Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Repeated alerts of "JS-Includer trojan" by AV during web-browsing


  • This topic is locked This topic is locked
15 replies to this topic

#1 pandabird

pandabird

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:14 AM

Posted 13 August 2013 - 03:40 PM

As I have mentioned, I am getting repeated alerts of  the "JS-Includer-AHH trojan" by my AV during web-browsing. This just started over the last day; so far I have gotten at least 25 alerts of "blocks" for this by my AV. It seems like I have an infection that is being triggered by something. 

 

In addition, my AV found the HTML:FBJack-A trojan while visiting a site; this was blocked.by my AV program.

 

Other malware that has been found recently includes: [These infections all occurred since 5-12-2013, most in May before I did a major computer malware cleaning]

Win32:Malware.gen  

Win32:HiddenStart [PUP]

java: Malware-gen [Trj]

java: CVE-2012-1723-AMO

Win32:PSWtool-AP [PUP]

 

I can attach my Virus Chest Log of recent detections and my recent AV Alert log if requested.

 

I have run my AV on full, ran Malwarebytes, ran Super-Anti-Spyware yet I still get the alerts from the infection. Nothing was detected by those programs. This seems like a VERY NASTY and persistant infection for which I will need to use some special approaches, perhaps modifying registry keys, etc. I would appreciate help with removing this as soon as possible.

 

I must note that I just did a thourough malware cleaning of my computer a month ago yet nothing was detected then. I am very cautious and security conscious with my computer/internet use. It is possible that a setting got changed or there was another trigger that allowed an "existing infection" to become active.  You may see the thread for what was done then on this site.

 

