Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Win32/Sirfef!cfg Trojan... need help removing it.


  • This topic is locked This topic is locked
19 replies to this topic

#1 amyhannay

amyhannay

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 24 July 2013 - 02:48 PM

Need some assistance in getting this Trojan removed. Thank you in advance! :)

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 1.6.0_38
Run by Amy at 14:39:55 on 2013-07-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.2357 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\AsHookDevice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Amy\AppData\Local\sswat_hwrc_win_live\mattelhwrc_launcher.exe
C:\Program Files (x86)\Business-in-a-Box\BIBLauncher.exe
C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Adobe\Elements 10 Organizer\ElementsOrganizerSyncAgent.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
C:\Users\Amy\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\taskhost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\LogonUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uProxyOverride = <local>
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [Mattel HWRC Launcher] C:\Users\Amy\AppData\Local\sswat_hwrc_win_live\mattelhwrc_launcher.exe
uRun: [BIBLauncher] C:\Program Files (x86)\Business-in-a-Box\BIBLauncher.exe
uRun: [Akamai NetSession Interface] "C:\Users\Amy\AppData\Local\Akamai\netsession_win.exe"
uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
uRun: [PhotoshopElements8SyncAgent] C:\Program Files (x86)\Adobe\Elements 10 Organizer\ElementsOrganizerSyncAgent.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Google Update] "C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [mxomssmenu] "C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Amy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Amy\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYDER~1.LNK - C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5CD5CC2B-960F-4E87-B2FA-A1998EEF73A4} : DHCPNameServer = 192.168.1.1
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\x3r8zyb1.default\
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Amy\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\Amy\AppData\Local\Roblox\Versions\version-27973050fb3b494f\NPRobloxProxy.dll
FF - plugin: C:\Users\Amy\AppData\Local\sswat_hwrc_win_live\npHotWheelsLoader.dll
FF - plugin: C:\Users\Amy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-07-15 12:20; {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}; C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\x3r8zyb1.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-2-15 55856]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-14 169624]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-21 202752]
R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2011-4-21 203392]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-21 406632]
R3 Spyder3;Datacolor Spyder3;C:\Windows\System32\drivers\Spyder3.sys [2008-3-19 15360]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-4-21 38456]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2011-4-21 1349232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2011-4-21 234040]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-7-6 1038088]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-27 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 LeapFrog-USBLAN;LeapFrog-USBLAN;C:\Windows\System32\drivers\btblan.sys [2009-10-9 40320]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-4-21 702976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-7 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-07-24 05:44:18    76232    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{616E69E4-0F0C-47EE-8108-E41AB21C9901}\offreg.dll
2013-07-24 05:41:01    9460976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{616E69E4-0F0C-47EE-8108-E41AB21C9901}\mpengine.dll
2013-07-23 21:56:17    9460976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-23 14:09:48    --------    d-----w-    C:\Users\Amy\AppData\Local\{D354A429-E2CB-489F-B031-F2B8879746DD}
2013-07-17 12:19:45    941720    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD420D0A-D747-48F3-A083-6FCDB98AE5BB}\gapaengine.dll
2013-07-10 14:26:35    --------    d-----w-    C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-26 14:22:04    92056    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-06-26 14:22:04    26520    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-06-26 14:22:04    170232    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-06-26 14:22:02    263576    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
.
==================== Find3M  ====================
.
2013-07-22 16:23:09    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-22 16:23:08    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 19:12:05    9089416    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-06-11 23:43:37    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-06-11 23:25:16    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-06-04 06:00:13    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-04 04:53:07    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-05-06 06:03:49    1887744    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35    1620480    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-05-01 08:59:12    94208    ----a-w-    C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 08:59:12    69632    ----a-w-    C:\Windows\SysWow64\QuickTime.qts
2013-04-26 05:51:36    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
.
============= FINISH: 14:41:31.41 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:53 AM

Posted 24 July 2013 - 07:11 PM

Hi and Welcome!!
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to this topic so that you can see when there are new responses.
  • IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.
 
Having said that.... vegeta_zps7f4345cf.gifLet's get going!!
----------
 
aswmbr-1-1.jpg Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

aswmbrscan.jpg
Click the image to enlarge it
----------
 
adwcleaner.jpgAdwCleaner

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 amyhannay

amyhannay
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 25 July 2013 - 08:39 AM

