Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trying to do anything on my PC is impossibly slow. I must be I'm infected!


  • Please log in to reply
9 replies to this topic

#1 TKTheKid

TKTheKid

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 13 June 2013 - 08:52 PM

Hi all,

 

First of all, I appreciate any help that you all can provide.

 

Well, you know how it says that DDS shouldn't take more than 3 minutes to run?  Well 20 minutes terrible, no?  Anyway, doing anything on my PC is an issue.  Windows constantly freeze and hang up very badly.  Running MWB and AA didn't help.

 

Here is the log and attachment:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 10.17.2
Run by Tony at 21:29:09 on 2013-06-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1791.652 [GMT -4:00]
.
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\System32\WUDFHost.exe
C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://logmein.com/
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - 
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - 
uRun: [Macromedia] rundll32 "C:\Users\Tony\AppData\Local\Apple\Macromedia\lpeagjjb.dll",DllRegisterServer
StartupFolder: C:\Users\Tony\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3968CE3D-1B74-4334-8F60-0E7DAABA9780} : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://google.com/search?btnI=1&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Tony\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\extensions\LogMeInClient@logmein.com\plugins\npLMI64.dll
FF - plugin: C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-06-02 10:06; ng0ui@jhwtttg.com; C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\extensions\ng0ui@jhwtttg.com
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=ae90e714000000000000f04da2f4b65c&q=
FF - user.js: extensions.BabylonToolbar.id - ae90e714000000000000f04da2f4b65c
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15709
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.7.2
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.7.2
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.223:32:23
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110195&tt=0113_1
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-6-10 14456]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-11-2 55856]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-3-18 1236336]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-11-2 203776]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-3-30 151656]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-11-2 1692480]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-11-2 320040]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S2 0011921345317134mcinstcleanup;McAfee Application Installer Cleanup (0011921345317134);C:\Users\Tony\AppData\Local\Temp\001192~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -
 
service --> C:\Users\Tony\AppData\Local\Temp\001192~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [?]
S2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [?]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\My Dell\pcdsrvc_x64.pkms [2013-5-3 25584]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-25 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-06-13 23:29:31 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADD43F3F-51E6-4E4C-9BDD-1A1300E715ED}\mpengine.dll
2013-06-12 05:19:57 -------- d-----w- C:\Windows\pss
2013-06-12 00:07:43 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-12 00:05:44 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-12 00:05:24 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-12 00:05:24 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-12 00:05:17 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-06-12 00:05:17 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-06-11 03:16:25 -------- d-----w- C:\$RECYCLE.BIN
2013-06-10 23:41:10 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus
2013-06-10 23:41:09 -------- d-----w- C:\Users\Tony\AppData\Roaming\LavasoftStatistics
2013-06-10 23:33:50 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2013-06-10 23:33:20 -------- d-----w- C:\ProgramData\Downloaded Installations
2013-06-10 23:33:17 -------- d-----w- C:\ProgramData\blekko toolbars
2013-06-10 23:33:17 -------- d-----w- C:\ProgramData\adawaretb
2013-06-10 23:33:15 -------- d-----w- C:\Users\Tony\AppData\Local\adawarebp
2013-06-10 23:33:11 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2013-06-10 23:32:50 -------- d-----w- C:\Program Files (x86)\adawaretb
2013-06-10 23:32:45 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2013-06-10 23:30:03 47496 ----a-w- C:\Windows\System32\sbbd.exe
2013-06-10 23:30:03 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
2013-06-10 23:29:58 -------- d-----w- C:\Users\Tony\AppData\Roaming\Ad-Aware Antivirus
2013-06-02 14:10:53 -------- d-----w- C:\Users\Tony\AppData\Roaming\NCdownloader
2013-06-02 14:06:27 -------- d-----w- C:\ProgramData\StarApp
2013-06-02 14:06:18 -------- d-----w- C:\Windows\SysWow64\AMD64
2013-06-02 14:06:18 -------- d-----w- C:\Program Files (x86)\Solibo Ltd
2013-06-02 14:06:01 -------- d-----w- C:\Program Files (x86)\ContinueToSave
2013-05-22 00:34:41 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
2013-05-22 00:33:44 -------- d-----w- C:\Program Files\My Dell
2013-05-22 00:13:43 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0A93C836-4250-4570-9E4A-F97FC1D8CE7F}\gapaengine.dll
2013-05-18 15:38:24 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
.
==================== Find3M  ====================
.
2013-06-12 01:15:39 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 01:15:39 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-05-14 13:14:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 09:23:31 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-04-14 18:20:56 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-14 18:20:52 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-04-14 18:20:52 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-31 22:52:16 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
.
============= FINISH: 21:46:32.99 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:04:44 PM

Posted 16 June 2013 - 04:39 PM

Hello and welcome to BleepingComputer. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :welcome:

 

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.
 


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#3 TKTheKid

TKTheKid
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 16 June 2013 - 07:09 PM

Thank you very much for your time Dark Knight!  i wasn't sure if you wanted that ComboFix.txt file attached or just pasted, but I pasted it below.

 

Tony

 

 

 

