sing Along) - {6492E171-2427-4932-B414-33574A089F5E} - C:\Program Files (x86)\SingAlong\singalng.dll (Xenophesoft)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Michael\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-1578236593-3675630618-1148527252-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1578236593-3675630618-1148527252-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1578236593-3675630618-1148527252-1000..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-1578236593-3675630618-1148527252-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1578236593-3675630618-1148527252-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1578236593-3675630618-1148527252-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-1578236593-3675630618-1148527252-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O4 - Startup: C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\S-1-5-21-1578236593-3675630618-1148527252-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1578236593-3675630618-1148527252-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F42EED6D-5CEF-42E1-A8EA-0429370E0F9E}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{320b957e-b687-11df-abe5-0024e800e485}\Shell - "" = AutoRun
O33 - MountPoints2\{320b957e-b687-11df-abe5-0024e800e485}\Shell\AutoRun\command - "" = M:\Autorun_CCD.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/03 22:11:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2013/05/28 18:07:56 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Michael\Desktop\dds.com
[2013/05/27 21:29:23 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2013/05/27 16:53:28 | 000,829,928 | ---- | C] (Microsoft Corporation) -- C:\Users\Michael\Desktop\mssstool64.exe
[2013/05/23 12:04:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Dad's Internet Security Articles
[2013/05/22 21:55:13 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/05/22 21:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/05/22 21:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/05/22 21:54:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2013/05/22 21:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DefaultTab
[2013/05/22 21:52:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DefaultTab
[2013/05/22 21:52:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SingAlong
[2013/05/22 17:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/05/22 17:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013/05/22 17:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/05/22 17:51:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/05/22 17:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/05/22 17:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2013/05/22 17:51:08 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\adawarebp
[2013/05/22 17:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/05/22 17:51:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2013/05/22 17:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013/05/21 22:26:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Music for R's Ipod
[2013/05/21 17:41:44 | 084,370,192 | ---- | C] (Microsoft Corporation) -- C:\Users\Michael\Desktop\msert.exe
[2013/05/21 07:15:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/05/20 20:41:10 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Album Art
[2013/05/20 17:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/05/20 17:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/05/20 17:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/05/20 17:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/05/20 17:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/05/19 21:51:40 | 000,742,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/19 21:51:40 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/05/19 21:51:39 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/05/19 21:51:39 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/05/19 21:51:39 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/19 21:51:39 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/05/19 21:51:39 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/05/19 21:51:39 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/05/19 21:51:39 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/05/19 21:51:38 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/05/19 21:51:38 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/05/19 21:51:38 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/05/19 21:51:38 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/05/19 21:51:38 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/05/19 21:51:37 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/05/19 21:51:37 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/05/19 21:51:37 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/19 21:51:37 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/05/19 21:51:37 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/05/19 21:51:37 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/19 21:51:37 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/05/19 21:51:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/05/19 21:51:36 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2013/05/19 21:51:36 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/19 21:51:36 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/05/19 21:51:36 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/19 21:51:36 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/05/19 21:51:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/05/19 21:51:36 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/05/19 21:51:35 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/05/19 21:43:07 | 001,761,408 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Michael\Desktop\rkill.com
[2013/05/19 21:42:26 | 072,607,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2013/05/19 20:26:36 | 000,000,000 | ---D | C] -- C:\Stinger_Quarantine
[2013/05/19 20:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2013/05/19 20:26:19 | 012,335,648 | ---- | C] (McAfee Inc) -- C:\Users\Michael\Desktop\stinger64.exe
[2013/05/19 20:26:07 | 002,467,424 | ---- | C] (Trend Micro Inc.) -- C:\Users\Michael\Desktop\HousecallLauncher64.exe
[2013/05/19 20:21:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\LavasoftStatistics
[2013/05/19 20:20:49 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013/05/19 20:20:49 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/05/19 20:20:49 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Ad-Aware Antivirus
[2013/05/19 18:48:17 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2013/05/19 18:47:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/19 18:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/19 18:47:33 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/05/19 18:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/05/19 17:13:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\SUPERAntiSpyware.com
[2013/05/19 17:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/05/19 17:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/05/19 17:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/05/14 21:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/05/13 22:10:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Download Manager
[2013/05/13 22:08:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\xVidly
[2013/05/13 22:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/05/13 22:00:44 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\player