aswMBR Log:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-25 08:36:11
-----------------------------
08:36:11.425    OS Version: Windows x64 6.1.7601 Service Pack 1
08:36:11.425    Number of processors: 2 586 0x603
08:36:11.425    ComputerName: AMY-PC  UserName: Amy
08:36:14.745    Initialize success
08:36:39.859    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:36:39.859    Disk 0 Vendor: ST31000524AS JC45 Size: 953869MB BusType: 3
08:36:39.969    Disk 0 MBR read successfully
08:36:39.969    Disk 0 MBR scan
08:36:39.979    Disk 0 unknown MBR code
08:36:39.989    Disk 0 Partition 1 00     1B   Hidd FAT32 NTFS        10024 MB offset 2048
08:36:39.999    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       943842 MB offset 20531200
08:36:40.029    Disk 0 scanning C:\Windows\system32\drivers
08:36:45.720    Service scanning
08:36:57.263    Modules scanning
08:36:57.273    Disk 0 trace - called modules:
08:36:57.293    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
08:36:57.303    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045a5060]
08:36:57.313    3 CLASSPNP.SYS[fffff8800189d43f] -> nt!IofCallDriver -> [0xfffffa8004594520]
08:36:57.655    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004590680]
08:36:57.665    Scan finished successfully
08:38:08.922    Disk 0 MBR has been saved successfully to "C:\Users\Amy\Desktop\MBR.dat"
08:38:08.992    The log file has been saved successfully to "C:\Users\Amy\Desktop\aswMBR.txt"

 



#4 amyhannay

amyhannay
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 25 July 2013 - 08:41 AM

ADW Cleaner Log:

# AdwCleaner v2.306 - Logfile created 07/25/2013 at 08:42:55
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Amy - AMY-PC
# Boot Mode : Normal
# Running from : C:\Users\Amy\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\x3r8zyb1.default\searchplugins\Askcom.xml
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Users\Amy\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\Amy\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Amy\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Amy\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\x3r8zyb1.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.52] : search_url = "hxxp://lf.startnow.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_[...]
Deleted [l.1525] : homepage = "hxxp://lf.startnow.com/?src=startpage&provider=bing&provider_name=bing&provider_code[...]
Deleted [l.1774] : urls_to_restore_on_startup = [ "hxxp://lf.startnow.com/?src=startpage&provider=bing&provider_[...]

*************************

AdwCleaner[R1].txt - [6295 octets] - [25/07/2013 08:40:19]
AdwCleaner[S1].txt - [5349 octets] - [25/07/2013 08:42:55]

########## EOF - C:\AdwCleaner[S1].txt - [5409 octets] ##########
 


Edited by amyhannay, 25 July 2013 - 08:47 AM.


#5 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:53 AM

Posted 25 July 2013 - 11:10 AM

ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.
 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.  
  • Please post the C:\ComboFix.txt for further review.
  •  