ComboFix 13-06-15.01 - Tony 06/16/2013  19:22:36.6.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1791.615 [GMT -4:00]
Running from: c:\users\Tony\Desktop\Tony's Folder\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6261\AddOnDownloaded\27ada864-54d8-46c9-a6e3-8334fa39b525.dll
c:\programdata\PCDr\6261\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll
c:\programdata\PCDr\6261\AddOnDownloaded\31274d4c-b2a5-4954-874c-18abd8e795fc.dll
c:\users\Tony\AppData\Local\Apple\Macromedia\lpeagjjb.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-16 to 2013-06-16  )))))))))))))))))))))))))))))))
.
.
2013-06-16 23:58 . 2013-06-16 23:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-06-16 23:58 . 2013-06-16 23:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-16 16:45 . 2013-06-16 16:45 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{45960C99-787C-4744-AA61-746DC7699571}\offreg.dll
2013-06-16 13:28 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{45960C99-787C-4744-AA61-746DC7699571}\mpengine.dll
2013-06-15 07:03 . 2013-06-08 12:28 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-15 07:03 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-06-15 07:03 . 2013-06-08 14:08 279040 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-06-15 07:03 . 2013-06-08 11:41 218112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-06-15 07:02 . 2013-06-08 14:08 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-06-15 07:02 . 2013-06-08 14:06 2648064 ----a-w- c:\windows\system32\iertutil.dll
2013-06-15 07:02 . 2013-06-08 14:06 526336 ----a-w- c:\windows\system32\ieui.dll
2013-06-15 07:02 . 2013-06-08 14:06 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-06-15 07:02 . 2013-06-08 14:07 19233792 ----a-w- c:\windows\system32\mshtml.dll
2013-06-15 00:29 . 2013-05-22 00:13 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41ABAA63-CC9E-4B42-A1F6-72C5DF71024E}\gapaengine.dll
2013-06-15 00:28 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-12 00:05 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 00:05 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 00:05 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 00:05 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 00:05 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-10 23:41 . 2013-06-10 23:47 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-06-10 23:41 . 2013-06-10 23:41 -------- d-----w- c:\users\Tony\AppData\Roaming\LavasoftStatistics
2013-06-10 23:33 . 2013-06-10 23:33 -------- d-----w- c:\programdata\Lavasoft
2013-06-10 23:33 . 2013-06-10 23:41 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2013-06-10 23:33 . 2013-06-10 23:33 -------- d-----w- c:\programdata\Downloaded Installations
2013-06-10 23:33 . 2013-06-10 23:33 -------- d-----w- c:\programdata\blekko toolbars
2013-06-10 23:33 . 2013-06-10 23:33 -------- d-----w- c:\programdata\adawaretb
2013-06-10 23:33 . 2013-06-10 23:33 -------- d-----w- c:\users\Tony\AppData\Local\adawarebp
2013-06-10 23:33 . 2013-06-10 23:33 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-06-10 23:32 . 2013-06-10 23:33 -------- d-----w- c:\program files (x86)\adawaretb
2013-06-10 23:32 . 2013-06-10 23:32 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2013-06-10 23:30 . 2013-06-10 23:30 47496 ----a-w- c:\windows\system32\sbbd.exe
2013-06-10 23:30 . 2013-06-10 23:30 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-06-10 23:29 . 2013-06-11 02:40 -------- d-----w- c:\users\Tony\AppData\Roaming\Ad-Aware Antivirus
2013-06-02 14:10 . 2013-06-02 14:10 -------- d-----w- c:\users\Tony\AppData\Roaming\NCdownloader
2013-06-02 14:06 . 2013-06-02 14:06 -------- d-----w- c:\programdata\StarApp
2013-06-02 14:06 . 2013-06-02 14:06 -------- d-----w- c:\windows\SysWow64\AMD64
2013-06-02 14:06 . 2013-06-02 14:06 -------- d-----w- c:\program files (x86)\Solibo Ltd
2013-06-02 14:06 . 2013-06-11 01:24 -------- d-----w- c:\program files (x86)\ContinueToSave
2013-05-22 00:34 . 2013-05-22 00:34 -------- d-----w- c:\programdata\PC-Doctor for Windows
2013-05-22 00:33 . 2013-05-24 19:58 -------- d-----w- c:\program files\My Dell
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 06:16 . 2011-11-25 19:06 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 01:15 . 2012-08-08 23:25 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 01:15 . 2011-11-02 17:13 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-22 00:13 . 2012-12-31 13:10 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 22:15 . 2012-07-29 17:25 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-14 18:20 . 2013-04-14 18:21 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-14 18:20 . 2012-08-18 20:44 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-14 18:20 . 2011-11-02 17:34 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-13 05:49 . 2013-05-14 22:23 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-14 22:23 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-14 22:23 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-14 22:23 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-14 22:23 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-14 22:23 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-25 02:42 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-14 22:23 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-14 22:23 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-14 22:22 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 18:50 . 2011-11-25 01:53 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 06:16 . 2013-04-02 06:16 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-02 06:16 . 2013-04-02 06:16 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-02 06:16 . 2013-04-02 06:16 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-02 06:16 . 2013-04-02 06:16 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-02 06:16 . 2013-04-02 06:16 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-02 06:16 . 2013-04-02 06:16 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-02 06:16 . 2013-04-02 06:16 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-02 06:16 . 2013-04-02 06:16 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-02 06:16 . 2013-04-02 06:16 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-02 06:16 . 2013-04-02 06:16 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-02 06:16 . 2013-04-02 06:16 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-02 06:16 . 2013-04-02 06:16 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-02 06:16 . 2013-04-02 06:16 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-02 06:16 . 2013-04-02 06:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-02 06:16 . 2013-04-02 06:16 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-02 06:16 . 2013-04-02 06:16 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-02 06:16 . 2013-04-02 06:16 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-02 06:16 . 2013-04-02 06:16 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-02 06:16 . 2013-04-02 06:16 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-02 06:16 . 2013-04-02 06:16 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-02 06:16 . 2013-04-02 06:16 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-02 06:16 . 2013-04-02 06:16 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-02 06:16 . 2013-04-02 06:16 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-02 06:16 . 2013-04-02 06:16 441856 ----a-w- c:\windows\system32\html.iec
2013-04-02 06:16 . 2013-04-02 06:16 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-02 06:16 . 2013-04-02 06:16 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-02 06:16 . 2013-04-02 06:16 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-02 06:16 . 2013-04-02 06:16 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-02 06:16 . 2013-04-02 06:16 235008 ----a-w- c:\windows\system32\url.dll
2013-04-02 06:16 . 2013-04-02 06:16 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-02 06:16 . 2013-04-02 06:16 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-02 06:16 . 2013-04-02 06:16 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-02 06:16 . 2013-04-02 06:16 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-02 06:16 . 2013-04-02 06:16 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-02 06:16 . 2013-04-02 06:16 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-02 06:16 . 2013-04-02 06:16 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-02 06:16 . 2013-04-02 06:16 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-02 06:16 . 2013-04-02 06:16 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-02 06:16 . 2013-04-02 06:16 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-02 06:16 . 2013-04-02 06:16 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-02 06:16 . 2013-04-02 06:16 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-02 06:16 . 2013-04-02 06:16 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-02 06:16 . 2013-04-02 06:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-02 06:16 . 2013-04-02 06:16 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-02 06:16 . 2013-04-02 06:16 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-02 06:16 . 2013-04-02 06:16 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-02 06:16 . 2013-04-02 06:16 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-02 06:16 . 2013-04-02 06:16 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-02 06:16 . 2013-04-02 06:16 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-19 06:04 . 2013-04-10 22:44 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:53 . 2013-05-14 22:22 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-03-19 05:53 . 2013-05-14 22:22 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-03-19 05:46 . 2013-04-10 22:44 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 22:44 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 22:44 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 22:44 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 22:44 112640 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
.
c:\users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Google Chrome.lnk - c:\users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe [2012-8-26 825808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 0011921345317134mcinstcleanup;McAfee Application Installer Cleanup (0011921345317134);c:\users\Tony\AppData\Local\Temp\001192~1.EXE;c:\users\Tony\AppData\Local\Temp\001192~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\my dell\pcdsrvc_x64.pkms;c:\program files\my dell\pcdsrvc_x64.pkms [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-08 01:15]
.
2013-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993072558-3099979866-3506296825-1001Core.job
- c:\users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-26 22:07]
.
2013-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993072558-3099979866-3506296825-1001UA.job
- c:\users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-26 22:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-10 8321568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://logmein.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://google.com/search?btnI=1&q=
FF - ExtSQL: 2013-06-02 10:06; ng0ui@jhwtttg.com; c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\extensions\ng0ui@jhwtttg.com
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=ae90e714000000000000f04da2f4b65c&q=
FF - user.js: extensions.BabylonToolbar.id - ae90e714000000000000f04da2f4b65c
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15709
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.7.2
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.7.2
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.223:32
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110195&tt=0113_1
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-Macromedia - c:\users\Tony\AppData\Local\Apple\Macromedia\lpeagjjb.dll
AddRemove-LiveVDO plugin - c:\program files (x86)\StartSearch plugin\uninst.exe
AddRemove-{C1C6816E-CBB3-A748-85F9-A8B47B68985B} - c:\programdata\cuontinuietosaave\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{D3412D80-CF3B4A27-06020200}_0]
"ImagePath"="\??\c:\program files\my dell\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{28387537-E3F9-4ED7-860C-11E69AF4A8A0}"=hex:51,66,7a,6c,4c,1d,38,12,59,76,2b,
   2c,cb,ad,b9,0b,f9,1a,52,a6,9f,aa,ec,b4
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
   79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:5b,f8,fb,94,d8,74,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-16  20:05:44
ComboFix-quarantined-files.txt  2013-06-17 00:05
ComboFix2.txt  2013-06-11 03:23
ComboFix3.txt  2013-02-08 05:21
.
Pre-Run: 254,329,663,488 bytes free
Post-Run: 254,011,551,744 bytes free
.
- - End Of File - - 8763B529F2F4C5F025635AE1ECBFA8CC
5C616939100B85E558DA92B899A0FC36


#4 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:04:44 PM

Posted 17 June 2013 - 04:45 PM

Good morning TKTheKid,

 

i wasn't sure if you wanted that ComboFix.txt file attached or just pasted, but I pasted it below.