I am posting the DDS logs below. Thank you.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
Run by OWNER at 15:57:49 on 2013-08-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5992.2422 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Windows\system32\lxeacoms.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\PDF Architect\HelperService.exe
C:\Program Files (x86)\PDF Architect\ConversionService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSInterface.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\mmc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\PROGRA~2\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Windows Internet Explorer provided by Comcast
BHO: PDF Architect Helper: {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENDN~1.LNK - C:\Windows\Installer\{DEF3592F-0751-4632-9875-8BF9AD602898}\_60ADE4ADDDB9C7178BB901.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F05C40B3-B398-43AB-B672-737E6F5D766A} : NameServer = 208.67.220.220,208.67.222.222
TCP: Interfaces\{F05C40B3-B398-43AB-B672-737E6F5D766A} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWindow Title = Windows Internet Explorer provided by Comcast
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [lxeamon.exe] "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/nwshp?hl=en&tab=wn
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\OWNER\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: C:\Users\OWNER\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\OWNER\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\OWNER\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-07-15 17:56; isreaditlater@ideashower.com; C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\isreaditlater@ideashower.com
FF - ExtSQL: 2013-07-29 02:40; FFPDFArchitectConverter@pdfarchitect.com; C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF - ExtSQL: 2013-08-01 10:23; jid1-F9UJ2thwoAm5gQ@jetpack; C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
FF - ExtSQL: 2013-08-01 10:56; troubleshooter@mozilla.org; C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\troubleshooter@mozilla.org.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-8-31 22600]
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-5-2 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-5-2 189936]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-3-31 55856]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-5-2 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-5-2 378944]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-5-2 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-5-2 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-12 46808]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-31 13336]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-8-3 352248]
R2 lxea_device;lxea_device;C:\Windows\System32\lxeacoms.exe -service --> C:\Windows\System32\lxeacoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-26 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-26 701512]
R2 PDF Architect Helper Service;PDF Architect Helper Service;C:\Program Files (x86)\PDF Architect\HelperService.exe [2013-4-8 1320496]
R2 PDF Architect Service;PDF Architect Service;C:\Program Files (x86)\PDF Architect\ConversionService.exe [2013-4-8 799280]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-19 399416]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-6-19 1688384]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-6 331264]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-3-31 406056]
R3 KeyScrambler;KeyScrambler;C:\Windows\System32\drivers\keyscrambler.sys [2011-12-1 222232]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech Webcam 500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-6-6 25928]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
R3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;C:\Windows\System32\drivers\stdriver64.sys [2011-12-1 103512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DNSCrypt;OpenDNSCrypt;C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe [2012-8-3 14336]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxeaserv.exe [2010-4-14 45736]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-4 103448]
S3 DirMngr;DirMngr;C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [2011-3-2 224256]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-3-31 158976]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-27 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-27 57856]
S3 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-5 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
S4 DbgSvc;Debug Diagnostic Service;C:\Program Files\DebugDiag\DbgSvc.exe [2011-7-12 451848]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .js: Applications\Picasa3.exe="C:\Program Files (x86)\Google\Picasa3\Picasa3.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-08-13 14:40:52    76232    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B6B65EC6-4FCE-4F8C-BBAD-2388C2B5D18D}\offreg.dll
2013-08-13 12:29:36    9460976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B6B65EC6-4FCE-4F8C-BBAD-2388C2B5D18D}\mpengine.dll
2013-07-30 23:31:15    --------    d-----w-    C:\Users\OWNER\AppData\Roaming\FamilyTreeMaker
2013-07-30 22:43:31    --------    d-----w-    C:\Users\OWNER\AppData\Local\Ancestry.com
2013-07-30 22:42:11    --------    d-----w-    C:\Program Files (x86)\Family Tree Maker 2012
2013-07-30 22:41:57    --------    d-----w-    C:\IExp1.tmp
2013-07-30 22:41:53    --------    d-----w-    C:\Windows\RegisteredPackages
2013-07-30 22:41:53    --------    d-----w-    C:\IExp0.tmp
2013-07-30 22:41:52    --------    d--h--w-    C:\Windows\msdownld.tmp
2013-07-30 22:41:51    --------    d-----w-    C:\Program Files (x86)\Windows Media Components
2013-07-30 22:37:43    --------    d--h--w-    C:\ProgramData\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}
2013-07-29 06:55:54    --------    d-----w-    C:\Program Files (x86)\PDF Architect
2013-07-29 06:53:30    --------    d-----w-    C:\Users\OWNER\AppData\Roaming\PDF Software
2013-07-29 06:53:30    --------    d-----w-    C:\Program Files (x86)\Common Files\PDF Architect
2013-07-29 06:42:33    --------    d-----w-    C:\Users\OWNER\AppData\Roaming\PDF Architect
2013-07-29 06:40:28    137000    ----a-w-    C:\Windows\SysWow64\MSMAPI32.OCX
2013-07-29 06:40:27    23552    ----a-w-    C:\Windows\SysWow64\MSMPIDE.DLL
2013-07-29 06:40:27    --------    d-----w-    C:\Program Files (x86)\PDFCreator
2013-07-17 17:49:37    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-07-16 21:25:02    --------    d-s---w-    C:\ComboFix
.