[2013/05/13 21:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/05/13 21:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/03 22:14:59 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5ED2C4C1-5912-4640-8771-3EB9951A5E01}.job
[2013/06/03 22:12:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2013/06/03 21:44:48 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\Sing Along Update.job
[2013/06/03 21:26:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/03 20:28:17 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{18C9B602-8654-44B5-BE13-8795F8CA28BC}.job
[2013/06/03 20:22:43 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/03 20:22:43 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/03 18:23:38 | 000,001,781 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/06/03 18:22:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/03 18:22:38 | 2138,234,879 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/01 10:40:48 | 000,706,592 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/01 10:40:48 | 000,606,796 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/01 10:40:48 | 000,105,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/28 18:08:03 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Michael\Desktop\dds.com
[2013/05/28 18:05:33 | 000,002,675 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2013/05/27 16:53:39 | 000,829,928 | ---- | M] (Microsoft Corporation) -- C:\Users\Michael\Desktop\mssstool64.exe
[2013/05/23 19:12:12 | 147,156,992 | ---- | M] () -- C:\Users\Michael\Desktop\rescue-cd-3.16-52606.iso
[2013/05/23 19:08:31 | 000,038,058 | ---- | M] () -- C:\Users\Michael\Desktop\rescue_cd_user_guide.20120606.pdf
[2013/05/23 10:40:19 | 000,002,633 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2013/05/22 21:54:44 | 000,001,099 | ---- | M] () -- C:\Users\Michael\Desktop\Spybot - Search & Destroy.lnk
[2013/05/22 21:53:05 | 000,000,258 | RHS- | M] () -- C:\Users\Michael\ntuser.pol
[2013/05/22 17:50:21 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013/05/22 17:50:21 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/05/22 07:04:45 | 000,000,712 | RH-- | M] () -- C:\Users\Michael\Desktop\Stinger.opt
[2013/05/21 23:29:13 | 000,000,635 | ---- | M] () -- C:\Users\Michael\Desktop\Stinger_21052013_214551.html
[2013/05/21 21:35:50 | 000,469,668 | ---- | M] () -- C:\Users\Michael\Desktop\runtime.dat
[2013/05/21 21:35:36 | 012,335,648 | ---- | M] (McAfee Inc) -- C:\Users\Michael\Desktop\stinger64.exe
[2013/05/21 17:41:44 | 084,370,192 | ---- | M] (Microsoft Corporation) -- C:\Users\Michael\Desktop\msert.exe
[2013/05/21 05:21:15 | 052,121,299 | ---- | M] () -- C:\Users\Michael\AppData\Local\census.cache
[2013/05/21 03:24:41 | 000,230,274 | ---- | M] () -- C:\Users\Michael\AppData\Local\ars.cache
[2013/05/20 18:13:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\snapapi.dll
[2013/05/20 18:13:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\OLEPRO32.DLL
[2013/05/20 18:13:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\MSVCR71.dll
[2013/05/20 18:13:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\MSVCR100.dll
[2013/05/20 18:13:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\MSVCP71.dll
[2013/05/20 18:13:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\MSVCP100.dll
[2013/05/20 18:13:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\acrotls.dll
[2013/05/20 17:54:14 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/20 07:50:47 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/05/20 03:24:30 | 000,283,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/19 22:26:53 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/19 22:26:53 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/19 21:41:22 | 000,000,036 | ---- | M] () -- C:\Users\Michael\AppData\Local\housecall.guid.cache
[2013/05/19 21:34:38 | 000,000,633 | ---- | M] () -- C:\Users\Michael\Desktop\Stinger_19052013_202636.html
[2013/05/19 18:47:42 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/19 17:13:05 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/05/17 16:57:34 | 001,761,408 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Michael\Desktop\rkill.com
[2013/05/17 16:41:02 | 002,467,424 | ---- | M] (Trend Micro Inc.) -- C:\Users\Michael\Desktop\HousecallLauncher64.exe
[2013/05/13 22:10:19 | 000,000,902 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\xVidly.lnk
[2013/05/13 22:09:55 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2013/05/13 22:09:55 | 000,000,000 | ---- | M] () -- C:\end
[2013/05/13 21:59:58 | 000,757,486 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/11 18:23:27 | 071,398,857 | ---- | M] () -- C:\Users\Michael\Desktop\BDX4300_5300_FW_V118.zip
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/23 19:12:12 | 147,156,992 | ---- | C] () -- C:\Users\Michael\Desktop\rescue-cd-3.16-52606.iso
[2013/05/23 19:08:31 | 000,038,058 | ---- | C] () -- C:\Users\Michael\Desktop\rescue_cd_user_guide.20120606.pdf
[2013/05/22 21:54:44 | 000,001,099 | ---- | C] () -- C:\Users\Michael\Desktop\Spybot - Search & Destroy.lnk
[2013/05/22 21:52:52 | 000,000,396 | ---- | C] () -- C:\Windows\tasks\Sing Along Update.job
[2013/05/22 17:51:50 | 000,001,781 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/05/21 21:45:51 | 000,000,635 | ---- | C] () -- C:\Users\Michael\Desktop\Stinger_21052013_214551.html
[2013/05/21 05:21:15 | 052,121,299 | ---- | C] () -- C:\Users\Michael\AppData\Local\census.cache
[2013/05/21 03:24:41 | 000,230,274 | ---- | C] () -- C:\Users\Michael\AppData\Local\ars.cache
[2013/05/20 18:13:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\snapapi.dll
[2013/05/20 18:13:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\OLEPRO32.DLL
[2013/05/20 18:13:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\MSVCR71.dll
[2013/05/20 18:13:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\MSVCR100.dll
[2013/05/20 18:13:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\MSVCP71.dll
[2013/05/20 18:13:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\MSVCP100.dll
[2013/05/20 18:13:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\acrotls.dll
[2013/05/20 17:54:14 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/19 21:41:22 | 000,000,036 | ---- | C] () -- C:\Users\Michael\AppData\Local\housecall.guid.cache
[2013/05/19 21:39:40 | 000,000,712 | RH-- | C] () -- C:\Users\Michael\Desktop\Stinger.opt
[2013/05/19 20:26:36 | 000,000,633 | ---- | C] () -- C:\Users\Michael\Desktop\Stinger_19052013_202636.html
[2013/05/19 20:26:27 | 000,469,668 | ---- | C] () -- C:\Users\Michael\Desktop\runtime.dat
[2013/05/19 18:47:42 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/19 17:13:05 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/05/13 22:10:19 | 000,000,902 | ---- | C] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\xVidly.lnk
[2013/05/13 22:09:55 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2013/05/13 22:09:50 | 000,000,000 | ---- | C] () -- C:\end
[2013/05/13 21:57:09 | 000,000,258 | RHS- | C] () -- C:\Users\Michael\ntuser.pol
[2013/05/11 18:23:26 | 071,398,857 | ---- | C] () -- C:\Users\Michael\Desktop\BDX4300_5300_FW_V118.zip
[2012/02/05 15:48:57 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2010/04/11 13:18:23 | 000,000,680 | ---- | C] () -- C:\Users\Michael\AppData\Local\d3d9caps.dat
[2010/01/03 14:38:25 | 000,031,744 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 13:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 03:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