Pasting is perfect. I prefer pasting as it is easier to read your logs. :)

 

I notice that you have the blekko toolbar installed. This toolbar is known to make unauthorised changes in your browsers and it is for this reason I recommend removing it. Please see here for more information.

 

Please go to Start>Control Panel>Programs and uninstall the following (if present):

  • blekko

  • blekko toolbar

  • Datamngr

  • MediaBar

Please restart your computer after these program removals.

 

=====

 

Do you know what this is:

 

ng0ui@jhwtttg.com

 

=====

 

Next, please follow these instructions to remove the remaining malicious entries:

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:

    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.

    killall::

    Firefox::
    FF - ProfilePath - c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=ae90e714000000000000f04da2f4b65c&q=
    FF - user.js: extensions.BabylonToolbar.id - ae90e714000000000000f04da2f4b65c
    FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
    FF - user.js: extensions.BabylonToolbar.instlDay - 15709
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.7.2
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.7.2
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.223:32
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - base
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110195&tt=0113_1
    FF - user.js: extensions.BabylonToolbar_i.babExt - 
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar.autoRvrt - false
    FF - user.js: extensions.BabylonToolbar.rvrt - false
    FF - user.js: extensions.BabylonToolbar_i.newTab - false

     

    Registry::

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
    c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll [BU]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll" [BU]
    [HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]

     

     



  • Save this as CFScript.txt, in the same location as ComboFix.exe.

    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.

Please post the ComboFix.txt in your next reply.
 

=====

 

Finally, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

 

=====

 

In your reply I would like to see the following please:

  • ComboFix.txt.

  • AdwCleaner[R1].txt.

How is your computer running now?


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#5 TKTheKid

TKTheKid
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 17 June 2013 - 11:12 PM

Hi again Dark Knight,
 
I have no idea what the blekko toolbar is!  Hahaha.  And I actually didn't see any of those four programs when I went to go uninstall them.  Strange, huh?
 
----------------------------------------------------------------------------------------------------

 

Unfortunately, I don't know what ng0ui@jhwtttg.com is.  Sorry!
 
----------------------------------------------------------------------------------------------------

 

Here are the contents of C:\ComboFix.txt:
 
ComboFix 13-06-17.01 - Tony 06/17/2013  20:16:29.7.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1791.946 [GMT -4:00]
Running from: c:\users\Tony\Desktop\Tony's Folder\ComboFix.exe
Command switches used :: c:\users\Tony\Desktop\Tony's Folder\CFScript.txt
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6261\AddOnDownloaded\27ada864-54d8-46c9-a6e3-8334fa39b525.dll
c:\programdata\PCDr\6261\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll
c:\programdata\PCDr\6261\AddOnDownloaded\31274d4c-b2a5-4954-874c-18abd8e795fc.dll
c:\programdata\PCDr\6261\AddOnDownloaded\b3ef58a2-77e9-414a-b8f6-b8cbbf497383.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-18 to 2013-06-18  )))))))))))))))))))))))))))))))
.
.
2013-06-18 00:38 . 2013-06-18 00:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-06-18 00:38 . 2013-06-18 00:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-17 22:41 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66453BF6-B8E5-418F-B2DF-DCB956FEEF51}\mpengine.dll
2013-06-16 13:28 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-15 07:03 . 2013-06-08 12:28 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-15 07:03 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-06-15 07:03 . 2013-06-08 14:08 279040 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-06-15 07:03 . 2013-06-08 11:41 218112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-06-15 07:02 . 2013-06-08 14:08 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-06-15 07:02 . 2013-06-08 14:06 2648064 ----a-w- c:\windows\system32\iertutil.dll
2013-06-15 07:02 . 2013-06-08 14:06 526336 ----a-w- c:\windows\system32\ieui.dll
2013-06-15 07:02 . 2013-06-08 14:06 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-06-15 07:02 . 2013-06-08 14:07 19233792 ----a-w- c:\windows\system32\mshtml.dll
2013-06-15 00:29 . 2013-05-22 00:13 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41ABAA63-CC9E-4B42-A1F6-72C5DF71024E}\gapaengine.dll
2013-06-12 00:05 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 00:05 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 00:05 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 00:05 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 00:05 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-10 23:41 . 2013-06-10 23:47 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-06-10 23:41 . 2013-06-10 23:41 -------- d-----w- c:\users\Tony\AppData\Roaming\LavasoftStatistics
2013-06-10 23:33 . 2013-06-10 23:33 -------- d-----w- c:\programdata\Lavasoft
2013-06-10 23:33 . 2013-06-10 23:41 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2013-06-10 23:33 . 2013-06-10 23:33 -------- d-----w- c:\programdata\Downloaded Installations
2013-06-10 23:33 . 2013-06-10 23:33 -------- d-----w- c:\programdata\blekko toolbars
2013-06-10 23:33 . 2013-06-10 23:33 -------- d-----w- c:\programdata\adawaretb
2013-06-10 23:33 . 2013-06-10 23:33 -------- d-----w- c:\users\Tony\AppData\Local\adawarebp
2013-06-10 23:33 . 2013-06-10 23:33 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-06-10 23:32 . 2013-06-10 23:33 -------- d-----w- c:\program files (x86)\adawaretb
2013-06-10 23:32 . 2013-06-10 23:32 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2013-06-10 23:30 . 2013-06-10 23:30 47496 ----a-w- c:\windows\system32\sbbd.exe
2013-06-10 23:30 . 2013-06-10 23:30 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-06-10 23:29 . 2013-06-11 02:40 -------- d-----w- c:\users\Tony\AppData\Roaming\Ad-Aware Antivirus
2013-06-02 14:10 . 2013-06-02 14:10 -------- d-----w- c:\users\Tony\AppData\Roaming\NCdownloader
2013-06-02 14:06 . 2013-06-02 14:06 -------- d-----w- c:\programdata\StarApp
2013-06-02 14:06 . 2013-06-02 14:06 -------- d-----w- c:\windows\SysWow64\AMD64
2013-06-02 14:06 . 2013-06-02 14:06 -------- d-----w- c:\program files (x86)\Solibo Ltd
2013-06-02 14:06 . 2013-06-11 01:24 -------- d-----w- c:\program files (x86)\ContinueToSave
2013-05-22 00:34 . 2013-05-22 00:34 -------- d-----w- c:\programdata\PC-Doctor for Windows
2013-05-22 00:33 . 2013-05-24 19:58 -------- d-----w- c:\program files\My Dell
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 06:16 . 2011-11-25 19:06 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 01:15 . 2012-08-08 23:25 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 01:15 . 2011-11-02 17:13 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-22 00:13 . 2012-12-31 13:10 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 22:15 . 2012-07-29 17:25 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-14 18:20 . 2013-04-14 18:21 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-14 18:20 . 2012-08-18 20:44 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-14 18:20 . 2011-11-02 17:34 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-13 05:49 . 2013-05-14 22:23 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-14 22:23 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-14 22:23 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-14 22:23 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-14 22:23 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-14 22:23 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-25 02:42 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-14 22:23 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-14 22:23 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-14 22:22 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 18:50 . 2011-11-25 01:53 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 06:16 . 2013-04-02 06:16 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-02 06:16 . 2013-04-02 06:16 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-02 06:16 . 2013-04-02 06:16 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-02 06:16 . 2013-04-02 06:16 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-02 06:16 . 2013-04-02 06:16 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-02 06:16 . 2013-04-02 06:16 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-02 06:16 . 2013-04-02 06:16 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-02 06:16 . 2013-04-02 06:16 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-02 06:16 . 2013-04-02 06:16 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-02 06:16 . 2013-04-02 06:16 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-02 06:16 . 2013-04-02 06:16 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-02 06:16 . 2013-04-02 06:16 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-02 06:16 . 2013-04-02 06:16 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-02 06:16 . 2013-04-02 06:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-02 06:16 . 2013-04-02 06:16 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-02 06:16 . 2013-04-02 06:16 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-02 06:16 . 2013-04-02 06:16 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-02 06:16 . 2013-04-02 06:16 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-02 06:16 . 2013-04-02 06:16 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-02 06:16 . 2013-04-02 06:16 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-02 06:16 . 2013-04-02 06:16 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-02 06:16 . 2013-04-02 06:16 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-02 06:16 . 2013-04-02 06:16 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-02 06:16 . 2013-04-02 06:16 441856 ----a-w- c:\windows\system32\html.iec
2013-04-02 06:16 . 2013-04-02 06:16 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-02 06:16 . 2013-04-02 06:16 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-02 06:16 . 2013-04-02 06:16 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-02 06:16 . 2013-04-02 06:16 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-02 06:16 . 2013-04-02 06:16 235008 ----a-w- c:\windows\system32\url.dll
2013-04-02 06:16 . 2013-04-02 06:16 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-02 06:16 . 2013-04-02 06:16 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-02 06:16 . 2013-04-02 06:16 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-02 06:16 . 2013-04-02 06:16 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-02 06:16 . 2013-04-02 06:16 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-02 06:16 . 2013-04-02 06:16 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-02 06:16 . 2013-04-02 06:16 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-02 06:16 . 2013-04-02 06:16 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-02 06:16 . 2013-04-02 06:16 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-02 06:16 . 2013-04-02 06:16 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-02 06:16 . 2013-04-02 06:16 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-02 06:16 . 2013-04-02 06:16 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-02 06:16 . 2013-04-02 06:16 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-02 06:16 . 2013-04-02 06:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-02 06:16 . 2013-04-02 06:16 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-02 06:16 . 2013-04-02 06:16 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-02 06:16 . 2013-04-02 06:16 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-02 06:16 . 2013-04-02 06:16 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-02 06:16 . 2013-04-02 06:16 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-02 06:16 . 2013-04-02 06:16 12800 ----a-w- c:\windows\system32\msfeedssync.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
.
c:\users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Google Chrome.lnk - c:\users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe [2012-8-26 825808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 0011921345317134mcinstcleanup;McAfee Application Installer Cleanup (0011921345317134);c:\users\Tony\AppData\Local\Temp\001192~1.EXE;c:\users\Tony\AppData\Local\Temp\001192~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM
 