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #6 amyhannay

    amyhannay
    • Topic Starter

    • Members
    • 19 posts
    • OFFLINE
    •  
    • Local time:07:53 AM

    Posted 25 July 2013 - 02:15 PM

    ComboFix 13-07-25.02 - Amy 07/25/2013  12:40:55.2.2 - x64
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.2656 [GMT -5:00]
    Running from: c:\users\Amy\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     * Created a new restore point
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\wininit.ini
    G:\Autorun.inf
    .
    .
    (((((((((((((((((((((((((   Files Created from 2013-06-25 to 2013-07-25  )))))))))))))))))))))))))))))))
    .
    .
    2013-07-25 17:54 . 2013-07-25 17:54    --------    d-----w-    c:\users\Public\AppData\Local\temp
    2013-07-25 17:54 . 2013-07-25 17:54    --------    d-----w-    c:\users\Default\AppData\Local\temp
    2013-07-25 13:40 . 2013-07-25 13:40    76232    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{26CA9FB1-B777-432F-97D9-37F934591D27}\offreg.dll
    2013-07-24 21:56 . 2013-07-02 08:34    9460976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{26CA9FB1-B777-432F-97D9-37F934591D27}\mpengine.dll
    2013-07-24 05:41 . 2013-07-02 08:34    9460976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-07-17 12:19 . 2013-07-17 12:19    941720    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD420D0A-D747-48F3-A083-6FCDB98AE5BB}\gapaengine.dll
    2013-07-10 14:26 . 2013-07-10 14:26    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-07-22 16:23 . 2012-05-29 12:21    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
    2013-07-22 16:23 . 2011-07-08 14:57    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-07-11 08:10 . 2011-07-08 19:14    78185248    ----a-w-    c:\windows\system32\MRT.exe
    2013-06-23 13:58 . 2011-08-11 17:11    964552    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2013-06-12 19:12 . 2013-06-12 19:12    9089416    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
    2013-06-07 08:03 . 2013-06-07 08:03    226304    ----a-w-    c:\windows\system32\elshyph.dll
    2013-06-07 08:03 . 2013-06-07 08:03    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
    2013-06-07 08:03 . 2013-06-07 08:03    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
    2013-06-07 08:03 . 2013-06-07 08:03    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
    2013-06-07 08:03 . 2013-06-07 08:03    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
    2013-06-07 08:03 . 2013-06-07 08:03    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
    2013-06-07 08:03 . 2013-06-07 08:03    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
    2013-06-07 08:03 . 2013-06-07 08:03    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
    2013-06-07 08:03 . 2013-06-07 08:03    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
    2013-06-07 08:03 . 2013-06-07 08:03    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
    2013-06-07 08:03 . 2013-06-07 08:03    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
    2013-06-07 08:03 . 2013-06-07 08:03    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
    2013-06-07 08:03 . 2013-06-07 08:03    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
    2013-06-07 08:03 . 2013-06-07 08:03    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
    2013-06-07 08:03 . 2013-06-07 08:03    361984    ----a-w-    c:\windows\SysWow64\html.iec
    2013-06-07 08:03 . 2013-06-07 08:03    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
    2013-06-07 08:03 . 2013-06-07 08:03    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
    2013-06-07 08:03 . 2013-06-07 08:03    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
    2013-06-07 08:03 . 2013-06-07 08:03    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
    2013-06-07 08:03 . 2013-06-07 08:03    81408    ----a-w-    c:\windows\system32\icardie.dll
    2013-06-07 08:03 . 2013-06-07 08:03    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
    2013-06-07 08:03 . 2013-06-07 08:03    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
    2013-06-07 08:03 . 2013-06-07 08:03    441856    ----a-w-    c:\windows\system32\html.iec
    2013-06-07 08:03 . 2013-06-07 08:03    281600    ----a-w-    c:\windows\system32\dxtrans.dll
    2013-06-07 08:03 . 2013-06-07 08:03    27648    ----a-w-    c:\windows\system32\licmgr10.dll
    2013-06-07 08:03 . 2013-06-07 08:03    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
    2013-06-07 08:03 . 2013-06-07 08:03    247296    ----a-w-    c:\windows\system32\webcheck.dll
    2013-06-07 08:03 . 2013-06-07 08:03    235008    ----a-w-    c:\windows\system32\url.dll
    2013-06-07 08:03 . 2013-06-07 08:03    216064    ----a-w-    c:\windows\system32\msls31.dll
    2013-06-07 08:03 . 2013-06-07 08:03    197120    ----a-w-    c:\windows\system32\msrating.dll
    2013-06-07 08:03 . 2013-06-07 08:03    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
    2013-06-07 08:03 . 2013-06-07 08:03    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
    2013-06-07 08:03 . 2013-06-07 08:03    97280    ----a-w-    c:\windows\system32\mshtmled.dll
    2013-06-07 08:03 . 2013-06-07 08:03    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
    2013-06-07 08:03 . 2013-06-07 08:03    62976    ----a-w-    c:\windows\system32\pngfilt.dll
    2013-06-07 08:03 . 2013-06-07 08:03    599552    ----a-w-    c:\windows\system32\vbscript.dll
    2013-06-07 08:03 . 2013-06-07 08:03    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
    2013-06-07 08:03 . 2013-06-07 08:03    51200    ----a-w-    c:\windows\system32\imgutil.dll
    2013-06-07 08:03 . 2013-06-07 08:03    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
    2013-06-07 08:03 . 2013-06-07 08:03    167424    ----a-w-    c:\windows\system32\iexpress.exe
    2013-06-07 08:03 . 2013-06-07 08:03    149504    ----a-w-    c:\windows\system32\occache.dll
    2013-06-07 08:03 . 2013-06-07 08:03    144896    ----a-w-    c:\windows\system32\wextract.exe
    2013-06-07 08:03 . 2013-06-07 08:03    13824    ----a-w-    c:\windows\system32\mshta.exe