==================== Find3M  ====================
.
2013-07-28 03:27:15    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-28 03:27:13    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-07 02:59:59    189936    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-07-07 02:59:59    1030952    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-06-11 23:43:37    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-06-11 23:25:16    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 15:36:55    260    ----a-w-    C:\Windows\SysWow64\cmdVBS.vbs
2013-06-07 15:36:55    256    ----a-w-    C:\Windows\SysWow64\MSIevent.bat
2013-06-07 03:22:18    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-06-04 13:15:02    103448    ----a-w-    C:\Windows\System32\drivers\ssudbus.sys
2013-06-04 13:15:00    203672    ----a-w-    C:\Windows\System32\drivers\ssudmdm.sys
2013-06-04 06:00:13    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-04 04:53:07    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-05-25 18:23:09    74703    ----a-w-    C:\Windows\SysWow64\mfc45.dat
2011-01-18 08:53:32    2994688    ----a-w-    C:\Program Files (x86)\openofficeorg33.msi
.
============= FINISH: 15:58:40.15 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/5/2011 10:15:37 PM
System Uptime: 8/13/2013 2:33:43 PM (1 hours ago)
.
Motherboard: Dell Inc. |  | 0Y2MRG
Processor: Intel® Core™ i5-2300 CPU @ 2.80GHz | CPU 1 | 2801/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 919 GiB total, 721.637 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP404: 7/23/2013 2:57:43 PM - Windows Update
RP405: 7/23/2013 11:54:38 PM - Installed Adobe Shockwave Player 12.0.
RP406: 7/23/2013 11:55:58 PM - Installed Adobe Flash Player 11 Plugin.
RP407: 7/27/2013 11:26:38 PM - Installed Adobe Flash Player 11 ActiveX.
RP408: 7/29/2013 2:54:01 AM - Removed PDF Architect
RP409: 7/29/2013 2:54:58 AM - Installed PDF Architect
RP410: 7/30/2013 1:37:13 PM - Windows Update
RP411: 7/30/2013 2:17:28 PM - Pre FTM 2013 install
RP412: 7/31/2013 2:50:28 AM - Windows Update
RP413: 7/31/2013 3:41:26 PM - Windows Update
RP414: 8/6/2013 3:48:09 PM - Windows Update
RP415: 8/9/2013 4:03:06 PM - Windows Update
RP416: 8/10/2013 12:15:24 AM - Revo Uninstaller's restore point - Adobe Shockwave Player 12.0
RP417: 8/10/2013 12:17:37 AM - Revo Uninstaller's restore point - Adobe Shockwave Player 12.0
RP418: 8/10/2013 12:22:36 AM - Revo Uninstaller's restore point - PDF24 Creator 3.3.0
RP419: 8/10/2013 12:23:16 AM - Revo Uninstaller's restore point - PDF24 Creator 3.3.0
RP420: 8/13/2013 8:29:09 AM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
Amazon Kindle
Amazon MP3 Downloader 1.0.15
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Audacity 1.3.14 (Unicode)
Auslogics Disk Defrag
Auslogics Duplicate File Finder
avast! Ad Blocker
avast! Free Antivirus
Belarc Advisor 8.2
Best Buy pc app
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Bonjour
CameraHelperMsi
Carbonite
CCleaner
Cisco WebEx Meetings
D3DX10
Debug Diagnostics 1.2
Debut Video Capture Software
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
DirectX 9 Runtime
DjVuLibre+DjView
DNSCrypt
DW WLAN Card
erLT
ESET Online Scanner v3
Express Burn Disc Burning Software
Family Tree Maker 2009
Family Tree Maker 2012
FFmpeg v0.6.2 for Audacity
FileZilla Client 3.5.3
Garmin POI Loader
Garmin USB Drivers
Google Chrome
Google Earth
Google Update Helper
GoToAssist Corporate
GoToMeeting 5.1.0.880
Gpg4win (2.1.0)
Hewlett-Packard ACLM.NET v1.1.0.0
HiJackThis
HitmanPro 3.7
hp officejet 7100 series
HP Photo Printing Software
HP Product Detection
HP Share-to-Web
Hulu Desktop
IHA_MessageCenter
ImgBurn
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® Rapid Storage Technology
IrfanView (remove only)
IsoBuster 2.8.5
Java Auto Updater
Junk Mail filter update
KeePass Password Safe 1.19b
KeyScrambler
LAME v3.99.3 (for Windows)
Lexmark Printable Web
Lexmark S300-S400 Series
Lexmark Toolbar
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft WorldWide Telescope
Microsoft WSE 3.0
MixPad Audio Mixer
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.8 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
Multimedia Card Reader
My Dell
NirSoft BlueScreenView
OpenDNS Updater 2.2.1
Paint.NET v3.5.10
PDF Architect
PDFCreator
pdfforge PDFArchitect 0.5.1.437
PhotoPad Image Editor
PhotoShowExpress
Picasa 3
Pixillion Image Converter
Prism Video File Converter
QuickTime
RBVirtualFolder64Inst
Realtek High Definition Audio Driver
Recuva
Revo Uninstaller 1.94
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Sanyo Katana DLX USB - Handset Manager V9.5
Secunia PSI (2.0.0.3003)
Security Task Manager 1.8d
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
SES Driver
Skype Click to Call
Skype™ 6.7
Sonic CinePlayer Decoder Pack
Speccy
Spotflux
SUPERAntiSpyware
swMSM
System Requirements Lab for Intel
THX TruStudio PC
TransferBigFiles Desktop Client
Tweaking.com - Registry Backup
Tweaking.com - Windows Repair (All in One)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VideoPad Video Editor
Vz In Home Agent
WavePad Sound Editor
WinDirStat 1.1.2
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (03/06/2009 1.0.0008.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WinPcap 4.1.1
.
==== Event Viewer Messages From Past Week ========
.
8/13/2013 8:33:26 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
8/13/2013 8:25:04 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:  An instance of the service is already running.
8/13/2013 8:24:34 AM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/13/2013 8:24:33 AM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
8/13/2013 2:58:17 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error:  An instance of the service is already running.
8/13/2013 2:57:17 PM, Error: Service Control Manager [7031]  - The CarboniteService service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/13/2013 2:40:19 PM, Error: Service Control Manager [7023]  - The HP Network Devices Support service terminated with the following error:  The specified module could not be found.
8/13/2013 2:38:19 PM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
8/13/2013 2:36:49 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.
8/13/2013 2:36:49 PM, Error: Service Control Manager [7000]  - The lxeaCATSCustConnectService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/13/2013 2:21:55 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Pml Driver HPZ12 service to connect.
8/13/2013 2:21:55 PM, Error: Service Control Manager [7000]  - The Pml Driver HPZ12 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 

