Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

STIEBar - SuperAntiSpyware - Bitdefender


  • This topic is locked This topic is locked
5 replies to this topic

#1 whitzle

whitzle

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 12 June 2013 - 07:29 PM

Hi,
 
When I run my free version of SuperAntiSpyware, it finds the STIEBar infection, & calls it a critical threat. When I have SuperAntiSpyware remove that threat, I reboot, & run the SuperAntiSpyware scan immediately to see if it really did remove the STIEBar files. They come up again every time with each scan. So do over a hundred non-critical threats that were there after the previous scan & were 'removed' & then are there again in the next scan that I do a few minutes after the previous scan. Bitdefender says my computer is fine. Is Bitdefender not detecting what SuperAntiSpyware is detecting? How do I permanently remove the threats that came up in the SuperAntiSpyware log? I'm including the SuperAntiSpyware scan log, followed by the dds.txt log.
 
Thanks for helping me on this,
whitzle
 
_________________________
 
 
SUPERAntiSpyware Scan Log
 
Generated 06/12/2013 at 01:49 PM
 
Application Version : 5.6.1020
 
Core Rules Database Version : 10523
Trace Rules Database Version: 8335
 
Scan type       : Quick Scan
Total Scan Time : 00:00:55
 
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
 
Memory items scanned      : 380
Memory threats detected   : 0
Registry items scanned    : 61020
Registry threats detected : 10
File items scanned        : 8511
File threats detected     : 70
 
Adware.SearchClickAds
    (x86) HKCR\TypeLib\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9}
    (x86) HKCR\TypeLib\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9}\1.0
    (x86) HKCR\TypeLib\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9}\1.0\0
    (x86) HKCR\TypeLib\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9}\1.0\0\win32
    (x86) HKCR\TypeLib\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9}\1.0\FLAGS
    (x86) HKCR\TypeLib\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9}\1.0\HELPDIR
 
Adware.STIEBar
    (x86) HKCR\interface\{38493f7f-2922-4c6c-9a9a-8da2c940d0ee}
    (x86) HKCR\interface\{38493f7f-2922-4c6c-9a9a-8da2c940d0ee}\ProxyStubClsid32
    (x86) HKCR\interface\{38493f7f-2922-4c6c-9a9a-8da2c940d0ee}\TypeLib
    (x86) HKCR\interface\{38493f7f-2922-4c6c-9a9a-8da2c940d0ee}\TypeLib#Version
 