    2013-06-07 08:03 . 2013-06-07 08:03    136192    ----a-w-    c:\windows\system32\iepeers.dll
    2013-06-07 08:03 . 2013-06-07 08:03    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
    2013-06-07 08:03 . 2013-06-07 08:03    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
    2013-06-07 08:03 . 2013-06-07 08:03    102912    ----a-w-    c:\windows\system32\inseng.dll
    2013-06-07 08:03 . 2013-06-07 08:03    77312    ----a-w-    c:\windows\system32\tdc.ocx
    2013-06-07 08:03 . 2013-06-07 08:03    48640    ----a-w-    c:\windows\system32\mshtmler.dll
    2013-05-23 14:32 . 2012-07-28 03:42    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2013-05-13 05:51 . 2013-06-12 12:09    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
    2013-05-13 05:51 . 2013-06-12 12:09    1464320    ----a-w-    c:\windows\system32\crypt32.dll
    2013-05-13 05:51 . 2013-06-12 12:09    139776    ----a-w-    c:\windows\system32\cryptnet.dll
    2013-05-13 05:50 . 2013-06-12 12:09    52224    ----a-w-    c:\windows\system32\certenc.dll
    2013-05-13 04:45 . 2013-06-12 12:09    1160192    ----a-w-    c:\windows\SysWow64\crypt32.dll
    2013-05-13 04:45 . 2013-06-12 12:09    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
    2013-05-13 04:45 . 2013-06-12 12:09    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
    2013-05-13 03:43 . 2013-06-12 12:09    1192448    ----a-w-    c:\windows\system32\certutil.exe
    2013-05-13 03:08 . 2013-06-12 12:09    903168    ----a-w-    c:\windows\SysWow64\certutil.exe
    2013-05-13 03:08 . 2013-06-12 12:09    43008    ----a-w-    c:\windows\SysWow64\certenc.dll
    2013-05-10 05:49 . 2013-06-12 12:09    30720    ----a-w-    c:\windows\system32\cryptdlg.dll
    2013-05-10 03:20 . 2013-06-12 12:09    24576    ----a-w-    c:\windows\SysWow64\cryptdlg.dll
    2013-05-08 06:39 . 2013-06-12 12:09    1910632    ----a-w-    c:\windows\system32\drivers\tcpip.sys
    2013-05-02 15:29 . 2010-11-21 03:27    278800    ------w-    c:\windows\system32\MpSigStub.exe
    2013-05-01 08:59 . 2013-05-01 08:59    94208    ----a-w-    c:\windows\SysWow64\QuickTimeVR.qtx
    2013-05-01 08:59 . 2013-05-01 08:59    69632    ----a-w-    c:\windows\SysWow64\QuickTime.qts
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36    130736    ----a-w-    c:\users\Amy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36    130736    ----a-w-    c:\users\Amy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36    130736    ----a-w-    c:\users\Amy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36    130736    ----a-w-    c:\users\Amy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Mattel HWRC Launcher"="c:\users\Amy\AppData\Local\sswat_hwrc_win_live\mattelhwrc_launcher.exe" [2011-08-18 201976]
    "BIBLauncher"="c:\program files (x86)\Business-in-a-Box\BIBLauncher.exe" [2011-03-15 901600]
    "Akamai NetSession Interface"="c:\users\Amy\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
    "CAHeadless"="c:\program files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2011-09-15 835224]
    "PhotoshopElements8SyncAgent"="c:\program files (x86)\Adobe\Elements 10 Organizer\ElementsOrganizerSyncAgent.exe" [2011-09-15 1954456]
    "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 98304]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-10-22 2489456]
    "RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2011-07-08 611712]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
    "mxomssmenu"="c:\program files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
    "Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-07-05 295304]
    "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
    .
    c:\users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Amy\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-4-21 548528]
    QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
    Spyder3Utility.lnk - c:\program files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe [2008-3-19 6333954]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x]
    R3 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys;c:\windows\SYSNATIVE\drivers\ahcix64s.sys [x]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
    R3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys;c:\windows\SYSNATIVE\DRIVERS\btblan.sys [x]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
    S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe;c:\windows\SysWOW64\AsHookDevice.exe [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys;c:\windows\SYSNATIVE\DRIVERS\Spyder3.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
    Akamai    REG_MULTI_SZ       Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-29 16:23]
    .
    2013-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2715373166-2212892305-1478463620-1001Core.job
    - c:\users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-25 15:11]
    .
    2013-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2715373166-2212892305-1478463620-1001UA.job
    - c:\users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-25 15:11]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36    164016    ----a-w-    c:\users\Amy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36    164016    ----a-w-    c:\users\Amy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36    164016    ----a-w-    c:\users\Amy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36    164016    ----a-w-    c:\users\Amy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
    "WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\x3r8zyb1.default\
    FF - ExtSQL: 2013-07-15 12:20; {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}; c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\x3r8zyb1.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-DW7 - c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-ROES.whcc - c:\windows\system32\javaws.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-07-25  13:10:27
    ComboFix-quarantined-files.txt  2013-07-25 18:10
    .
    Pre-Run: 810,101,809,152 bytes free
    Post-Run: 821,289,701,376 bytes free
    .
    - - End Of File - - E997C0C3D85F9D79F3DB8273AE6FAB33
    4976D4A7A40B83FC7F06EE4BDD84EB9B
     