 

 

 

And here is the Extras.Txt Report:

 

OTL Extras logfile created on: 6/3/2013 10:13:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michael\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19418)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.99 Gb Total Physical Memory | 3.97 Gb Available Physical Memory | 66.33% Memory free
12.21 Gb Paging File | 9.84 Gb Available in Paging File | 80.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.11 Gb Total Space | 507.03 Gb Free Space | 87.25% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.68 Gb Free Space | 51.23% Space Free | Partition Type: NTFS
Drive J: | 48.83 Gb Total Space | 13.81 Gb Free Space | 28.29% Space Free | Partition Type: NTFS
Drive K: | 439.45 Gb Total Space | 405.91 Gb Free Space | 92.37% Space Free | Partition Type: NTFS
Drive L: | 443.10 Gb Total Space | 314.94 Gb Free Space | 71.07% Space Free | Partition Type: NTFS
 
Computer Name: HOME-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 2E E4 05 B1 B6 F3 C9 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Logitech Media Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Logitech Media Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Logitech Media Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Logitech Media Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Logitech Media Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Logitech Media Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Logitech Media Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Logitech Media Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Logitech Media Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Logitech Media Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Logitech Media Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Logitech Media Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Logitech Media Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Logitech Media Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Logitech Media Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Logitech Media Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Logitech Media Server 3483 tcp
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Logitech Media Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Logitech Media Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Logitech Media Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Logitech Media Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Logitech Media Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Logitech Media Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Logitech Media Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Logitech Media Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Logitech Media Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Logitech Media Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Logitech Media Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Logitech Media Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Logitech Media Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Logitech Media Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Logitech Media Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Logitech Media Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Logitech Media Server 3483 tcp
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08E75C71-A128-48F6-B9EB-67231FB57641}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2AE0AF75-6C3E-420F-A58C-8C1213AEDC91}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework64\v3.0\windows communication foundation\smsvchost.exe |
"{30738E8A-A446-42C5-AD84-992798014941}" = lport=2869 | protocol=6 | dir=in | app=system |
"{324CDA15-0276-4853-916F-5D26EE99FBE7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{57E27A1A-17BD-4D38-891E-0AF28A4855CC}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
"{6BF9A629-7F41-44F8-8F0F-6CEDCE02B2A3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7C794DE9-3805-4389-88E9-B5904FEEAD87}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8A1144A8-EC45-4CD3-88F6-E7A1CCAC70BE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8AF23A72-5D3F-4344-B35B-348E5AF9F1C7}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
"{C00E4020-76F6-4DD6-B9AE-78EBB9081E85}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe |
"{D531D283-175C-455B-8B17-7EAAA7094213}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdater.exe |
"{D8B21650-26AE-4D2E-8AFF-573D7C9A78D0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1DDE066-EC7A-4250-ADF4-3966F3B1C4F4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EF3387FA-14D4-4B95-8A67-6B15D7905534}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{043760D3-C79E-498A-95B9-5B440139CC52}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0B2BAB7D-7555-4542-86A3-1026F9E9D203}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{12C4C9C3-A563-4EDC-B5E9-6059D258552A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{159F1EEF-CA9F-4CF7-B7EB-054221CAD7D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{24A81074-CAFE-4480-887C-690FD439C791}" = protocol=6 | dir=out | app=system |