Adware.Tracking Cookie
    ad.yieldmanager.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtechus.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .interclick.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .interclick.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .a1.interclick.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .a1.interclick.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .a1.interclick.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .a1.interclick.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .a1.interclick.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .a1.interclick.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .a1.interclick.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .interclick.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .kontera.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bs.serving-sys.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 
________________________________________
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 10.21.2
Run by Jim at 16:55:13 on 2013-06-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3895.1301 [GMT -7:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Users\Jim\AppData\Roaming\Dashlane\Dashlane.exe
C:\Program Files (x86)\PrintKey2000\Printkey2000.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msntask.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Dashlane BHO: {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - C:\Users\Jim\AppData\Roaming\Dashlane\ie\Dashlanei.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 6\bin\PlusIEContextMenu.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: Nuance PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll
TB: Dashlane Toolbar: {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Jim\AppData\Roaming\Dashlane\ie\KWIEBar.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Dashlane] "C:\Users\Jim\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PRINTK~1.LNK - C:\Program Files (x86)\PrintKey2000\Printkey2000.exe
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 6.0 - C:\Program Files (x86)\Nuance\PDF Professional 6\cnvres_eng.dll /100
IE: Open with PDF Professional 6 - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
TCP: NameServer = 68.6.16.245 12.127.17.72
TCP: Interfaces\{382CECE5-D5A4-432B-83D7-AB14CE7F9FCC} : DHCPNameServer = 68.6.16.245 12.127.17.72
TCP: Interfaces\{382CECE5-D5A4-432B-83D7-AB14CE7F9FCC}\14D4F414F57457563747 : DHCPNameServer = 209.116.241.10
TCP: Interfaces\{382CECE5-D5A4-432B-83D7-AB14CE7F9FCC}\27563747279636475646E2574756871637E2564657 : DHCPNameServer = 128.83.185.41 128.83.185.40
TCP: Interfaces\{382CECE5-D5A4-432B-83D7-AB14CE7F9FCC}\5416374737964656C4962627162797 : DHCPNameServer = 208.67.220.220 208.67.222.222
TCP: Interfaces\{382CECE5-D5A4-432B-83D7-AB14CE7F9FCC}\9646561636964797D27657563747 : DHCPNameServer = 209.18.47.61 209.18.47.62 198.6.1.5
TCP: Interfaces\{382CECE5-D5A4-432B-83D7-AB14CE7F9FCC}\C49626562716C656 : DHCPNameServer = 208.67.222.222 208.67.220.220 66.90.139.210
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe"
x64-IE: {ED93D107-B43A-490e-AA5C-C5578BAAF479} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\18f3joud.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Professional 6\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Jim\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\Jim\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\18f3joud.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\18f3joud.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npPitPlugin.dll
FF - plugin: C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\18f3joud.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: C:\Users\Jim\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-05-15 21:11; {ab91efd4-6975-4081-8552-1b3922ed79e2}; C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\18f3joud.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
FF - ExtSQL: 2013-05-25 20:00; {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}; C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\18f3joud.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2013-6-12 718840]
R0 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2013-6-11 147232]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2013-6-12 103504]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-6 13632]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-10-3 376144]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-1-27 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2010-6-1 72216]
R2 NWVZHelper;Novatel Wireless Verizon Device Helper;C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-6-14 270848]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-30 2320920]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [2013-6-12 68856]
R3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2013-6-12 261056]
R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2013-6-12 593144]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-9-26 233984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BDSandBox;BDSandBox;C:\Windows\System32\drivers\bdsandbox.sys [2013-6-12 82384]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [2012-5-19 275648]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2011-4-7 246224]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-21 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\System32\drivers\NwUsbCdFil64.sys [2010-7-8 25600]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);C:\Windows\System32\drivers\nwusbmdm_000.sys [2010-7-8 217728]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);C:\Windows\System32\drivers\nwusbser_000.sys [2010-7-8 217728]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);C:\Windows\System32\drivers\nwusbser2_000.sys [2010-7-8 217728]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-12-30 225280]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-12-30 236544]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2012-10-19 15712]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2012-11-14 40712]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-16 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-8 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