    #7 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:07:53 AM

    Posted 25 July 2013 - 09:09 PM

    Ok....how is your system running?  :)


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #8 amyhannay

    amyhannay
    • Topic Starter

    • Members
    • 19 posts
    • OFFLINE
    •  
    • Local time:07:53 AM

    Posted 26 July 2013 - 09:13 AM

    Seems to be fine!  Am I good to go?



    #9 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:07:53 AM

    Posted 26 July 2013 - 01:09 PM

    Great!  Let's get some updates and also check for anything else hiding...
     
    java-1.jpgJava
     
    Please go to Start > Control Panel > Programs and Features > uninstall all the Java Programs you see, now download the latest Java from the following link and install it:
     
    http://java.com/en/download/index.jsp
    ----------
     
    java-1.jpg
    See this page for instructions on how to clear java's cache.
     
    Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

    • Under Temporary Internet Files, click the Delete Files button.
    • There are three options in the window to clear the cache - Leave ALL 3 Checked
      •  

    Downloaded Applets
    Downloaded Applications
    Installed Applications and Applets

    • Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

    • Click OK to leave the Java Control Panel.
    •  

    ----------
     
    mbam-3.jpgMalwarebytes
     
    Please open Malwarebytes, update it and then run a Quick Scan.  Save the log that is created for your next reply.
    ----------
     
    ESET Online Scanner
     
    Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

    • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
    • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
    • Close the ESET online scan, and let me know how things are now.

    ----------


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #10 amyhannay

    amyhannay
    • Topic Starter

    • Members
    • 19 posts
    • OFFLINE
    •  
    • Local time:07:53 AM

    Posted 26 July 2013 - 01:29 PM

    Malware Log:

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.07.26.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16635
    Amy :: AMY-PC [administrator]

    7/26/2013 1:24:15 PM
    mbam-log-2013-07-26 (13-24-15).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 223953
    Time elapsed: 4 minute(s), 41 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     



    #11 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:07:53 AM

    Posted 26 July 2013 - 02:08 PM

    Malwarebytes looks good....when you get the ESET results post those as well.  :)


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #12 amyhannay

    amyhannay
    • Topic Starter

    • Members
    • 19 posts
    • OFFLINE
    •  
    • Local time:07:53 AM

    Posted 26 July 2013 - 04:36 PM

    Long scan...  results... not so good?  :unsure:

     

    C:\Program Files\QuickMediaConverter\ApnIC.dll    a variant of Win32/Bundled.Toolbar.Ask application
    C:\Program Files\QuickMediaConverter\ApnToolbarInstaller.exe    a variant of Win32/Bundled.Toolbar.Ask application
    C:\Users\Amy\Downloads\ADLSoft_UnCompressor_v2_3.exe    a variant of Win32/InstallCore.AG application
    C:\Users\Amy\Downloads\cbsidlm-cbsi4_1_3-PhotoScape-10703122.exe    a variant of Win32/CNETInstaller.A application
    C:\Users\Amy\Downloads\cnet2_Install-Hd-4-5-0-2_zip.exe    a variant of Win32/InstallCore.D application
    C:\Users\Amy\Downloads\cnet_ExcelCalendar_zip.exe    a variant of Win32/InstallCore.D application
    C:\Users\Amy\Downloads\DoubleClick-Ad-Planner_Allmyapps.exe    Win32/OpenCandy application
    C:\Users\Amy\Downloads\iLividSetupV1.exe    Win32/Toolbar.SearchSuite application
    C:\Users\Amy\Downloads\Install-Hd-4-5-0-2.zip    a variant of Win32/Bundled.Toolbar.Ask application
    C:\Users\Amy\Downloads\PFPortChecker.exe    a variant of Win32/Bundled.Toolbar.Ask.D application
    C:\Users\Amy\Downloads\Portforward-Setup-Static-IP-Address.exe    a variant of Win32/Bundled.Toolbar.Ask application
    C:\Users\Amy\Downloads\setup.exe    a variant of Win32/AirAdInstaller.A application
    C:\Users\Amy\Downloads\U_0113_01_P.msi    a variant of Win32/Bundled.Toolbar.Ask application
    C:\Windows\Installer\aab75f6.msi    a variant of Win32/Bundled.Toolbar.Ask application
     



    #13 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:07:53 AM

    Posted 26 July 2013 - 08:42 PM

    Hi,
     
    I have certainly seen worse.   :thumbsup2: 
     
    ComboFix

    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

      ClearJavaCache::
       
      File::
      C:\Program Files\QuickMediaConverter\ApnIC.dll    
      C:\Program Files\QuickMediaConverter\ApnToolbarInstaller.exe    
      C:\Users\Amy\Downloads\ADLSoft_UnCompressor_v2_3.exe    
      C:\Users\Amy\Downloads\cbsidlm-cbsi4_1_3-PhotoScape-10703122.exe    
      C:\Users\Amy\Downloads\cnet2_Install-Hd-4-5-0-2_zip.exe    
      C:\Users\Amy\Downloads\cnet_ExcelCalendar_zip.exe    
      C:\Users\Amy\Downloads\DoubleClick-Ad-Planner_Allmyapps.exe    
      C:\Users\Amy\Downloads\iLividSetupV1.exe    
      C:\Users\Amy\Downloads\Install-Hd-4-5-0-2.zip    
      C:\Users\Amy\Downloads\PFPortChecker.exe    
      C:\Users\Amy\Downloads\Portforward-Setup-Static-IP-Address.exe    
      C:\Users\Amy\Downloads\setup.exe    
      C:\Users\Amy\Downloads\U_0113_01_P.msi    
      C:\Windows\Installer\aab75f6.msi