\RoxWatch12OEM.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\my dell\pcdsrvc_x64.pkms;c:\program files\my dell\pcdsrvc_x64.pkms [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM
 
\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-08 01:15]
.
2013-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993072558-3099979866-3506296825-1001Core.job
- c:\users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-26 22:07]
.
2013-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993072558-3099979866-3506296825-1001UA.job
- c:\users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-26 22:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-10 8321568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://logmein.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://google.com/search?btnI=1&q=
FF - ExtSQL: 2013-06-02 10:06; ng0ui@jhwtttg.com; c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\extensions\ng0ui@jhwtttg.com
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-LiveVDO plugin - c:\program files (x86)\StartSearch plugin\uninst.exe
AddRemove-{C1C6816E-CBB3-A748-85F9-A8B47B68985B} - c:\programdata\cuontinuietosaave\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{D3412D80-CF3B4A27-06020200}_0]
"ImagePath"="\??\c:\program files\my dell\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{28387537-E3F9-4ED7-860C-11E69AF4A8A0}"=hex:51,66,7a,6c,4c,1d,38,12,59,76,2b,
   2c,cb,ad,b9,0b,f9,1a,52,a6,9f,aa,ec,b4
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
   79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:5b,f8,fb,94,d8,74,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\windows\system32\PHOTOS~1.SCR
c:\program files (x86)\Dell\PhotoStage\ScreenSaver.exe
.
**************************************************************************
.
Completion time: 2013-06-17  20:53:52 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-18 00:53
ComboFix2.txt  2013-06-17 00:05
ComboFix3.txt  2013-06-11 03:23
ComboFix4.txt  2013-02-08 05:21
.
Pre-Run: 254,483,173,376 bytes free
Post-Run: 254,176,481,280 bytes free
.
- - End Of File - - A073AA3B2B699EBC1C943DE041BDBF34
5C616939100B85E558DA92B899A0FC36
 
----------------------------------------------------------------------------------------------------

 

And here are the contents of C:\AdwCleaner[R1].txt:
 
# AdwCleaner v2.303 - Logfile created 06/17/2013 at 23:49:59
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Tony - TONY-PC
# Boot Mode : Normal
# Running from : C:\Users\Tony\Desktop\adwcleaner.exe
# Option [Search]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Found : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
File Found : C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\searchplugins\babylon1.xml
File Found : C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\searchplugins\Search_Results.xml
File Found : C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\searchplugins\Startsear.xml
Folder Found : C:\Program Files (x86)\adawaretb
Folder Found : C:\Program Files (x86)\continuetosave
Folder Found : C:\Program Files (x86)\Viewpoint
Folder Found : C:\ProgramData\adawaretb
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\blekko toolbars
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\Viewpoint
Folder Found : C:\Users\Tony\AppData\Local\PackageAware
Folder Found : C:\Users\Tony\AppData\LocalLow\adawaretb
Folder Found : C:\Users\Tony\AppData\Roaming\Babylon
Folder Found : C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\adawaretb
Folder Found : C:\Users\Tony\AppData\Roaming\NCdownloader
 
***** [Registry] *****
 
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\Imesh
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\StartSearch
Key Found : HKCU\Software\a53d7d9e13bed45
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : HKLM\Software\adawaretb
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\InfoAtoms
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : HKLM\Software\Viewpoint
Key Found : HKLM\SOFTWARE\Wow6432Node\a53d7d9e13bed45
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LiveVDO plugin
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : HKU\S-1-5-21-1993072558-3099979866-3506296825-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-1993072558-3099979866-3506296825-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16611
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v21.0 (en-US)
 
File : C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\prefs.js
 
Found : user_pref("aol_toolbar.default.homepage.check", false);
Found : user_pref("aol_toolbar.default.search.check", false);
Found : user_pref("browser.search.defaultengine", "Web Search");
Found : user_pref("extensions.51ab515d99e22.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Found : user_pref("extensions.BabylonToolbar.bbDpng", "5");
Found : user_pref("extensions.BabylonToolbar.cntry", "US");
Found : user_pref("extensions.BabylonToolbar.dpkLst", "");
Found : user_pref("extensions.BabylonToolbar.hdrMd5", "A122DCE1BC12FB1221904D56131F767E");
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.7.223:32:21");
Found : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"59\",\"lastVrsn\":\"59\",\"vrsnLoad\[...]
Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Found : user_pref("extensions.BabylonToolbar.sg", "azb");
Found : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Found : user_pref("sweetim.toolbar.searchguard.enable", "");
 
-\\ Google Chrome v27.0.1453.110
 
File : C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Found [l.2153] : homepage = "hxxp://search.babylon.com/?affID=110195&tt=0113_1&babsrc=HP_ss&mntrId=ae90e714000000000000f04da2f4b65c",
Found [l.3448] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110195&tt=0113_1&babsrc=HP_ss&mntrId=ae90e714000000000000f04da2f4b65c" ]
 
-\\ Opera v12.15.1748.0
 
File : C:\Users\Tony\AppData\Roaming\Opera\Opera\operaprefs.ini
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [9002 octets] - [17/06/2013 23:49:59]
 
########## EOF - C:\AdwCleaner[R1].txt - [9062 octets] ##########
 
----------------------------------------------------------------------------------------------------

 

And lastly, about how the computer is running now, definitely a lot better in general.  I'm still having some trouble with Firefox though.  It's no faster and the random pop ups are still there too.   :(

 



#6 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:04:44 PM

Posted 19 June 2013 - 04:34 PM

Hey TKTheKid,

 

Please follow these instructions to remove the remaining malicious entries:

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:

    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.

    killall::

    Firefox::
    FF - ProfilePath - c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\

    FF - ExtSQL: 2013-06-02 10:06; ng0ui@jhwtttg.com; c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\extensions\ng0ui@jhwtttg.com

  • Save this as CFScript.txt, in the same location as ComboFix.exe.