"{26A3E4AA-F3D9-45B1-9C34-B88FFC94E703}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2A71C36E-2396-4942-AC37-B3FC2E2879AB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2D9D972D-CB07-4D2A-8B33-63E39BFCD600}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2E6C0F5D-8CD5-4F32-8B30-976D6E1B226A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{436C5171-E5B4-47EA-9496-678AF26544E0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4F73FF49-7B2B-40CC-8B0C-3A3700981A08}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{58A132D0-071E-460E-8378-F059F72348D5}" = dir=in | app=c:\program files (x86)\squeezebox\server\squeezesvr.exe |
"{5A625CAC-E7F7-4DCE-BD4F-6DA3B43A2BDB}" = dir=in | app=c:\program files (x86)\squeezebox\server\squeezesvr.exe |
"{781DD8EE-474B-47D9-B845-18EB06C30EBD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7951790F-50C5-4067-ADC8-645326080C02}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{79BC7C51-ED23-44A2-8014-3DE0A767BAE9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{89579F4E-F64A-4201-8E36-526E84372BE4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8F67CEF0-165F-40CD-904E-914A78962601}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A1691784-E1F4-481B-9000-64816323B59D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5212457-B2D8-4C5F-9037-355BA21476A1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B20ED642-70B6-4C14-9B25-C02836F9581F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B3DEF6C3-67F4-4633-94D1-CBB3FA904DB2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C3327211-A104-4E2F-B232-39B5D6B8058E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C377D3C9-3772-4D5C-9671-21AB094CD7D6}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{C96F7227-4DEF-4610-BC79-227A3D5EDD15}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D8F547D5-CFEB-4E49-8279-E1E15F3C3AA8}" = dir=in | app=c:\program files (x86)\squeezebox\server\squeezesvr.exe |
"{D99E0634-80CC-4B57-B4D8-E5A6DBD1E466}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E0C24DF9-9433-416E-891D-7C86B3E901EF}" = dir=in | app=c:\program files (x86)\squeezebox\server\squeezesvr.exe |
"{EB76AAFF-F505-4060-88D0-91864FC60EC8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F022EF82-6682-4C14-9F50-9E3D11AD78D4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FBB5AC3B-2C41-4B80-B973-DD5A65F3C340}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{99A5569D-9F86-4f32-A227-1538B731DA42}" = Canon MF4320-4350
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel® Network Connections 13.1.33.0
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"PROSetDX" = Intel® Network Connections 13.1.33.0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{292E1FC7-C42A-5ED5-0904-94C1A0A1538A}" = Catalyst Control Center InstallProxy
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2B21DAC6-647F-497F-918F-9A389EE24C1D}" = Quicken WillMaker Plus 2012
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C391720-EAA2-012B-AE98-000000000000}" = TurboTax 2009 wpaiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{4647B1E4-9907-4A58-963C-E785DF674C3E}" = TurboTax 2010 wpaiper
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis True Image Home
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf07
"{6C528316-05A0-4594-A949-94B792EC396C}" = TurboTax 2011 wpaiper
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7E820A0C-8CD6-44A2-9963-A243B224CDB4}" = TurboTax 2008 wpaiper
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F075020E-43B2-4F2C-9723-C81CE162E7B6}" = Ad-Aware Antivirus
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CameraUserGuide-PSSD1200IS_IXUS95IS" = Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DefaultTab" = DefaultTab
"DMUninstaller" = DMUninstaller
"ESET Online Scanner" = ESET Online Scanner v3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Juice" = Juice 2.2.2-a1
"Logitech Media Server_is1" = Logitech Media Server 7.7.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Savings Bond Wizard" = Savings Bond Wizard
"Secunia PSI" = Secunia PSI (2.0.0.1003)
"singalong@xenophesoft.com" = Sing Along
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"TomTom HOME" = TomTom HOME 2.8.3.2499
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1578236593-3675630618-1148527252-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AI RoboForm" = AI RoboForm
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/19/2013 6:46:44 PM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 5/20/2013 3:25:09 AM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 5/20/2013 7:55:12 AM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 5/20/2013 5:57:19 PM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 5/22/2013 5:48:16 PM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 5/22/2013 9:53:10 PM | Computer Name = Home-PC | Source = Perflib | ID = 1023
Description =
 