    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
       
      CFScriptB-4.gif
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix may request an update; please allow it.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    ----------
     
    Post the new ComboFix log and let me know what remaining malware problems you are having.   :)


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #14 amyhannay

    amyhannay
    • Topic Starter

    • Members
    • 19 posts
    • OFFLINE
    •  
    • Local time:07:53 AM

    Posted 27 July 2013 - 08:54 AM

    Here you go!  Happy reading. :blink:

     

     

    ComboFix 13-07-25.02 - Amy 07/26/2013  21:26:16.3.2 - x64
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.1888 [GMT -5:00]
    Running from: c:\users\Amy\Desktop\ComboFix.exe
    Command switches used :: c:\users\Amy\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\program files\QuickMediaConverter\ApnIC.dll"
    "c:\program files\QuickMediaConverter\ApnToolbarInstaller.exe"
    "c:\users\Amy\Downloads\ADLSoft_UnCompressor_v2_3.exe"
    "c:\users\Amy\Downloads\cbsidlm-cbsi4_1_3-PhotoScape-10703122.exe"
    "c:\users\Amy\Downloads\cnet_ExcelCalendar_zip.exe"
    "c:\users\Amy\Downloads\cnet2_Install-Hd-4-5-0-2_zip.exe"
    "c:\users\Amy\Downloads\DoubleClick-Ad-Planner_Allmyapps.exe"
    "c:\users\Amy\Downloads\iLividSetupV1.exe"
    "c:\users\Amy\Downloads\Install-Hd-4-5-0-2.zip"
    "c:\users\Amy\Downloads\PFPortChecker.exe"
    "c:\users\Amy\Downloads\Portforward-Setup-Static-IP-Address.exe"
    "c:\users\Amy\Downloads\setup.exe"
    "c:\users\Amy\Downloads\U_0113_01_P.msi"
    "c:\windows\Installer\aab75f6.msi"
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\QuickMediaConverter\ApnIC.dll
    c:\program files\QuickMediaConverter\ApnToolbarInstaller.exe
    c:\users\Amy\Downloads\ADLSoft_UnCompressor_v2_3.exe
    c:\users\Amy\Downloads\cbsidlm-cbsi4_1_3-PhotoScape-10703122.exe
    c:\users\Amy\Downloads\cnet_ExcelCalendar_zip.exe
    c:\users\Amy\Downloads\cnet2_Install-Hd-4-5-0-2_zip.exe
    c:\users\Amy\Downloads\DoubleClick-Ad-Planner_Allmyapps.exe
    c:\users\Amy\Downloads\iLividSetupV1.exe
    c:\users\Amy\Downloads\Install-Hd-4-5-0-2.zip
    c:\users\Amy\Downloads\PFPortChecker.exe
    c:\users\Amy\Downloads\Portforward-Setup-Static-IP-Address.exe
    c:\users\Amy\Downloads\setup.exe
    c:\users\Amy\Downloads\U_0113_01_P.msi
    c:\windows\Installer\aab75f6.msi
    G:\Autorun.inf
    .
    .
    (((((((((((((((((((((((((   Files Created from 2013-06-27 to 2013-07-27  )))))))))))))))))))))))))))))))
    .
    .
    2013-07-27 02:33 . 2013-07-27 02:33    --------    d-----w-    c:\users\Public\AppData\Local\temp
    2013-07-27 02:33 . 2013-07-27 02:33    --------    d-----w-    c:\users\Default\AppData\Local\temp
    2013-07-26 18:30 . 2013-07-26 18:30    --------    d-----w-    c:\program files (x86)\ESET
    2013-07-26 18:18 . 2013-07-26 18:18    --------    d-----w-    c:\program files (x86)\Common Files\Java
    2013-07-26 18:18 . 2013-07-26 18:18    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-07-26 17:22 . 2013-07-02 08:34    9460976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ABC1EC11-C15B-4550-B551-29F973F45238}\mpengine.dll
    2013-07-26 08:11 . 2013-07-02 08:34    9460976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-07-26 08:06 . 2013-07-26 08:09    --------    d-----w-    c:\windows\system32\MRT
    2013-07-17 12:19 . 2013-07-17 12:19    941720    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD420D0A-D747-48F3-A083-6FCDB98AE5BB}\gapaengine.dll
    2013-07-11 04:33 . 2013-05-27 05:50    1011712    ----a-w-    c:\program files\Windows Defender\MpSvc.dll
    2013-07-10 14:26 . 2013-07-10 14:26    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-07-26 18:18 . 2012-09-28 21:11    867240    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
    2013-07-26 18:18 . 2011-07-11 15:08    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
    2013-07-22 16:23 . 2012-05-29 12:21    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
    2013-07-22 16:23 . 2011-07-08 14:57    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-24 05:57 . 2011-07-08 19:14    78277128    ----a-w-    c:\windows\system32\MRT.exe
    2013-06-23 13:58 . 2011-08-11 17:11    964552    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2013-06-12 19:12 . 2013-06-12 19:12    9089416    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
    2013-06-07 08:03 . 2013-06-07 08:03    226304    ----a-w-    c:\windows\system32\elshyph.dll
    2013-06-07 08:03 . 2013-06-07 08:03    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
    2013-06-07 08:03 . 2013-06-07 08:03    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
    2013-06-07 08:03 . 2013-06-07 08:03    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
    2013-06-07 08:03 . 2013-06-07 08:03    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