    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.

Please post the ComboFix.txt in your next reply.

 

=====

 

Also, please do the following to re-run AdwCleaner:

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    Note: If you get a message that you must reboot the computer before starting deletion, please do. At reboot, only AdwCleaner will run and you can only click on the Delete button.
    When the deletion is done, AdwCleaner will reboot the computer again and open the logfile.

 

=====

 

In your next post please provide the new logs from ComboFix and AdwCleaner. Do the popups persist?
 

 

 


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#7 TKTheKid

TKTheKid
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 22 June 2013 - 02:53 PM

I apologize for my late response Dark Knight!
 
Here is ComboFix.txt:
 
ComboFix 13-06-18.02 - Tony 06/19/2013  23:10:40.8.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1791.707 [GMT -4:00]
Running from: c:\users\Tony\Desktop\Tony's Folder\ComboFix.exe
Command switches used :: c:\users\Tony\Desktop\Tony's Folder\CFScript.txt
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6261\AddOnDownloaded\27ada864-54d8-46c9-a6e3-8334fa39b525.dll
c:\programdata\PCDr\6261\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll
c:\programdata\PCDr\6261\AddOnDownloaded\31274d4c-b2a5-4954-874c-18abd8e795fc.dll
c:\programdata\PCDr\6261\AddOnDownloaded\b3ef58a2-77e9-414a-b8f6-b8cbbf497383.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-20 to 2013-06-20  )))))))))))))))))))))))))))))))
.
.
2013-06-20 03:28 . 2013-06-20 03:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-06-20 03:28 . 2013-06-20 03:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-19 23:51 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A71E19C7-7F26-449A-9047-AB6E25428A83}\mpengine.dll
2013-06-18 23:47 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-15 07:03 . 2013-06-08 12:28 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-15 07:03 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-06-15 07:03 . 2013-06-08 14:08 279040 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-06-15 07:03 . 2013-06-08 11:41 218112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-06-15 07:02 . 2013-06-08 14:08 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-06-15 07:02 . 2013-06-08 14:06 2648064 ----a-w- c:\windows\system32\iertutil.dll
2013-06-15 07:02 . 2013-06-08 14:06 526336 ----a-w- c:\windows\system32\ieui.dll
2013-06-15 07:02 . 2013-06-08 14:06 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-06-15 07:02 . 2013-06-08 14:07 19233792 ----a-w- c:\windows\system32\mshtml.dll
2013-06-15 00:29 . 2013-05-22 00:13 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41ABAA63-CC9E-4B42-A1F6-72C5DF71024E}\gapaengine.dll
2013-06-12 00:05 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 00:05 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 00:05 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 00:05 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 00:05 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-10 23:41 . 2013-06-10 23:47 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-06-10 23:41 . 2013-06-10 23:41 -------- d-----w- c:\users\Tony\AppData\Roaming\LavasoftStatistics
2013-06-10 23:33 . 2013-06-10 23:33 -------- d-----w- c:\programdata\Lavasoft
2013-06-10 23:33 . 2013-06-10 23:41 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2013-06-10 23:33 . 2013-06-10 23:33 -------- d-----w- c:\programdata\Downloaded Installations
2013-06-10 23:33 . 2013-06-10 23:33 -------- d-----w- c:\programdata\blekko toolbars
2013-06-10 23:33 . 2013-06-10 23:33 -------- d-----w- c:\programdata\adawaretb
2013-06-10 23:33 . 2013-06-10 23:33 -------- d-----w- c:\users\Tony\AppData\Local\adawarebp
2013-06-10 23:33 . 2013-06-10 23:33 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-06-10 23:32 . 2013-06-10 23:33 -------- d-----w- c:\program files (x86)\adawaretb
2013-06-10 23:32 . 2013-06-10 23:32 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2013-06-10 23:30 . 2013-06-10 23:30 47496 ----a-w- c:\windows\system32\sbbd.exe
2013-06-10 23:30 . 2013-06-10 23:30 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-06-10 23:29 . 2013-06-11 02:40 -------- d-----w- c:\users\Tony\AppData\Roaming\Ad-Aware Antivirus
2013-06-02 14:10 . 2013-06-02 14:10 -------- d-----w- c:\users\Tony\AppData\Roaming\NCdownloader
2013-06-02 14:06 . 2013-06-02 14:06 -------- d-----w- c:\programdata\StarApp
2013-06-02 14:06 . 2013-06-02 14:06 -------- d-----w- c:\windows\SysWow64\AMD64
2013-06-02 14:06 . 2013-06-02 14:06 -------- d-----w- c:\program files (x86)\Solibo Ltd
2013-06-02 14:06 . 2013-06-11 01:24 -------- d-----w- c:\program files (x86)\ContinueToSave
2013-05-22 00:34 . 2013-05-22 00:34 -------- d-----w- c:\programdata\PC-Doctor for Windows
2013-05-22 00:33 . 2013-05-24 19:58 -------- d-----w- c:\program files\My Dell
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 06:16 . 2011-11-25 19:06 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 01:15 . 2012-08-08 23:25 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 01:15 . 2011-11-02 17:13 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-22 00:13 . 2012-12-31 13:10 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 22:15 . 2012-07-29 17:25 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-14 18:20 . 2013-04-14 18:21 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-14 18:20 . 2012-08-18 20:44 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-14 18:20 . 2011-11-02 17:34 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-13 05:49 . 2013-05-14 22:23 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-14 22:23 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-14 22:23 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-14 22:23 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-14 22:23 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-14 22:23 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-25 02:42 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-14 22:23 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-14 22:23 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-14 22:22 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 18:50 . 2011-11-25 01:53 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 06:16 . 2013-04-02 06:16 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-02 06:16 . 2013-04-02 06:16 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-02 06:16 . 2013-04-02 06:16 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-02 06:16 . 2013-04-02 06:16 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-02 06:16 . 2013-04-02 06:16 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-02 06:16 . 2013-04-02 06:16 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-02 06:16 . 2013-04-02 06:16 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-02 06:16 . 2013-04-02 06:16 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-02 06:16 . 2013-04-02 06:16 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-02 06:16 . 2013-04-02 06:16 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-02 06:16 . 2013-04-02 06:16 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-02 06:16 . 2013-04-02 06:16 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-02 06:16 . 2013-04-02 06:16 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-02 06:16 . 2013-04-02 06:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-02 06:16 . 2013-04-02 06:16 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-02 06:16 . 2013-04-02 06:16 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-02 06:16 . 2013-04-02 06:16 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-02 06:16 . 2013-04-02 06:16 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-02 06:16 . 2013-04-02 06:16 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-02 06:16 . 2013-04-02 06:16 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-02 06:16 . 2013-04-02 06:16 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-02 06:16 . 2013-04-02 06:16 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-02 06:16 . 2013-04-02 06:16 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-02 06:16 . 2013-04-02 06:16 441856 ----a-w- c:\windows\system32\html.iec
2013-04-02 06:16 . 2013-04-02 06:16 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-02 06:16 . 2013-04-02 06:16 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-02 06:16 . 2013-04-02 06:16 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-02 06:16 . 2013-04-02 06:16 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-02 06:16 . 2013-04-02 06:16 235008 ----a-w- c:\windows\system32\url.dll
2013-04-02 06:16 . 2013-04-02 06:16 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-02 06:16 . 2013-04-02 06:16 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-02 06:16 . 2013-04-02 06:16 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-02 06:16 . 2013-04-02 06:16 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-02 06:16 . 2013-04-02 06:16 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-02 06:16 . 2013-04-02 06:16 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-02 06:16 . 2013-04-02 06:16 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-02 06:16 . 2013-04-02 06:16 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-02 06:16 . 2013-04-02 06:16 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-02 06:16 . 2013-04-02 06:16 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-02 06:16 . 2013-04-02 06:16 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-02 06:16 . 2013-04-02 06:16 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-02 06:16 . 2013-04-02 06:16 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-02 06:16 . 2013-04-02 06:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-02 06:16 . 2013-04-02 06:16 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-02 06:16 . 2013-04-02 06:16 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-02 06:16 . 2013-04-02 06:16 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-02 06:16 . 2013-04-02 06:16 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-02 06:16 . 2013-04-02 06:16 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-02 06:16 . 2013-04-02 06:16 12800 ----a-w- c:\windows\system32\msfeedssync.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
.
c:\users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Google Chrome.lnk - c:\users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe [2012-8-26 825808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
2;2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
R2 0011921345317134mcinstcleanup;McAfee Application Installer Cleanup (0011921345317134);c:\users\Tony\AppData\Local\Temp\001192~1.EXE;c:\users\Tony\AppData\Local\Temp\001192~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\my dell\pcdsrvc_x64.pkms;c:\program files\my dell\pcdsrvc_x64.pkms [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-08 01:15]
.
2013-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993072558-3099979866-3506296825-1001Core.job
- c:\users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-26 22:07]
.
2013-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993072558-3099979866-3506296825-1001UA.job
- c:\users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-26 22:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-10 8321568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://logmein.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://google.com/search?btnI=1&q=
FF - ExtSQL: 2013-06-02 10:06; ng0ui@jhwtttg.com; c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\extensions\ng0ui@jhwtttg.com
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-LiveVDO plugin - c:\program files (x86)\StartSearch plugin\uninst.exe
AddRemove-{C1C6816E-CBB3-A748-85F9-A8B47B68985B} - c:\programdata\cuontinuietosaave\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{D3412D80-CF3B4A27-06020200}_0]
"ImagePath"="\??\c:\program files\my dell\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{28387537-E3F9-4ED7-860C-11E69AF4A8A0}"=hex:51,66,7a,6c,4c,1d,38,12,59,76,2b,
   2c,cb,ad,b9,0b,f9,1a,52,a6,9f,aa,ec,b4
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
   79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:5b,f8,fb,94,d8,74,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
.
**************************************************************************
.
Completion time: 2013-06-19  23:36:48 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-20 03:36
ComboFix2.txt  2013-06-18 00:54
ComboFix3.txt  2013-06-17 00:05
ComboFix4.txt  2013-06-11 03:23
ComboFix5.txt  2013-06-20 03:08
.
Pre-Run: 255,415,291,904 bytes free
Post-Run: 254,986,936,320 bytes free
.
- - End Of File - - 102B2251F56E91F3F43CC1122E874364
5C616939100B85E558DA92B899A0FC36
 