 

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,538 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:14 AM

Posted 17 August 2013 - 08:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.

Let me know what problem persists.

#3 pandabird

pandabird
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:14 AM

Posted 20 August 2013 - 07:45 PM

I typed "Adware" into my search bar then Windows Defender started scanning.  I didn't think that Windows Defender was activated on my machine but somehow it must be runniing without my knowledge. (An icon on the taskbar/desk or other notice on this program would be nice)  I've never noticed this over the 2 yrs I've had my computer despite going to help forums in the past too.

 

I know that only one AV program should be on the system and i have Avast. How do I disable Windows Defender?



#4 pandabird

pandabird
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:14 AM

Posted 20 August 2013 - 11:55 PM

I downnloaded the above programs and ran them.  My AV was disabled prior to running the JRT and Combofix.
The logs are pasted below.  I did have an error message that popped up when JRT ran yet it continued to run. See attached screen shot.
 
# AdwCleaner v3.000 - Report created 20/08/2013 at 21:18:26
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : OWNER - OWNER-PC
# Running from : C:\Users\OWNER\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\jetpack

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [OpenDNS Updater]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\prefs.js ]

Line Found : user_pref("extensions.greasemonkey.scriptvals.hxxp://userscripts.org/users/86416/Social Fixer.1003347172/friendslist", "for (;;);{\"__ar\":1,\"payload\":{\"entries\":[{\"uid\":1025526573,\"photo\":\"h[...]
Line Found : user_pref("extensions.greasemonkey.scriptvals.hxxp://userscripts.org/users/86416/Social Fixer.1003347172/prefs", "{\"update_show_after\":1353659821366,\"friend_tracker\":{\"friends\":{\"1320067768\":{[...]
Line Found : user_pref("extensions.greasemonkey.scriptvals.hxxp://userscripts.org/users/86416/Social Fixer.1003347172/typeahead_new", "for (;;);{\"__ar\":1,\"payload\":{\"entries\":[{\"uid\":1025526573,\"photo\":\[...]
Line Found : user_pref("extensions.linkextend.addit.remoteInstallItems", "{ \"software\": {\"7\": {\"id\": \"7\",\"title\": \"Billeo\",\"type\": \"XPI\",\"url\": \"hxxps://addons.mozilla.org/firefox/downloads/file[...]
Line Found : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Found : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Found : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
Line Found : user_pref("socialfixer.1003347172/friendslist", "for (;;);{\"__ar\":1,\"payload\":{\"entries\":[{\"uid\":657551512,\"photo\":\"hxxps:\\/\\/fbcdn-profile-a.akamaihd.net\\/hprofile-ak-prn2\\/276216_6575[...]
Line Found : user_pref("socialfixer.1003347172/prefs", "{\"installed_on_5\":1343794404399,\"sfx_donate_check_time2\":1346993222765,\"last_message_check\":1377015155706,\"tip_show_after\":1362513316555,\"update_sho[...]

[ File : C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\lxg22szv.default\prefs.js ]


[ File : C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\ojzlqqs7.profile052308unknown\prefs.js ]


[ File : C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\twnqgpjp.rkap11272012\prefs.js ]


-\\ Google Chrome v28.0.1500.95

[ File : C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\USER 1\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4011 octets] - [20/08/2013 21:18:26]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4071 octets] ##########
 
==================================================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.1 (08.19.2013:1)
OS: Windows 7 Home Premium x64
Ran by OWNER on Tue 08/20/2013 at 21:26:32.49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askchecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askchecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\askchecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\askchecker_RASMANCS



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\OWNER\AppData\Roaming\mozilla\firefox\profiles\6xcqg4yz.profile052308\prefs.js