Error - 5/22/2013 9:53:10 PM | Computer Name = Home-PC | Source = Perflib | ID = 1023
Description =
 
Error - 5/23/2013 10:42:33 AM | Computer Name = Home-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 5/23/2013 10:51:32 AM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 5/23/2013 11:31:16 AM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 5/28/2013 5:50:08 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 5/28/2013 8:54:44 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 5/29/2013 7:46:54 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 5/29/2013 8:00:46 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 5/30/2013 6:32:22 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 6/1/2013 8:12:18 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 6/1/2013 11:30:17 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 6/2/2013 9:24:42 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 6/3/2013 6:22:50 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 6/3/2013 6:32:56 PM | Computer Name = Home-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.151.1460.0     Update Source: %%859     Update Stage:
 %%852     Source Path: http://www.microsoft.com     Signature Type: %%800     Update Type: %%803

 User:
 NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.9506.0     Error
 code: 0x8024402c     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support.
 
 
< End of report >

 

 

Sorry if I sound frustrated.  This is my first time to deal with a problem like this, and my first time to interact with someone on a website like this.  Certainly I am paranoid about computer security, despite my momentary lapse on the sports website the other night.  I know my computer, and I know it is behaving abnormally, but of course I don't really know what the problem is.  Thank you for helping me.


Edited by m0le, 04 June 2013 - 07:37 PM.
Deactivate link


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:43 AM

Posted 04 June 2013 - 07:50 PM

I've deactivated the link but I have seen the site. That is certainly very suspicious.

 

I understand your frustration and this type of problem is extremely difficult to track down. OTL looks okay as well so we're no further forward

 

I would like you to run Combofix, a powerful search and destroy tool, which is the equivalent of a quick win if it pays off. If not then we will need to go looking deeper for the registry entries that are probably making the window pop up.

 

Please download ComboFix from one of these locations:


* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

If you receive the message "Illegal operation attempted on a registry key that has been marked for deletion." then please reboot the system.


Posted Image
m0le is a proud member of UNITE

#13 baymyke

baymyke
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 04 June 2013 - 09:40 PM

Okay, here is my combofix txt log.  How will we know if it paid off? 