    2013-06-07 08:03 . 2013-06-07 08:03    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
    2013-06-07 08:03 . 2013-06-07 08:03    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
    2013-06-07 08:03 . 2013-06-07 08:03    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
    2013-06-07 08:03 . 2013-06-07 08:03    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
    2013-06-07 08:03 . 2013-06-07 08:03    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
    2013-06-07 08:03 . 2013-06-07 08:03    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
    2013-06-07 08:03 . 2013-06-07 08:03    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
    2013-06-07 08:03 . 2013-06-07 08:03    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
    2013-06-07 08:03 . 2013-06-07 08:03    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
    2013-06-07 08:03 . 2013-06-07 08:03    361984    ----a-w-    c:\windows\SysWow64\html.iec
    2013-06-07 08:03 . 2013-06-07 08:03    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
    2013-06-07 08:03 . 2013-06-07 08:03    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
    2013-06-07 08:03 . 2013-06-07 08:03    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
    2013-06-07 08:03 . 2013-06-07 08:03    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
    2013-06-07 08:03 . 2013-06-07 08:03    81408    ----a-w-    c:\windows\system32\icardie.dll
    2013-06-07 08:03 . 2013-06-07 08:03    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
    2013-06-07 08:03 . 2013-06-07 08:03    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
    2013-06-07 08:03 . 2013-06-07 08:03    441856    ----a-w-    c:\windows\system32\html.iec
    2013-06-07 08:03 . 2013-06-07 08:03    281600    ----a-w-    c:\windows\system32\dxtrans.dll
    2013-06-07 08:03 . 2013-06-07 08:03    27648    ----a-w-    c:\windows\system32\licmgr10.dll
    2013-06-07 08:03 . 2013-06-07 08:03    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
    2013-06-07 08:03 . 2013-06-07 08:03    247296    ----a-w-    c:\windows\system32\webcheck.dll
    2013-06-07 08:03 . 2013-06-07 08:03    235008    ----a-w-    c:\windows\system32\url.dll
    2013-06-07 08:03 . 2013-06-07 08:03    216064    ----a-w-    c:\windows\system32\msls31.dll
    2013-06-07 08:03 . 2013-06-07 08:03    197120    ----a-w-    c:\windows\system32\msrating.dll
    2013-06-07 08:03 . 2013-06-07 08:03    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
    2013-06-07 08:03 . 2013-06-07 08:03    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
    2013-06-07 08:03 . 2013-06-07 08:03    97280    ----a-w-    c:\windows\system32\mshtmled.dll
    2013-06-07 08:03 . 2013-06-07 08:03    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
    2013-06-07 08:03 . 2013-06-07 08:03    62976    ----a-w-    c:\windows\system32\pngfilt.dll
    2013-06-07 08:03 . 2013-06-07 08:03    599552    ----a-w-    c:\windows\system32\vbscript.dll
    2013-06-07 08:03 . 2013-06-07 08:03    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
    2013-06-07 08:03 . 2013-06-07 08:03    51200    ----a-w-    c:\windows\system32\imgutil.dll
    2013-06-07 08:03 . 2013-06-07 08:03    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
    2013-06-07 08:03 . 2013-06-07 08:03    167424    ----a-w-    c:\windows\system32\iexpress.exe
    2013-06-07 08:03 . 2013-06-07 08:03    149504    ----a-w-    c:\windows\system32\occache.dll
    2013-06-07 08:03 . 2013-06-07 08:03    144896    ----a-w-    c:\windows\system32\wextract.exe
    2013-06-07 08:03 . 2013-06-07 08:03    13824    ----a-w-    c:\windows\system32\mshta.exe
    2013-06-07 08:03 . 2013-06-07 08:03    136192    ----a-w-    c:\windows\system32\iepeers.dll
    2013-06-07 08:03 . 2013-06-07 08:03    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
    2013-06-07 08:03 . 2013-06-07 08:03    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
    2013-06-07 08:03 . 2013-06-07 08:03    102912    ----a-w-    c:\windows\system32\inseng.dll
    2013-06-07 08:03 . 2013-06-07 08:03    77312    ----a-w-    c:\windows\system32\tdc.ocx
    2013-06-07 08:03 . 2013-06-07 08:03    48640    ----a-w-    c:\windows\system32\mshtmler.dll
    2013-05-23 14:32 . 2012-07-28 03:42    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2013-05-13 05:51 . 2013-06-12 12:09    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
    2013-05-13 05:51 . 2013-06-12 12:09    1464320    ----a-w-    c:\windows\system32\crypt32.dll
    2013-05-13 05:51 . 2013-06-12 12:09    139776    ----a-w-    c:\windows\system32\cryptnet.dll
    2013-05-13 05:50 . 2013-06-12 12:09    52224    ----a-w-    c:\windows\system32\certenc.dll
    2013-05-13 04:45 . 2013-06-12 12:09    1160192    ----a-w-    c:\windows\SysWow64\crypt32.dll
    2013-05-13 04:45 . 2013-06-12 12:09    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
    2013-05-13 04:45 . 2013-06-12 12:09    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