user_pref("extensions.linkextend.addit.remoteInstallItems", "{ \"software\": {\"7\": {\"id\": \"7\",\"title\": \"Billeo\",\"type\": \"XPI\",\"url\": \"hxxps://addons.mozilla.o
user_pref("socialfixer.1003347172/cached_content/donate_pagelet", "{\"expires_on\":1347679559823,\"content\":\"<div style=\\\"background-color:#ffffcc;border:1px solid #cccc99
user_pref("socialfixer.1003347172/cached_content/tips_pagelet", "{\"expires_on\":1363668551168,\"content\":[{\"id\":101,\"content\":\"<div style=\\\"border:2px solid #cccc99;p
Emptied folder: C:\Users\OWNER\AppData\Roaming\mozilla\firefox\profiles\6xcqg4yz.profile052308\minidumps [8 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/20/2013 at 21:30:45.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
==============================
ComboFix 13-08-20.01 - OWNER 08/21/2013   0:15.4.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5992.4066 [GMT -4:00]
Running from: c:\users\OWNER\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6280\AddOnDownloaded\357a8a4f-74a2-42f1-aed0-bea5984fd709.dll
c:\programdata\PCDr\6280\AddOnDownloaded\393c4795-5a95-448d-89c3-2d1321ae7575.dll
c:\programdata\PCDr\6280\AddOnDownloaded\97b26c73-ba78-4c33-81e8-2f3210990c0e.dll
c:\programdata\PCDr\6280\AddOnDownloaded\9a29e1fb-664e-4651-a32c-e1ab34198ded.dll
c:\programdata\PCDr\6280\AddOnDownloaded\ad3867bf-de78-4ebd-93f2-0811b275b627.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-21 to 2013-08-21  )))))))))))))))))))))))))))))))
.
.
2013-08-21 04:21 . 2013-08-21 04:21    --------    d-----w-    c:\users\USER 1\AppData\Local\temp
2013-08-21 04:21 . 2013-08-21 04:21    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-08-21 04:21 . 2013-08-21 04:21    --------    d-----w-    c:\users\LocalService\AppData\Local\temp
2013-08-21 04:21 . 2013-08-21 04:21    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-08-21 04:21 . 2013-08-21 04:21    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2013-08-21 01:18 . 2013-08-21 01:18    --------    d-----w-    C:\AdwCleaner
2013-08-21 00:39 . 2013-08-21 00:39    76232    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{A730FD9A-11C2-418E-B60B-9BCBD1816F35}\offreg.dll
2013-08-20 20:05 . 2013-07-02 08:34    9460976    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{A730FD9A-11C2-418E-B60B-9BCBD1816F35}\mpengine.dll
2013-08-17 07:41 . 2013-08-17 07:41    --------    d-----w-    c:\users\OWNER\AppData\Roaming\QuickScan
2013-08-16 04:35 . 2013-08-16 04:35    --------    d-----w-    c:\program files (x86)\FileZilla FTP Client
2013-08-15 08:20 . 2013-08-15 08:20    --------    d-----w-    C:\Quarantine
2013-08-15 07:08 . 2013-08-15 07:12    --------    d-----w-    c:\windows\system32\MRT
2013-08-15 05:14 . 2013-08-15 05:14    --------    d-----w-    c:\users\OWNER\AppData\Roaming\TrojanHunter
2013-08-15 02:43 . 2013-08-15 02:43    --------    d-----w-    c:\programdata\TrojanHunter
2013-08-15 02:43 . 2013-08-19 05:57    --------    d-----w-    c:\program files (x86)\TrojanHunter 5.5
2013-08-14 16:23 . 2013-07-09 06:03    5550528    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-08-14 16:23 . 2013-07-09 05:54    1732032    ----a-w-    c:\windows\system32\ntdll.dll
2013-08-14 16:23 . 2013-07-09 05:53    243712    ----a-w-    c:\windows\system32\wow64.dll
2013-08-14 16:23 . 2013-07-09 04:53    1292192    ----a-w-    c:\windows\SysWow64\ntdll.dll
2013-08-14 16:23 . 2013-07-09 04:52    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-08-14 16:23 . 2013-07-09 02:49    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-08-14 16:23 . 2013-07-09 02:49    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-08-14 16:23 . 2013-07-09 02:49    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-08-14 16:23 . 2013-07-09 02:49    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-08-14 16:23 . 2013-07-06 06:03    1910208    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-08-14 16:23 . 2013-06-15 04:32    39936    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 08:15 . 2013-08-14 08:15    --------    d-----w-    c:\programdata\Sophos
2013-08-14 08:14 . 2013-08-14 08:14    73728    ----a-r-    c:\users\OWNER\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-08-14 08:14 . 2013-08-14 08:14    73728    ----a-r-    c:\users\OWNER\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-08-14 08:14 . 2013-08-14 08:14    73728    ----a-r-    c:\users\OWNER\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-08-14 08:14 . 2013-08-14 08:14    --------    d-----w-    c:\program files (x86)\Sophos
2013-08-14 06:08 . 2013-08-14 06:08    --------    d-----w-    C:\EEK
2013-08-14 02:10 . 2013-08-14 02:10    --------    d-----w-    c:\programdata\IObit
2013-08-14 02:10 . 2013-08-14 02:10    --------    d-----w-    c:\program files (x86)\IObit
2013-08-13 22:07 . 2013-08-13 22:07    --------    d-----w-    c:\users\OWNER\AppData\Roaming\Simply Super Software
2013-08-13 22:07 . 2013-08-13 22:27    --------    d-----w-    c:\program files (x86)\Trojan Remover
2013-08-07 01:02 . 2013-08-07 14:45    --------    d-----w-    c:\program files (x86)\Mozilla Thunderbird
2013-07-30 23:31 . 2013-07-30 23:31    --------    d-----w-    c:\users\OWNER\AppData\Roaming\FamilyTreeMaker
2013-07-30 22:43 . 2013-07-30 22:43    --------    d-----w-    c:\users\OWNER\AppData\Local\Ancestry.com
2013-07-30 22:42 . 2013-07-31 16:20    --------    d-----w-    c:\program files (x86)\Family Tree Maker 2012
2013-07-30 22:41 . 2013-07-30 22:46    --------    d--h--w-    c:\windows\msdownld.tmp
2013-07-30 22:41 . 2013-07-30 22:41    --------    d-----w-    c:\program files (x86)\Windows Media Components