S4 0092791361384622mcinstcleanup;McAfee Application Installer Cleanup (0092791361384622);C:\Users\Jim\AppData\Local\Temp\009279~1.EXE -cleanup -nolog --> C:\Users\Jim\AppData\Local\Temp\009279~1.EXE -cleanup -nolog [?]
S4 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-11-6 89600]
S4 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-11-27 228408]
S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-1-25 92216]
S4 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
S4 PDFProFiltSrv;PDFProFiltSrv;C:\Program Files (x86)\Nuance\PDF Professional 6\PDFProFiltSrv.exe [2009-6-30 134944]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .reg: Regedit.Document - HKCR\Unknown\Shell=C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,OpenAs_RunDLL %1 [default=openas]
.
=============== Created Last 30 ================
.
2013-06-12 07:57:13 76944 ----a-w- C:\Windows\System32\drivers\bdvedisk.sys
2013-06-12 07:25:26 939458 ----a-w- C:\ProgramData\1371019831.bdinstall.bin
2013-06-12 07:24:05 -------- d-----w- C:\ProgramData\BDLogging
2013-06-12 07:23:46 82384 ----a-w- C:\Windows\System32\drivers\bdsandbox.sys
2013-06-12 07:23:46 511328 ----a-w- C:\Windows\capicom.dll
2013-06-12 07:23:38 593144 ----a-w- C:\Windows\System32\drivers\avckf.sys
2013-06-12 07:23:38 261056 ----a-w- C:\Windows\System32\drivers\avchv.sys
2013-06-12 07:23:36 718840 ----a-w- C:\Windows\System32\drivers\avc3.sys
2013-06-12 06:59:11 -------- d-----w- C:\Users\Jim\AppData\Roaming\Bitdefender
2013-06-12 06:59:04 -------- d-----w- C:\ProgramData\Bitdefender
2013-06-12 06:57:33 -------- d-----w- C:\Users\Jim\AppData\Roaming\QuickScan
2013-06-12 06:51:01 147232 ----a-w- C:\Windows\System32\drivers\gzflt.sys
2013-06-12 06:50:59 382536 ----a-w- C:\Windows\System32\drivers\trufos.sys
2013-06-12 06:50:59 -------- d-----w- C:\Program Files\Bitdefender
2013-06-12 06:45:09 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2013-06-12 04:46:58 -------- d-----w- C:\Program Files\Enigma Software Group
2013-06-12 04:45:44 -------- d-----w- C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-12 04:45:42 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-06-11 20:01:41 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-06-11 20:01:41 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-06-11 20:01:41 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-06-11 20:01:41 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-06-11 20:01:41 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-06-11 20:01:41 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-06-11 20:01:41 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-06-11 20:01:41 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-06-11 20:01:41 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-06-11 20:01:41 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-06-11 20:01:10 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-06-11 20:01:09 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-06-11 20:00:37 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-11 20:00:35 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-11 20:00:35 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-11 20:00:32 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-06-11 20:00:32 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-06-11 20:00:25 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-06-11 20:00:25 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-06-11 19:59:05 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{765993A4-B654-4A4E-BBB1-81A785351051}\mpengine.dll
2013-06-10 20:32:57 81920 ----a-w- C:\Windows\eSellerateControl350.dll
2013-06-10 20:32:57 356352 ----a-w- C:\Windows\eSellerateEngine.dll
2013-06-10 20:32:57 274432 ----a-w- C:\Windows\SysWow64\ssleay32.dll
2013-06-10 20:32:57 1122304 ----a-w- C:\Windows\SysWow64\libeay32.dll
2013-06-10 20:32:56 -------- d-----w- C:\Program Files (x86)\Adware . STIEBar Removal Tool
2013-06-06 03:50:52 -------- d-----w- C:\Users\Jim\AppData\Roaming\Dashlane
2013-05-26 21:39:18 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-16 01:48:55 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-16 01:48:55 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-16 01:48:55 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-16 01:46:39 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-16 01:46:35 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-16 01:46:33 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-16 01:46:33 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-16 01:46:24 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-05-16 01:46:23 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-05-16 01:46:11 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-15 22:16:19 -------- d-----w- C:\Users\Jim\AppData\Roaming\Go!Zilla
2013-05-15 22:16:12 -------- d-----w- C:\Program Files (x86)\GoZilla
.
==================== Find3M  ====================
.
2013-06-08 20:44:36 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2013-06-08 20:44:35 35656 ----a-w- C:\Windows\System32\LMIport.dll
2013-06-08 20:44:35 100680 ----a-w- C:\Windows\System32\LMIinit.dll
2013-05-25 20:26:44 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-05-14 13:14:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 09:23:31 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-03 22:59:58 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-03 22:59:57 866720 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-05-03 22:59:57 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-05-03 01:23:34 95472 ----a-w- C:\Windows\System32\bcmwlcoi.dll
2013-05-03 01:23:34 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll
2013-05-03 01:23:34 3894272 ----a-w- C:\Windows\System32\bcmihvsrv64.dll
2013-05-03 01:23:34 3558912 ----a-w- C:\Windows\System32\bcmihvui64.dll
2013-05-03 01:23:34 2838008 ----a-w- C:\Windows\System32\drivers\BCMWL664.SYS
2013-05-02 09:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-04 21:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-02-27 21:38:41 28672 ----a-w- C:\Program Files (x86)\PureText.exe
2009-05-29 06:47:08 1821008 ----a-w- C:\Program Files\instmsiw.exe
.
============= FINISH: 16:56:32.26 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:41 PM