----------------------------------------------------------------------------------------------------
 
Here is AdwCleaner[S1].txt:
 
# AdwCleaner v2.303 - Logfile created 06/19/2013 at 23:40:18
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Tony - TONY-PC
# Boot Mode : Normal
# Running from : C:\Users\Tony\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\searchplugins\babylon1.xml
File Deleted : C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\searchplugins\Search_Results.xml
File Deleted : C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\searchplugins\Startsear.xml
Folder Deleted : C:\Program Files (x86)\adawaretb
Folder Deleted : C:\Program Files (x86)\continuetosave
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\ProgramData\adawaretb
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\Tony\AppData\Local\PackageAware
Folder Deleted : C:\Users\Tony\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Tony\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\adawaretb
Folder Deleted : C:\Users\Tony\AppData\Roaming\NCdownloader
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\a53d7d9e13bed45
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\InfoAtoms
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Wow6432Node\a53d7d9e13bed45
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LiveVDO plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16611
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v21.0 (en-US)
 
File : C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\prefs.js
 
C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\user.js ... Deleted !
 
Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("browser.search.defaultengine", "Web Search");
Deleted : user_pref("extensions.51ab515d99e22.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "5");
Deleted : user_pref("extensions.BabylonToolbar.cntry", "US");
Deleted : user_pref("extensions.BabylonToolbar.dpkLst", "");
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "A122DCE1BC12FB1221904D56131F767E");
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.7.223:32:21");
Deleted : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"59\",\"lastVrsn\":\"59\",\"vrsnLoad\[...]
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("extensions.BabylonToolbar.sg", "azb");
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
 
-\\ Google Chrome v27.0.1453.110
 
File : C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.2157] : homepage = "hxxp://search.babylon.com/?affID=110195&tt=0113_1&babsrc=HP_ss&mntrId=ae90e714000000[...]
Deleted [l.3474] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110195&tt=0113_1&babsrc=HP_s[...]
 
-\\ Opera v12.15.1748.0
 
File : C:\Users\Tony\AppData\Roaming\Opera\Opera\operaprefs.ini
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [9121 octets] - [17/06/2013 23:49:59]
AdwCleaner[S1].txt - [9005 octets] - [19/06/2013 23:40:18]
 
########## EOF - C:\AdwCleaner[S1].txt - [9065 octets] ##########
 
----------------------------------------------------------------------------------------------------
 
And I'm sad to say that Firefox is still an issue.  It doesn't seem like the last scan did much in that regard.
 
Tony


#8 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:04:44 PM

Posted 22 June 2013 - 05:51 PM

Hello TKTheKid,

 

Now please run this tool.

 

Please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#9 TKTheKid

TKTheKid
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 23 June 2013 - 09:16 PM

Okay, here we go!
 
Here is OTL.txt:
 
OTL logfile created on: 6/23/2013 1:39:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tony\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.75 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 62.05% Memory free
3.50 Gb Paging File | 2.38 Gb Available in Paging File | 68.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.91 Gb Total Space | 236.87 Gb Free Space | 52.53% Space Free | Partition Type: NTFS
 
Computer Name: TONY-PC | User Name: Tony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/23 13:37:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tony\Desktop\OTL.exe
PRC - [2013/03/18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2011/07/08 11:12:32 | 002,749,248 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/07/08 11:11:44 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/07/08 11:10:34 | 004,257,600 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/07/08 11:09:50 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/05/15 11:57:25 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll
MOD - [2013/05/15 10:23:23 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll
MOD - [2013/05/15 10:22:39 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/15 10:22:08 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll
MOD - [2013/05/15 10:21:29 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013/05/15 10:20:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/01/09 20:19:31 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/09 20:16:51 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 20:16:14 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 20:16:00 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 20:15:21 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011/07/08 11:12:32 | 002,749,248 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (MSK80Service)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc -- (McProxy)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc -- (McNASvc)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc -- (McNaiAnn)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe /McCoreSvc -- (mcmscsvc)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/06/11 21:15:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/18 11:38:22 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2011/11/02 13:36:10 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2011/07/08 11:09:50 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/08/25 21:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/06/10 19:30:02 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/05/03 02:18:52 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\My Dell\pcdsrvc_x64.pkms -- (PCDSRVC{D3412D80-CF3B4A27-06020200}_0)
DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/02 15:01:28 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/02 15:01:28 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/10/01 02:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/06 08:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 14:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2006/11/29 18:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{CFE66FC0-018E-4E5D-8867-7947AB6B441C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://logmein.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=13414f0f-35b4-11e1-8f1b-00038a000015&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: LogMeInClient%40logmein.com:1.0.0.1007
FF - prefs.js..extensions.enabledAddons: udahxagemm%40udahxagemm.org:0.5.1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "http://google.com/search?btnI=1&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tony\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tony\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/10 19:33:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/19 23:40:28 | 000,000,000 | ---D | M]
 