 

ComboFix 13-06-03.06 - Michael 06/04/2013  22:17:04.1.8 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.6134.4033 [GMT -4:00]
Running from: c:\users\Michael\Desktop\comfix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DefaultTab
c:\program files (x86)\DefaultTab\DefaultTab.crx
c:\program files (x86)\DefaultTab\uid
c:\users\Michael\AppData\Local\Temp\pdk-Michael-2080\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-2080\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-2080\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-2080\4461f48e31bde5c56b31b973b773de09\List.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-2080\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-2080\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-2080\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-2080\93e7e3d6030f426844228042348210cf\Service.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-2080\bd5179a413bc0c4b82eedc22c6cab101\re.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-2080\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-2080\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-2080\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-2080\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-2080\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-2080\e56c61f7248672819579325af3387035\POSIX.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-2080\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-2080\eb138ef0e4282611dbf485a302784646\LibYAML.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-2080\f233f63b6654362865c7577442edb9e3\Win32.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-2080\perl514.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\0665c25e931c1ac0151b062449e91028\XSAccessor.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\17d0b152e63e6bfe81b4b19588538896\mro.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\19febd96672ffdb7ea244cef36aaa062\Zlib.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\2b1fc61b36a6711ea149b18bf3b41500\Parser.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\38a10ee333cf1a9afec3f0acdf1bbebc\Scan.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\3a8764e0d7c5d453e01d9ad08cf7fb58\IO.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\3b7106dd14676048b10bbb09a990f74c\XS.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\4461f48e31bde5c56b31b973b773de09\List.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\44727051c604ef6b79894b64d4c63832\Expat.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\4f2c03383aab0133b8dc0a3fa2dd92fa\Storable.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\7f177c338672436e01c4f0bdbcf94491\EV.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\7f2598c08178217a0e2c754f3d568f28\Byte.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\8fedeb86a4a984edfc1fb255d4ea965c\XS.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\961b0d62fa52b1dd29c795a822fbf1cf\DBI.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\aff7ee779ea184f884ed432c30a58f5d\Scale.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\b6bd87c968599725b8ab2e5c25d3046a\API.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\b979ace6da01e63d651cce9ee2474fdc\Name.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\bc147d83c7c868eeee67082dcf55430c\File.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\bd5179a413bc0c4b82eedc22c6cab101\re.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\c199d3c1960e7aeeecb599487952bed2\HiRes.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\c19d5e3dc664d9f4ce700001e2621cee\MD5.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\c344fd5536724b2af2e6453833b60203\SHA1.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\c668a322917d32a5ea22894518aa9897\Base64.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\cf5fe81e2f5dcbfecfd0495e1648c991\Unicode.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\d0bf009923f29116535c26d228271d6d\Scan.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\d1c77e404b5c4b954fa537ed63c8fb7b\File.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\dacfd0ab9b5fd029ed8d29e4482b0775\XS.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\e2e81dd6b3e5a36f0bdae076393cc11d\icudt46.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\e2e81dd6b3e5a36f0bdae076393cc11d\icuin46.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\e2e81dd6b3e5a36f0bdae076393cc11d\icuuc46.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\e2e81dd6b3e5a36f0bdae076393cc11d\SQLite.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\e56c61f7248672819579325af3387035\POSIX.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\eb138ef0e4282611dbf485a302784646\LibYAML.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\f233f63b6654362865c7577442edb9e3\Win32.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\fa9e3c814aa32db2ad5f17bdfbc22746\attributes.dll