Posted 15 June 2013 - 01:15 PM

whitzle,
 
We sincerely apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.
 

Some things to remember while we are working together:
 

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. smile.gif
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the StartNewTopic.gif button but use the AddReply.gif button instead.
  • In the upper right hand corner of the topic you will see the WatchTopic.gif button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.
 

Combofix
Please download Combofix from one of these links, and save it to your desktop.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you do not know how to do this you can find out >here< or >here<
3. Double click on combofix.exe & follow the prompts.
Important:

  • Do not mouseclick combofix's window while it's running. That may cause it to stall.
  • If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

 

In your next reply, please include:

  • Combofix log
  • How is your computer running now? Please be as descriptive as possible. Include any word-for-word error messages that you may have, and/or screenshots of strange behavior.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 whitzle

whitzle
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 15 June 2013 - 08:59 PM

Hi Jason,
I uninstalled SuperAntiSpyware (free version) since it didn't remove what it detected in that SuperAntiSpyware log I posted for you to see. No error messages or strange behavior has been occurring. Even so, I still wonder about the detections SuperAntiSpyware detected (like the STIEBar files). While I was uninstalling SuperAntiSpyware, I was offered the Pro version for $10 (usually goes for $30), but I didn't buy it. Bitdefender is what I've been using - I bought it a couple days ago. 
 