    2013-05-13 03:43 . 2013-06-12 12:09    1192448    ----a-w-    c:\windows\system32\certutil.exe
    2013-05-13 03:08 . 2013-06-12 12:09    903168    ----a-w-    c:\windows\SysWow64\certutil.exe
    2013-05-13 03:08 . 2013-06-12 12:09    43008    ----a-w-    c:\windows\SysWow64\certenc.dll
    2013-05-10 05:49 . 2013-06-12 12:09    30720    ----a-w-    c:\windows\system32\cryptdlg.dll
    2013-05-10 03:20 . 2013-06-12 12:09    24576    ----a-w-    c:\windows\SysWow64\cryptdlg.dll
    2013-05-08 06:39 . 2013-06-12 12:09    1910632    ----a-w-    c:\windows\system32\drivers\tcpip.sys
    2013-05-02 15:29 . 2010-11-21 03:27    278800    ------w-    c:\windows\system32\MpSigStub.exe
    2013-05-01 08:59 . 2013-05-01 08:59    94208    ----a-w-    c:\windows\SysWow64\QuickTimeVR.qtx
    2013-05-01 08:59 . 2013-05-01 08:59    69632    ----a-w-    c:\windows\SysWow64\QuickTime.qts
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36    130736    ----a-w-    c:\users\Amy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36    130736    ----a-w-    c:\users\Amy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36    130736    ----a-w-    c:\users\Amy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36    130736    ----a-w-    c:\users\Amy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Mattel HWRC Launcher"="c:\users\Amy\AppData\Local\sswat_hwrc_win_live\mattelhwrc_launcher.exe" [2011-08-18 201976]
    "BIBLauncher"="c:\program files (x86)\Business-in-a-Box\BIBLauncher.exe" [2011-03-15 901600]
    "Akamai NetSession Interface"="c:\users\Amy\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
    "CAHeadless"="c:\program files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2011-09-15 835224]
    "PhotoshopElements8SyncAgent"="c:\program files (x86)\Adobe\Elements 10 Organizer\ElementsOrganizerSyncAgent.exe" [2011-09-15 1954456]
    "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 98304]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-10-22 2489456]
    "RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2011-07-08 611712]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
    "mxomssmenu"="c:\program files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
    "Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-07-05 295304]
    "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
    .
    c:\users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Amy\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-4-21 548528]
    QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
    Spyder3Utility.lnk - c:\program files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe [2008-3-19 6333954]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x]
    R3 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys;c:\windows\SYSNATIVE\drivers\ahcix64s.sys [x]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
    R3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys;c:\windows\SYSNATIVE\DRIVERS\btblan.sys [x]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
    S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe;c:\windows\SysWOW64\AsHookDevice.exe [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys;c:\windows\SYSNATIVE\DRIVERS\Spyder3.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
    Akamai    REG_MULTI_SZ       Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-29 16:23]
    .
    2013-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2715373166-2212892305-1478463620-1001Core.job
    - c:\users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-25 15:11]
    .
    2013-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2715373166-2212892305-1478463620-1001UA.job
    - c:\users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-25 15:11]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36    164016    ----a-w-    c:\users\Amy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36    164016    ----a-w-    c:\users\Amy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36    164016    ----a-w-    c:\users\Amy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36    164016    ----a-w-    c:\users\Amy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
    "WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\x3r8zyb1.default\
    FF - ExtSQL: 2013-07-15 12:20; {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}; c:\users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\x3r8zyb1.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-07-26  21:35:35
    ComboFix-quarantined-files.txt  2013-07-27 02:35
    ComboFix2.txt  2013-07-25 18:10
    .
    Pre-Run: 818,235,265,024 bytes free
    Post-Run: 818,214,895,616 bytes free
    .
    - - End Of File - - 924304583BB3BD2112EF967418155C17
    4976D4A7A40B83FC7F06EE4BDD84EB9B
     



    #15 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:07:53 AM

    Posted 27 July 2013 - 09:41 AM

    and let me know what remaining malware problems you are having.

    :guitar:


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users