c:\users\Michael\AppData\Local\Temp\pdk-Michael-4008\perl514.dll
c:\users\Michael\AppData\Roaming\DefaultTab\DefaultTab
c:\users\Michael\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\Michael\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\users\Michael\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
c:\users\Michael\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\Michael\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\Michael\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DefaultTabUpdate
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-05 to 2013-06-05  )))))))))))))))))))))))))))))))
.
.
2013-06-05 02:22 . 2013-06-05 02:26 -------- d-----w- c:\users\Michael\AppData\Local\temp
2013-06-05 02:22 . 2013-06-05 02:22 -------- d-----w- c:\users\Rena\AppData\Local\temp
2013-06-05 02:22 . 2013-06-05 02:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-02 13:35 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AACADE8A-975F-4FA2-A387-05CFF096FA1C}\mpengine.dll
2013-06-01 12:22 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-28 01:29 . 2013-05-28 01:29 -------- d-----w- c:\windows\Microsoft Antimalware
2013-05-23 01:55 . 2013-05-23 01:55 -------- d-----w- c:\program files\Uninstaller
2013-05-23 01:54 . 2013-05-23 02:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-05-23 01:54 . 2013-05-23 01:58 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2013-05-23 01:52 . 2013-06-05 02:22 -------- d-----w- c:\users\Michael\AppData\Roaming\DefaultTab
2013-05-23 01:52 . 2013-05-23 01:52 -------- d-----w- c:\program files (x86)\SingAlong
2013-05-22 21:52 . 2013-05-22 21:57 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-05-22 21:51 . 2013-05-22 21:51 -------- d-----w- c:\programdata\Lavasoft
2013-05-22 21:51 . 2013-05-22 21:54 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2013-05-22 21:51 . 2013-05-22 21:51 -------- d-----w- c:\programdata\Downloaded Installations
2013-05-22 21:51 . 2013-05-22 21:51 -------- d-----w- c:\programdata\blekko toolbars
2013-05-22 21:51 . 2013-05-22 21:51 -------- d-----w- c:\users\Michael\AppData\Local\adawarebp
2013-05-22 21:51 . 2013-05-22 21:51 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-05-22 21:51 . 2013-05-22 21:51 -------- d-----w- c:\program files (x86)\adawaretb
2013-05-22 21:50 . 2013-05-22 21:51 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2013-05-21 22:56 . 2013-05-21 22:15 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F2B1C1E-1924-4AE6-9979-E31903FF1DA1}\gapaengine.dll
2013-05-21 11:15 . 2013-05-21 11:15 -------- d-----w- c:\program files (x86)\ESET
2013-05-20 22:13 . 2013-05-20 22:13 0 ----a-w- c:\windows\system32\snapapi.dll
2013-05-20 22:13 . 2013-05-20 22:13 0 ----a-w- c:\windows\system32\OLEPRO32.DLL
2013-05-20 22:13 . 2013-05-20 22:13 0 ----a-w- c:\windows\system32\MSVCR71.dll
2013-05-20 22:13 . 2013-05-20 22:13 0 ----a-w- c:\windows\system32\MSVCR100.dll
2013-05-20 22:13 . 2013-05-20 22:13 0 ----a-w- c:\windows\system32\MSVCP71.dll
2013-05-20 22:13 . 2013-05-20 22:13 0 ----a-w- c:\windows\system32\MSVCP100.dll
2013-05-20 22:13 . 2013-05-20 22:13 0 ----a-w- c:\windows\system32\acrotls.dll
2013-05-20 21:53 . 2013-05-20 21:53 -------- d-----w- c:\program files\iPod
2013-05-20 21:53 . 2013-05-20 21:54 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-20 21:53 . 2013-05-20 21:54 -------- d-----w- c:\program files\iTunes
2013-05-20 21:53 . 2013-05-20 21:54 -------- d-----w- c:\program files (x86)\iTunes
2013-05-20 00:26 . 2013-05-22 11:03 -------- d-----w- C:\Stinger_Quarantine
2013-05-20 00:26 . 2013-05-22 11:04 -------- d-----w- c:\program files\stinger
2013-05-20 00:21 . 2013-05-22 21:54 -------- d-----w- c:\users\Michael\AppData\Roaming\LavasoftStatistics
2013-05-20 00:20 . 2013-05-23 14:42 -------- d-----w- c:\users\Michael\AppData\Roaming\Ad-Aware Antivirus
2013-05-20 00:20 . 2013-05-22 21:50 47496 ----a-w- c:\windows\system32\sbbd.exe
2013-05-20 00:20 . 2013-05-22 21:50 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-05-19 22:48 . 2013-05-19 22:48 -------- d-----w- c:\users\Michael\AppData\Roaming\Malwarebytes
2013-05-19 22:47 . 2013-05-19 22:47 -------- d-----w- c:\programdata\Malwarebytes
2013-05-19 22:47 . 2013-05-19 22:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-19 22:47 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-19 21:13 . 2013-05-19 21:13 -------- d-----w- c:\users\Michael\AppData\Roaming\SUPERAntiSpyware.com
2013-05-19 21:13 . 2013-05-19 21:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-05-19 21:13 . 2013-05-19 21:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-05-15 01:22 . 2013-05-15 01:22 -------- d-----w- c:\programdata\ATI
2013-05-14 02:10 . 2013-05-16 00:47 -------- d-----w- c:\program files (x86)\Free Download Manager
2013-05-14 02:08 . 2013-05-23 01:45 -------- d-----w- c:\program files (x86)\xVidly
2013-05-14 02:04 . 2013-05-14 02:04 -------- d-----w- c:\programdata\APN