2013-07-30 22:37 . 2013-08-10 03:50    --------    d--h--w-    c:\programdata\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}
2013-07-29 06:55 . 2013-07-29 06:55    --------    d-----w-    c:\program files (x86)\PDF Architect
2013-07-29 06:53 . 2013-07-29 07:02    --------    d-----w-    c:\program files (x86)\Common Files\PDF Architect
2013-07-29 06:53 . 2013-07-29 06:53    --------    d-----w-    c:\users\OWNER\AppData\Roaming\PDF Software
2013-07-29 06:42 . 2013-07-29 06:42    --------    d-----w-    c:\users\OWNER\AppData\Roaming\PDF Architect
2013-07-29 06:40 . 2012-05-05 15:54    137000    ----a-w-    c:\windows\SysWow64\MSMAPI32.OCX
2013-07-29 06:40 . 2013-08-13 05:56    --------    d-----w-    c:\program files (x86)\PDFCreator
2013-07-29 06:40 . 2012-05-05 15:54    23552    ----a-w-    c:\windows\SysWow64\MSMPIDE.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-15 07:08 . 2011-06-06 03:42    78161360    ----a-w-    c:\windows\system32\MRT.exe
2013-07-28 03:27 . 2012-03-31 02:34    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-28 03:27 . 2011-06-06 08:39    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-09 04:45 . 2013-07-09 04:45    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-07-09 04:45 . 2013-07-09 04:45    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-07-09 04:45 . 2013-07-09 04:45    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-07-09 04:45 . 2013-07-09 04:45    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-07-09 04:45 . 2013-07-09 04:45    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-07-09 04:45 . 2013-07-09 04:45    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-07-09 04:45 . 2013-07-09 04:45    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-07-09 04:45 . 2013-07-09 04:45    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-07-09 04:45 . 2013-07-09 04:45    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-07-09 04:45 . 2013-07-09 04:45    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-07-09 04:45 . 2013-07-09 04:45    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-07-09 04:45 . 2013-07-09 04:45    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-07-09 04:45 . 2013-07-09 04:45    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-07-09 04:45 . 2013-07-09 04:45    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-07-09 04:45 . 2013-07-09 04:45    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-07-09 04:45 . 2013-07-09 04:45    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-07-09 04:45 . 2013-07-09 04:45    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-07-09 04:45 . 2013-07-09 04:45    441856    ----a-w-    c:\windows\system32\html.iec
2013-07-09 04:45 . 2013-07-09 04:45    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-07-09 04:45 . 2013-07-09 04:45    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-07-09 04:45 . 2013-07-09 04:45    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-07-09 04:45 . 2013-07-09 04:45    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-07-09 04:45 . 2013-07-09 04:45    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-07-09 04:45 . 2013-07-09 04:45    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-07-09 04:45 . 2013-07-09 04:45    235008    ----a-w-    c:\windows\system32\url.dll
2013-07-09 04:45 . 2013-07-09 04:45    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-07-09 04:45 . 2013-07-09 04:45    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-07-09 04:45 . 2013-07-09 04:45    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-07-09 04:45 . 2013-07-09 04:45    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-07-09 04:45 . 2013-07-09 04:45    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-07-09 04:45 . 2013-07-09 04:45    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-07-09 04:45 . 2013-07-09 04:45    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-07-09 04:45 . 2013-07-09 04:45    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-07-09 04:45 . 2013-07-09 04:45    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-07-09 04:45 . 2013-07-09 04:45    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-07-09 04:45 . 2013-07-09 04:45    149504    ----a-w-    c:\windows\system32\occache.dll
2013-07-09 04:45 . 2013-07-09 04:45    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-07-09 04:45 . 2013-07-09 04:45    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-07-09 04:45 . 2013-07-09 04:45    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-07-09 04:45 . 2013-07-09 04:45    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-07-09 04:45 . 2013-07-09 04:45    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-07-09 04:45 . 2013-07-09 04:45    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-07-09 04:45 . 2013-07-09 04:45    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-07-09 04:45 . 2013-07-09 04:45    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-07-09 04:45 . 2013-07-09 04:45    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-07-09 04:45 . 2013-07-09 04:45    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-07-09 04:45 . 2013-07-09 04:45    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-07-09 04:45 . 2013-07-09 04:45    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-07-09 04:45 . 2013-07-09 04:45    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-07-09 04:45 . 2013-08-14 16:23    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-07-08 16:48 . 2013-07-08 15:43    181064    ----a-w-    c:\windows\PSEXESVC.EXE