whitzle
 
____________________________________________________________________
 
 
ComboFix 13-06-15.01 - Jim 06/15/2013  18:17:49.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3895.2567 [GMT -7:00]
Running from: c:\users\Jim\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
SP: Bitdefender Antispyware *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Power Search Tool
c:\program files (x86)\Power Search Tool\alert_plugin.dll
c:\program files (x86)\Power Search Tool\basis.xml
c:\program files (x86)\Power Search Tool\ebay.bmp
c:\program files (x86)\Power Search Tool\icons.bmp
c:\program files (x86)\Power Search Tool\logo-4.bmp
c:\program files (x86)\Power Search Tool\mbback.bmp
c:\program files (x86)\Power Search Tool\mbbigopen.bmp
c:\program files (x86)\Power Search Tool\mbclose.bmp
c:\program files (x86)\Power Search Tool\mbfwd.bmp
c:\program files (x86)\Power Search Tool\mbsep.bmp
c:\program files (x86)\Power Search Tool\nav1c.bmp
c:\program files (x86)\Power Search Tool\options.html
c:\program files (x86)\Power Search Tool\PowerSearchTool4_0.crc
c:\program files (x86)\Power Search Tool\version.txt
c:\programdata\1371019831.bdinstall.bin
c:\users\Jim\Documents\Readiris.DUS
c:\users\Public\videos\HP MediaSmart Demo.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-16 to 2013-06-16  )))))))))))))))))))))))))))))))
.
.
2013-06-14 21:32 . 2013-06-08 14:08 279040 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-06-14 21:32 . 2013-06-08 12:28 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-14 21:32 . 2013-06-08 11:41 218112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-06-14 21:32 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-06-14 21:32 . 2013-06-08 14:08 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-06-14 21:32 . 2013-06-08 14:06 2648064 ----a-w- c:\windows\system32\iertutil.dll
2013-06-14 21:32 . 2013-06-08 14:06 526336 ----a-w- c:\windows\system32\ieui.dll
2013-06-14 21:32 . 2013-06-08 14:06 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-06-14 21:31 . 2013-06-08 14:07 19233792 ----a-w- c:\windows\system32\mshtml.dll
2013-06-12 23:40 . 2013-06-12 23:40 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-06-12 07:57 . 2013-06-12 07:57 76944 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2013-06-12 07:24 . 2013-06-12 07:24 -------- d-----w- c:\programdata\BDLogging
2013-06-12 07:23 . 2012-11-13 01:11 82384 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2013-06-12 07:23 . 2007-04-11 18:11 511328 ----a-w- c:\windows\capicom.dll
2013-06-12 07:23 . 2013-04-17 21:59 593144 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-06-12 07:23 . 2012-11-02 21:17 261056 ----a-w- c:\windows\system32\drivers\avchv.sys
2013-06-12 07:23 . 2013-04-17 21:59 718840 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-06-12 06:59 . 2013-06-12 06:59 -------- d-----w- c:\users\Jim\AppData\Roaming\Bitdefender
2013-06-12 06:59 . 2013-06-12 07:25 -------- d-----w- c:\programdata\Bitdefender
2013-06-12 06:57 . 2013-06-12 06:57 -------- d-----w- c:\users\Jim\AppData\Roaming\QuickScan
2013-06-12 06:51 . 2012-10-04 21:30 147232 ----a-w- c:\windows\system32\drivers\gzflt.sys
2013-06-12 06:50 . 2013-06-13 00:35 -------- d-----w- c:\program files\Bitdefender
2013-06-12 06:50 . 2013-05-28 19:12 382536 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-06-12 06:45 . 2013-06-12 06:51 -------- d-----w- c:\program files\Common Files\Bitdefender
2013-06-12 04:46 . 2013-06-12 04:46 -------- d-----w- c:\program files\Enigma Software Group
2013-06-12 04:45 . 2013-06-12 23:54 -------- d-----w- c:\windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-12 04:45 . 2013-06-12 04:45 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-06-11 20:01 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-11 20:01 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-11 20:01 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-11 20:01 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-11 20:01 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-11 20:01 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-11 20:01 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-11 20:01 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-11 20:01 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-11 20:01 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-11 20:01 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-11 20:01 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-11 20:00 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-11 20:00 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-11 20:00 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-11 20:00 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-11 20:00 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-11 20:00 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-11 20:00 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-11 19:59 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{765993A4-B654-4A4E-BBB1-81A785351051}\mpengine.dll
2013-06-10 20:32 . 2012-12-10 17:04 81920 ----a-w- c:\windows\eSellerateControl350.dll
2013-06-10 20:32 . 2012-12-10 17:04 356352 ----a-w- c:\windows\eSellerateEngine.dll
2013-06-10 20:32 . 2009-07-24 00:32 274432 ----a-w- c:\windows\SysWow64\ssleay32.dll
2013-06-10 20:32 . 2009-07-24 00:32 1122304 ----a-w- c:\windows\SysWow64\libeay32.dll
2013-06-10 20:32 . 2013-06-10 21:25 -------- d-----w- c:\program files (x86)\Adware . STIEBar Removal Tool
2013-06-06 03:50 . 2013-06-06 03:55 -------- d-----w- c:\users\Jim\AppData\Roaming\Dashlane
2013-05-26 21:39 . 2013-05-26 21:39 262552 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 01:57 . 2010-03-08 21:24 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-08 20:44 . 2010-06-01 20:57 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-06-08 20:44 . 2010-06-01 20:57 35656 ----a-w- c:\windows\system32\LMIport.dll
2013-06-08 20:44 . 2010-06-01 20:56 100680 ----a-w- c:\windows\system32\LMIinit.dll
2013-05-25 20:26 . 2010-06-01 20:57 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-05-07 22:59 . 2010-06-24 15:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-03 22:59 . 2013-05-03 23:00 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-03 22:59 . 2012-07-14 20:03 866720 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-05-03 22:59 . 2010-06-08 18:43 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-03 01:23 . 2009-12-30 09:28 95472 ----a-w- c:\windows\system32\bcmwlcoi.dll
2013-05-03 01:23 . 2009-12-30 09:28 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2013-05-03 01:23 . 2009-12-30 09:28 3894272 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2013-05-03 01:23 . 2009-12-30 09:28 3558912 ----a-w- c:\windows\system32\bcmihvui64.dll
2013-05-03 01:23 . 2009-12-30 09:28 2838008 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2013-05-02 09:06 . 2010-03-07 20:23 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-30 00:02 . 2013-04-30 00:02 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 00:02 . 2013-04-30 00:02 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-30 00:02 . 2013-04-30 00:02 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-30 00:02 . 2013-04-30 00:02 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-30 00:02 . 2013-04-30 00:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-30 00:02 . 2013-04-30 00:02 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-30 00:02 . 2013-04-30 00:02 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-30 00:02 . 2013-04-30 00:02 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-30 00:02 . 2013-04-30 00:02 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-30 00:02 . 2013-04-30 00:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-30 00:02 . 2013-04-30 00:02 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-30 00:02 . 2013-04-30 00:02 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-30 00:02 . 2013-04-30 00:02 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-30 00:02 . 2013-04-30 00:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-30 00:02 . 2013-04-30 00:02 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-30 00:02 . 