[2012/01/05 22:00:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Extensions
[2013/06/12 02:07:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\extensions
[2013/01/30 19:10:15 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\extensions\LogMeInClient@logmein.com
[2013/06/02 10:06:40 | 000,000,000 | ---D | M] (cuontinuietosaave) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\extensions\ng0ui@jhwtttg.com
[1623/04/20 01:34:37 | 000,005,249 | ---- | M] () (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\extensions\udahxagemm@udahxagemm.org.xpi
[2013/05/18 11:38:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/18 11:38:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google - I'm Feeling Lucky (Enabled)
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tony\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Tony\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Tony\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Tony\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
 
O1 HOSTS File: ([2013/06/19 23:30:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3968CE3D-1B74-4334-8F60-0E7DAABA9780}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/23 13:36:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tony\Desktop\OTL.exe
[2013/06/19 23:36:52 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/06/19 23:30:35 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/06/15 03:02:54 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/15 03:02:51 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/12 02:15:21 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/06/12 02:15:20 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/06/12 02:15:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/06/12 02:15:20 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/06/12 02:15:20 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/06/12 02:15:20 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/06/12 02:15:20 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/06/12 02:15:20 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/06/12 02:15:20 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/06/12 02:15:18 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/06/12 02:15:18 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/06/12 02:15:18 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/06/12 02:15:17 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/06/12 01:19:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/06/11 20:05:24 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/06/11 20:05:24 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/06/11 20:05:17 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/06/11 20:05:17 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/06/11 20:04:58 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/06/11 20:04:54 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/06/11 20:04:54 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/06/11 20:04:51 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/06/11 20:04:51 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/06/11 20:04:50 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/06/11 20:04:50 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/06/11 20:04:30 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/06/11 20:04:29 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/06/10 19:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/06/10 19:41:09 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\LavasoftStatistics
[2013/06/10 19:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013/06/10 19:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/06/10 19:33:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/06/10 19:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/06/10 19:33:15 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\adawarebp
[2013/06/10 19:33:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/06/10 19:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013/06/10 19:30:03 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013/06/10 19:30:03 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/06/10 19:29:58 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\Ad-Aware Antivirus
[2013/06/05 01:10:40 | 000,000,000 | ---D | C] -- C:\Users\Tony\Desktop\nike
[2013/06/05 01:10:40 | 000,000,000 | ---D | C] -- C:\Users\Tony\Desktop\CHROME
[2013/06/02 10:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
[2013/06/02 10:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solibo Ltd
[2013/06/02 10:06:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Solibo Ltd
[2013/06/02 10:06:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AMD64
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/23 13:37:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tony\Desktop\OTL.exe
[2013/06/23 13:33:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1993072558-3099979866-3506296825-1001UA.job
[2013/06/23 13:15:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/23 13:07:54 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/23 13:07:54 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/23 13:00:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/23 13:00:10 | 1408,479,232 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/22 18:33:03 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1993072558-3099979866-3506296825-1001Core.job
[2013/06/22 16:42:11 | 000,778,660 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/22 16:42:11 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/22 16:42:11 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/19 23:30:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/06/17 23:49:20 | 000,648,201 | ---- | M] () -- C:\Users\Tony\Desktop\adwcleaner.exe
[2013/06/17 01:12:17 | 000,772,384 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/12 02:18:36 | 000,001,190 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2013/06/11 21:15:39 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/11 21:15:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/10 21:23:59 | 000,000,438 | ---- | M] () -- C:\Windows\SysWow64\WSCConfig.xml
[2013/06/10 19:30:02 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013/06/10 19:30:02 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/06/08 10:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/08 07:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/07 00:49:22 | 246,230,113 | ---- | M] () -- C:\Windows\MEMORY.DMP
 
========== Files Created - No Company Name ==========
 
[2013/06/17 23:49:07 | 000,648,201 | ---- | C] () -- C:\Users\Tony\Desktop\adwcleaner.exe
[2013/06/12 02:18:36 | 000,001,190 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2013/06/10 21:23:59 | 000,000,438 | ---- | C] () -- C:\Windows\SysWow64\WSCConfig.xml
[2013/02/08 00:43:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/08 00:43:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/08 00:43:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/08 00:43:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/08 00:43:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/23 08:12:06 | 000,009,584 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2012/02/06 21:51:24 | 000,007,605 | ---- | C] () -- C:\Users\Tony\AppData\Local\Resmon.ResmonCfg
[2011/11/25 10:45:12 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/11/25 01:58:35 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/11/02 15:07:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2013/02/08 01:10:48 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{0061fc47-3411-b13e-500b-5f585284f979}\L
[2013/02/08 00:39:12 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{0061fc47-3411-b13e-500b-5f585284f979}\U
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{0061fc47-3411-b13e-500b-5f585284f979}\L
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{0061fc47-3411-b13e-500b-5f585284f979}\U
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2013/06/17 23:50:16 | 000,009,121 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2013/06/19 23:40:58 | 000,009,124 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2013/06/19 23:36:49 | 000,026,303 | ---- | M] () -- C:\ComboFix.txt
[2011/11/02 15:03:29 | 000,031,420 | RH-- | M] () -- C:\dell.sdr
[2013/06/23 13:00:10 | 1408,479,232 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/01 14:59:35 | 000,062,427 | ---- | M] () -- C:\install.log
[2012/08/14 01:38:27 | 000,002,560 | ---- | M] () -- C:\log.txt
[2013/06/23 13:00:13 | 1877,975,040 | -HS- | M] () -- C:\pagefile.sys
[2013/06/11 20:09:51 | 000,000,894 | ---- | M] () -- C:\rkill.log
 
< %systemroot%\*. /mp /s >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
< End of report >
 
--------------------------------------------------
--------------------------------------------------
--------------------------------------------------
 
And here is Extras.txt:
 
OTL Extras logfile created on: 6/23/2013 1:39:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tony\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.75 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 62.05% Memory free
3.50 Gb Paging File | 2.38 Gb Available in Paging File | 68.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.91 Gb Total Space | 236.87 Gb Free Space | 52.53% Space Free | Partition Type: NTFS
 