2013-07-07 02:59 . 2013-05-02 13:25    378944    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-07-07 02:59 . 2013-05-02 13:25    189936    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-07-07 02:59 . 2013-05-02 13:25    1030952    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-06-07 15:36 . 2013-06-07 15:36    260    ----a-w-    c:\windows\SysWow64\cmdVBS.vbs
2013-06-07 15:36 . 2013-06-07 15:36    256    ----a-w-    c:\windows\SysWow64\MSIevent.bat
2013-06-05 03:34 . 2013-07-10 16:24    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-06-04 13:15 . 2013-06-04 13:15    103448    ----a-w-    c:\windows\system32\drivers\ssudbus.sys
2013-06-04 13:15 . 2013-06-04 13:15    203672    ----a-w-    c:\windows\system32\drivers\ssudmdm.sys
2013-06-04 06:00 . 2013-07-10 16:24    624128    ----a-w-    c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 16:24    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
2013-05-25 18:23 . 2012-07-27 05:18    74703    ----a-w-    c:\windows\SysWow64\mfc45.dat
2013-05-25 04:45 . 2010-07-09 14:22    388096    ----a-r-    c:\users\OWNER\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-18 08:53 . 2011-01-18 08:53    2994688    ----a-w-    c:\program files (x86)\openofficeorg33.msi
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-06-13 13:37    1020936    ----a-r-    c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-06-13 13:37    1020936    ----a-r-    c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-06-13 13:37    1020936    ----a-r-    c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"OpenDNS Updater"="c:\program files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2013-06-13 1066504]
.
c:\users\USER 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
OpenDNSCrypt.lnk - c:\windows\Installer\{DEF3592F-0751-4632-9875-8BF9AD602898}\_60ADE4ADDDB9C7178BB901.exe [2013-6-7 4710]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0Secunia PSI Tray\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
"UpdReg"=c:\windows\UpdReg.EXE
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxeaserv.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp64.sys;c:\eek\Run\cleanhlp64.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]
R3 DNSCrypt;OpenDNSCrypt;c:\program files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe;c:\program files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R4 DbgSvc;Debug Diagnostic Service;c:\program files\DebugDiag\DbgSvc.exe;c:\program files\DebugDiag\DbgSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswKbd;aswKbd; [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe;c:\windows\SYSNATIVE\lxeacoms.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 PfFilter;PfFilter;c:\program files (x86)\IObit\Protected Folder\pffilter.sys;c:\program files (x86)\IObit\Protected Folder\pffilter.sys [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys;c:\windows\SYSNATIVE\drivers\keyscrambler.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys;c:\windows\SYSNATIVE\DRIVERS\stdriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 19:03    1173456    ----a-w-    c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 03:27]
.
2013-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-09 01:58]
.
2013-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-09 01:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58    133840    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-06-13 13:26    1294344    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-06-13 13:26    1294344    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-06-13 13:26    1294344    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-21 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-21 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-21 440128]
"lxeamon.exe"="c:\program files (x86)\Lexmark S300-S400 Series\lxeamon.exe" [2013-01-23 772712]
"EzPrint"="c:\program files (x86)\Lexmark S300-S400 Series\ezprint.exe" [2013-01-23 150264]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: verizon.net\activate
Trusted Zone: verizon.net\activatemydsl
Trusted Zone: verizon.net\activatemyfios
Trusted Zone: verizon.net\activatemyhsi
Trusted Zone: verizon.net\activatemywifi
Trusted Zone: verizon.net\wbadownload
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F05C40B3-B398-43AB-B672-737E6F5D766A}: NameServer = 127.0.0.1
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
FF - ProfilePath - c:\users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/nwshp?hl=en&tab=wn
FF - ExtSQL: 2013-07-15 17:56; isreaditlater@ideashower.com; c:\users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\isreaditlater@ideashower.com
FF - ExtSQL: 2013-07-29 02:40; FFPDFArchitectConverter@pdfarchitect.com; c:\program files (x86)\PDF Architect\FFPDFArchitectExt
FF - ExtSQL: 2013-08-01 10:23; jid1-F9UJ2thwoAm5gQ@jetpack; c:\users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
FF - ExtSQL: 2013-08-01 10:56; troubleshooter@mozilla.org; c:\users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\troubleshooter@mozilla.org.xpi
FF - ExtSQL: 2013-08-15 21:52; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Alias]
@=""
"0"="ActionsPane Schema for Add-Ins"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
.
**************************************************************************
.
Completion time: 2013-08-21  00:31:31 - machine was rebooted
ComboFix-quarantined-files.txt  2013-08-21 04:31
.
Pre-Run: 773,950,431,232 bytes free
Post-Run: 774,715,531,264 bytes free
.
- - End Of File - - 0799697A99E1C1E640ED48D8B9D926D7