2013-04-30 00:02 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-30 00:02 . 2013-04-30 00:02 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-30 00:02 . 2013-04-30 00:02 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-30 00:02 . 2013-04-30 00:02 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-30 00:02 . 2013-04-30 00:02 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 00:02 . 2013-04-30 00:02 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-30 00:02 . 2013-04-30 00:02 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-30 00:02 . 2013-04-30 00:02 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-30 00:02 . 2013-04-30 00:02 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-30 00:02 . 2013-04-30 00:02 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-30 00:02 . 2013-04-30 00:02 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-30 00:02 . 2013-04-30 00:02 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-30 00:02 . 2013-04-30 00:02 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-30 00:02 . 2013-04-30 00:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-30 00:02 . 2013-04-30 00:02 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-30 00:02 . 2013-04-30 00:02 441856 ----a-w- c:\windows\system32\html.iec
2013-04-30 00:02 . 2013-04-30 00:02 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-30 00:02 . 2013-04-30 00:02 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-30 00:02 . 2013-04-30 00:02 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-30 00:02 . 2013-04-30 00:02 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-30 00:02 . 2013-04-30 00:02 235008 ----a-w- c:\windows\system32\url.dll
2013-04-30 00:02 . 2013-04-30 00:02 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-30 00:02 . 2013-04-30 00:02 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-30 00:02 . 2013-04-30 00:02 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-30 00:02 . 2013-04-30 00:02 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-30 00:02 . 2013-04-30 00:02 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-30 00:02 . 2013-04-30 00:02 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-30 00:02 . 2013-04-30 00:02 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-30 00:02 . 2013-04-30 00:02 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-30 00:02 . 2013-04-30 00:02 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-30 00:02 . 2013-04-30 00:02 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-30 00:02 . 2013-04-30 00:02 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-30 00:02 . 2013-04-30 00:02 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-30 00:02 . 2013-04-30 00:02 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-13 05:49 . 2013-05-16 01:48 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 01:48 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 01:48 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 01:48 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 01:48 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 01:48 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 18:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-16 01:48 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-16 01:48 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-16 01:46 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 21:50 . 2013-02-27 00:21 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-19 06:04 . 2013-04-09 23:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:53 . 2013-05-16 01:46 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-03-19 05:53 . 2013-05-16 01:46 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-03-19 05:46 . 2013-04-09 23:04 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-09 23:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-09 23:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-09 23:04 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-09 23:04 112640 ----a-w- c:\windows\system32\smss.exe
2013-02-27 21:38 . 2003-08-21 10:00 28672 ----a-w- c:\program files (x86)\PureText.exe
2009-05-29 06:47 . 2009-05-29 06:47 1821008 ----a-w- c:\program files\instmsiw.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-08-29 21:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-08-29 21:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-08-29 21:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dashlane"="c:\users\Jim\AppData\Roaming\Dashlane\Dashlane.exe" [2013-05-31 270520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Printkey2000.lnk - c:\program files (x86)\PrintKey2000\Printkey2000.exe [2010-5-26 869376]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x]
R3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys;c:\windows\SYSNATIVE\drivers\DigiartyVirtualCDBus.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys;c:\windows\SYSNATIVE\DRIVERS\NwUsbCdFil64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\BatteryCare\WinRing0x64.sys;c:\program files (x86)\BatteryCare\WinRing0x64.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 0092791361384622mcinstcleanup;McAfee Application Installer Cleanup (0092791361384622);c:\users\Jim\AppData\Local\Temp\009279~1.EXE;c:\users\Jim\AppData\Local\Temp\009279~1.EXE [x]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
R4 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
R4 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\Nuance\PDF Professional 6\PDFProFiltSrv.exe;c:\program files (x86)\Nuance\PDF Professional 6\PDFProFiltSrv.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys;c:\windows\SYSNATIVE\DRIVERS\nwusbmdm_000.sys [x]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys;c:\windows\SYSNATIVE\DRIVERS\nwusbser_000.sys [x]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys;c:\windows\SYSNATIVE\DRIVERS\nwusbser2_000.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-12 23:18]
.
2013-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-12 23:18]
.
2013-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1396301682-2749084838-641560585-1000Core.job
- c:\users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-07 20:23]
.
2013-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1396301682-2749084838-641560585-1000UA.job
- c:\users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-07 20:23]
.
2013-06-13 c:\windows\Tasks\HPCeeScheduleForJim.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-08-29 21:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-08-29 21:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-08-29 21:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2000-01-01 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2000-01-01 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2000-01-01 408600]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2000-01-01 1425408]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-01-27 57928]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-04-24 1569536]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append the content of the link to existing PDF file - c:\program files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 6.0 - c:\program files (x86)\Nuance\PDF Professional 6\cnvres_eng.dll /100
IE: Open with PDF Professional 6 - c:\program files (x86)\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
FF - ProfilePath - c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\18f3joud.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - ExtSQL: 2013-05-15 21:11; {ab91efd4-6975-4081-8552-1b3922ed79e2}; c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\18f3joud.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
FF - ExtSQL: 2013-05-25 20:00; {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}; c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\18f3joud.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
.
.
------- File Associations -------
.
.reg=Regedit.Document
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-15  18:32:40
ComboFix-quarantined-files.txt  2013-06-16 01:32
.
Pre-Run: 285,846,663,168 bytes free
Post-Run: 285,659,082,752 bytes free
.
- - End Of File - - CFB4B86FB8A0A787AF6BE1FA7760B747
D41D8CD98F00B204E9800998ECF8427E