2013-05-14 02:00 . 2013-05-14 02:15 -------- d-----w- c:\users\Michael\AppData\Roaming\player
2013-05-14 01:56 . 2013-05-14 02:22 -------- d-----w- c:\programdata\Tarma Installer
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-20 07:03 . 2006-11-02 12:35 75016696 ----a-w- c:\windows\system32\mrt.exe
2013-05-20 02:26 . 2012-04-02 23:08 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-20 02:26 . 2011-05-18 01:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 15:29 . 2010-09-24 02:03 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-24 23:14 . 2011-03-27 01:44 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-21 18:52 . 2013-04-21 18:53 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-21 18:52 . 2012-06-17 16:29 866720 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-04-21 18:52 . 2010-05-15 11:06 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\SysWow64\GPhotos.scr
2013-03-11 13:33 . 2013-04-12 01:18 4691304 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-09 04:16 . 2013-04-12 01:18 85504 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-09 01:48 . 2013-04-12 01:18 75264 ----a-w- c:\windows\system32\smss.exe
2013-03-08 04:18 . 2013-04-12 01:17 451072 ----a-w- c:\windows\system32\winsrv.dll
2013-03-08 04:17 . 2013-04-12 01:16 2425344 ----a-w- c:\windows\system32\mstscax.dll
2013-03-08 03:52 . 2013-04-12 01:16 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-06-13 160328]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 5622512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-10 2595792]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-10 909208]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
c:\users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Media Server Tray Tool.lnk - c:\program files (x86)\Squeezebox\SqueezeTray.exe [2011-10-13 3051619]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2010-12-21 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 02:26]
.
2013-06-05 c:\windows\Tasks\Sing Along Update.job
- c:\program files (x86)\SingAlong\SingalngUpdater.exe [2013-06-02 20:30]
.
2013-06-04 c:\windows\Tasks\User_Feed_Synchronization-{18C9B602-8654-44B5-BE13-8795F8CA28BC}.job
- c:\windows\system32\msfeedssync.exe [2013-05-20 06:40]
.
2013-06-05 c:\windows\Tasks\User_Feed_Synchronization-{5ED2C4C1-5912-4640-8771-3EB9951A5E01}.job
- c:\windows\system32\msfeedssync.exe [2013-05-20 06:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2008-12-22 6931488]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-10 136472]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
BHO-{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - c:\users\Michael\AppData\Local\DownloadTerms\temp.dat
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\Michael\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM-Run-Skytel - c:\program files\Realtek\Audio\HDA\Skytel.exe
AddRemove-DefaultTab - c:\users\Michael\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
AddRemove-Savings Bond Wizard - c:\windows\unvise32.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Secunia\PSI\PSIA.exe
c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe
c:\program files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\program files (x86)\Secunia\PSI\sua.exe
c:\progra~2\AD-AWA~1\AdAware.exe
c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
c:\progra~2\SQUEEZ~1\server\SQUEEZ~3.EXE
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2013-06-04  22:31:07 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-05 02:31
.
Pre-Run: 544,586,473,472 bytes free
Post-Run: 544,235,749,376 bytes free
.
- - End Of File - - F8EC2B52D0EB27DD97E2B2E3B41F489B
 



#14 baymyke

baymyke
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 05 June 2013 - 06:14 AM

Just a quick update.  I shut down my computer after running combofix last night.  When I turned it on this morning, I soon got one of the same old player update warnings, so I guess it didn't work. 



#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:43 AM

Posted 05 June 2013 - 05:51 PM

 

-------\Service_DefaultTabUpdate

 

 

 

Bad. Adware that you really shouldn't be getting with a good antivirus/antispyware program. I'm rerunning Combofix to remove some items that you don't need and don't recognise. I'm also going to unlock legitimate registry keys. I'm also interested to see if this service has regenerated and will be removed again

 

Can you also let me know if any of the following are known to you

 

  • SingAlong
  • Blekko Toolbars
  • Toolbar Cleaner

 

 

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

Folder::
c:\programdata\blekko toolbars
c:\users\Michael\AppData\Roaming\DefaultTab
C:\Program Files (x86)\Free Download Manager
C:\Program Files (x86)\xVidly
C:\ProgramData\APN
C:\Users\Michael\AppData\Roaming\player
C:\ProgramData\Tarma Installer
 
Files::
C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\xVidly.lnk
 
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users