Computer Name: TONY-PC | User Name: Tony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{39156760-E4D9-4157-96CA-777CD210794C}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{91233797-0BAF-4433-9251-B4C3AC70940C}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | 
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{5A7A26BD-4637-4BF0-89A3-DD777357FBAB}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{EFF12A22-0942-4BC1-8B89-CD6E5C4D31F6}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{5A935BB2-8DDF-4E08-84A8-C9DC6E7C86E5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{8A6BE3F3-8D78-492A-BB4C-7229E3D5E02C}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java™ 6 Update 27 (64-bit)
"{2E0DFC24-7C4B-4DCF-BCC7-81C513BED3BD}" = Python 2.5.4 (64 bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.AccessR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.AccessR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.AccessR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.AccessR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.SingleImage_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.AccessR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.AccessR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.AccessR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.AccessR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.SingleImage_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.AccessR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.AccessR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0015-0000-1000-0000000FF1CE}" = Microsoft Office Access 2010
"{91140000-0015-0000-1000-0000000FF1CE}_Office14.AccessR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}" = WinPatrol
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E06357A3-5F44-B1AE-F4BA-9DAC26A209C9}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.AccessR" = Microsoft Access 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PC-Doctor for Windows" = My Dell
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D29B7E9-CDFF-807D-1D4E-FFB77D809836}" = CCC Help Italian
"{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}" = TrustedID IDMonitor Identity Protection
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F44DC3F-6E62-4961-A14B-95323C512F9B}_is1" = NCDownloader
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{144D9816-818D-C36E-33A0-889A19C5EDA6}" = CCC Help Portuguese
"{18BED011-2EEF-1148-E90C-D6556565B2EC}" = CCC Help Polish
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C2435C-5B06-2E12-5087-116D8EF658B8}" = CCC Help Korean
"{26791563-0BDF-1FBE-CC21-994A09559CCE}" = Catalyst Control Center Graphics Previews Common
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A25676C-038C-504A-FA32-F971B36BF7EE}" = Catalyst Control Center Graphics Previews Vista
"{3B8FF075-F41B-89DD-41F7-B90A6A01B8F8}" = Catalyst Control Center Graphics Full New
"{400182B4-CA55-46A9-9D88-F8413DCFB36D}" = Blio
"{44453D07-5BDB-45F8-E3DF-20A7F76407D0}" = CCC Help Czech
"{466E1C7A-AEAF-2F55-26E2-A727B761AAB0}" = CCC Help Dutch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CDE3168-D060-4b7c-BC74-4D8F9BB01AFD}" = Python 3.2.2
"{50ED6ABB-078C-8B17-1181-DC6DDB4E52DC}" = Catalyst Control Center InstallProxy
"{56E55229-CBE7-211E-0CD1-AB3712AF177A}" = CCC Help Danish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5CE2D957-59C2-4489-481E-2E38EAE59762}" = CCC Help Spanish
"{5DEB2BA0-0E1F-D5CB-A0C4-F738590BE973}" = Catalyst Control Center Core Implementation
"{6675371D-22CD-F426-DC4C-9DDF594D0BBE}" = CCC Help Chinese Traditional
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6839108F-BC82-30BC-776F-D635EDA2B3D4}" = CCC Help Russian
"{6B1ADEE1-1595-82C4-6FB9-97B65F68E9EE}" = CCC Help Swedish
"{6B206787-2964-D9D8-A1F6-7D98B6BCD7F9}" = CCC Help Hungarian
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73EFFD76-009E-A554-AA1F-106DBE475525}" = CCC Help French
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{775FCAEB-C804-02B9-135F-D9A189A1CCDC}" = CCC Help English
"{77D41B26-31DE-4EBA-F974-26D67B728FDB}" = CCC Help Turkish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{833FE2B0-DCD7-8995-6374-F69F1A84055F}" = CCC Help German
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D0BED50-BD2B-5EBA-7F04-5513F1B9EC74}" = CCC Help Thai
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{98C7AEBC-350A-52D6-6886-76FB98C6A503}" = Catalyst Control Center Graphics Full Existing
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{BE6F906F-9F86-5CED-E122-8C6A162295B8}" = Skins
"{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
"{C1C6816E-CBB3-A748-85F9-A8B47B68985B}" = cuontinuietosaave
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}" = Dell Marketplace Webslice IE8
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1E89604-DFBE-2DF8-BE82-A0076107AA32}" = CCC Help Finnish
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage 
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}" = Dell Stage
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E50D9AC2-EB3C-3161-FF97-4E800D106D0E}" = CCC Help Norwegian
"{E65DADC9-D6B1-6706-41DE-FA19149869E5}" = Catalyst Control Center Graphics Light
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBF60699-3D2E-6677-D504-5B4846171C8E}" = ccc-core-static
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F075020E-43B2-4F2C-9723-C81CE162E7B6}" = Ad-Aware Antivirus
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4044E58-9707-2918-1DA9-D3E400F0B699}" = CCC Help Japanese
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F70ACEA1-05C5-6D98-9C0C-F3AD818E1E33}" = CCC Help Chinese Standard
"{F835D378-5073-8C86-70EF-9A3B739F9897}" = CCC Help Greek
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFD3A1EB-F550-3309-7AFE-17E4BB778423}" = Catalyst Control Center Localization All
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Audacity_is1" = Audacity 2.0
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage 
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.15.1748" = Opera 12.15
"Revo Uninstaller" = Revo Uninstaller 1.94
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"ZinioReader4" = Zinio Reader 4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/17/2013 8:41:35 PM | Computer Name = Tony-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/17/2013 11:49:47 PM | Computer Name = Tony-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/18/2013 7:38:03 PM | Computer Name = Tony-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/19/2013 7:41:25 PM | Computer Name = Tony-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/19/2013 11:31:55 PM | Computer Name = Tony-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/19/2013 11:39:43 PM | Computer Name = Tony-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/19/2013 11:44:47 PM | Computer Name = Tony-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/20/2013 8:18:14 PM | Computer Name = Tony-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/22/2013 2:48:58 AM | Computer Name = Tony-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/23/2013 1:02:03 PM | Computer Name = Tony-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Dell Events ]
Error - 11/25/2011 11:07:55 AM | Computer Name = Tony-PC | Source = DataSafe | ID = 3
Description = The process was interrupted before completion.
 
[ System Events ]
Error - 6/22/2013 2:49:35 AM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee Services service failed to start due to the following error:
   %%2
 
Error - 6/22/2013 2:49:35 AM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee VirusScan Announcer service failed to start due to the 
following error:   %%2
 
Error - 6/22/2013 2:49:35 AM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Network Agent service depends the following service: MfeFire.
 This service might not be installed.
 
Error - 6/23/2013 2:41:32 AM | Computer Name = Tony-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 6/23/2013 1:00:27 PM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
 service: MfeFire. This service might not be installed.
 
Error - 6/23/2013 1:00:27 PM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Proxy Service service depends the following service: MfeFire.
 This service might not be installed.
 
Error - 6/23/2013 1:00:27 PM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Anti-Spam Service service depends the following service:
 MfeFire. This service might not be installed.
 
Error - 6/23/2013 1:02:41 PM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee Services service failed to start due to the following error:
   %%2
 
Error - 6/23/2013 1:02:41 PM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee VirusScan Announcer service failed to start due to the 
following error:   %%2
 
Error - 6/23/2013 1:02:41 PM | Computer Name = Tony-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Network Agent service depends the following service: MfeFire.
 This service might not be installed.
 
 
< End of report >


#10 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:04:44 PM

Posted 24 June 2013 - 06:45 AM

Good evening TKTheKid,

 

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTL

    IE - HKCU\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=13414f0f-35b4-11e1-8f1b-00038a000015&q={searchTerms}

    FF - prefs.js..browser.search.defaultenginename: ""
    FF - prefs.js..browser.search.defaultenginename,S: S", ""
    FF - prefs.js..browser.search.defaultthis.engineName: ""
    FF - prefs.js..browser.search.defaulturl: ""
    FF - prefs.js..browser.search.order.1: ""
    FF - prefs.js..browser.search.order.1,S: S", ""
    FF - prefs.js..browser.search.selectedEngine: ""
    FF - prefs.js..browser.search.selectedEngine,S: S", ""

    FF - prefs.js..extensions.enabledAddons: udahxagemm%40udahxagemm.org:0.5.1.1

    [2013/06/02 10:06:40 | 000,000,000 | ---D | M] (cuontinuietosaave) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\extensions\ng0ui@jhwtttg.com
    [1623/04/20 01:34:37 | 000,005,249 | ---- | M] () (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\kjiek4va.default\extensions\udahxagemm@udahxagemm.org.xpi
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)

    [2013/02/08 01:10:48 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{0061fc47-3411-b13e-500b-5f585284f979}\L
    [2013/02/08 00:39:12 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{0061fc47-3411-b13e-500b-5f585284f979}\U
    [2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{0061fc47-3411-b13e-500b-5f585284f979}\L
    [2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{0061fc47-3411-b13e-500b-5f585284f979}\U

    [2013/02/08 01:10:48 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{0061fc47-3411-b13e-500b-5f585284f979}\

    :Commands
    [EmptyTemp]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

 

=====

 

How is your computer running now?
 

 


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users