#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:41 PM

Posted 16 June 2013 - 12:35 PM

I uninstalled SuperAntiSpyware (free version) since it didn't remove what it detected in that SuperAntiSpyware log I posted for you to see. No error messages or strange behavior has been occurring. Even so, I still wonder about the detections SuperAntiSpyware detected (like the STIEBar files). While I was uninstalling SuperAntiSpyware, I was offered the Pro version for $10 (usually goes for $30), but I didn't buy it. Bitdefender is what I've been using - I bought it a couple days ago. 

 
It was probably a good idea to uninstall SuperAntiSpyware. It used to be a pretty good program, but hasn't been recommended recently.  The following three programs should help remove the remnants of the STIEBar files.  Bitdefender is actually a pretty good antivirus program.


:step1: Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

=============================================================================

:step2: Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

=======================================

:step3: Please run a free online scan with the ESET Online Scanner

  • Temporarily disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

 

In your next reply, please include:

  • adwCleaner log
  • JRT log
  • ESET log
  • How's your computer running now? Please be as descriptive as possible.

Edited by jntkwx, 16 June 2013 - 12:35 PM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:41 PM

Posted 22 June 2013 - 12:38 PM

whitzle,
 
It has been six days since my last post. Do you still need help?
 
If you do, please follow my previous instructions. :thumbup2:


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:41 PM

Posted 25 June 2013 - 07:58 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users