Edited by pandabird, 20 August 2013 - 11:59 PM.


#5 pandabird

pandabird
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:14 AM

Posted 21 August 2013 - 12:12 AM

My Avast AV Webshield initially set off MANY alerts blocking something (see attached AV log).  I then did numberous scans on my computer to try to find any malware....some was found by AVAST runs as noted by entries of named malware in Virus Chest (see attached). Those without names there were placed there by me manually after detections from other scans.

 

Among the scans done were Malwarebytes, Super-Anti-Spyware, rkill, RogueKiller, {[DDS, OTL ]-No action was taken besides just doing a scan}, Emisoft Emergency Kit (EEK), ESET, and TrojanHunter-30d trial.  The TrojanHunter found a number of files that had malware (see attached); these files were all confirmed by uploading to VirusTotal where at least 2+ scanners confirmed all. All of these files were manually placed in my Avast virus chest. ESET found the MyCandy? malware but could not remove it.

 

Since I placed a few initial files in my virus chest I have not yet got any more "ALERTS". I went on with the TrojanHunter and ESET scans anyway.

 

Please evaluate this new info. i hope that it helps to find the problem. I may want to do other checks to see what is going on or what damage may have been caused.

 

Thanks.[attachment=141048:Avast web shield log infections 8-13-2013.png]


Edited by pandabird, 21 August 2013 - 12:39 AM.


#6 pandabird

pandabird
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:14 AM

Posted 21 August 2013 - 12:35 AM

More



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,538 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:14 AM

Posted 21 August 2013 - 09:52 AM

The report for the AdwCleaner scan shows the Scan process.

Did you run the Clean report since?
Post the log please.
===

I would also like to see a fresh log from the RogueKiller tool.
===

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Please let me know what problem persists.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,538 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:14 AM

Posted 27 August 2013 - 09:49 AM

Are you still with me?

#9 pandabird

pandabird
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:14 AM

Posted 27 August 2013 - 03:06 PM

Hi,

Sorry for not getting back to you sooner but I was away late last week and dealing with other priorities.

 

 

 

 

Posted 21 August 2013 - 10:52 AM

The report for the AdwCleaner scan shows the Scan process.

Did you run the Clean report since?
Post the log please.
===

I would also like to see a fresh log from the RogueKiller tool.

 

 

I am a bit confused with the above. Did you want me to re-run the AdwCleaner and then run the "CLEAN routine" as well?  If so, should I "uncheck" any items from being cleaned. I use the "OpenDNS" program so this item and possibly others don't seem like they should be deleted unless I should remove/reinstall them anyway.  Please make a notation (ie. " * ", "#", "??", etc. next to any items that should NOT be cleaned.

1) I have re-run the AdwCleaner (updated version) with a fresh log pasted below.

 

2) I re-ran the updated RogueKiller and then the rkill program to ensure any malware would be removed to enhance the likelihood that  my AV scans would work properly. After running & without rebooting I immediately ran the ESET scan. Logs posted below.

 

I must note that the OpenCandy previously found by ESET was in the "recycle bin" then which was deleted since; thus this infection is no longer an issue.

 

[Note: I did my my C: drive ( 1 TB) and my E: (external drive) separately  but I may not have run the Roguekiller/rkill prior to the C: ESET scan. Logs posted]

................................

I tried doing the ESET online scan for the E: drive but it took 8+ hours and only got about 15% done. I changed my power setting limits from Display 10min to NEVER and Hard Drive 3 hrs to NEVER. I'm not sure if thhis was the problem or not.

 

I will try running my AVAST AV scan too on E: drive or both drives.

Thanks.

=============================================

RogueKiller V8.6.6 [Aug 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : OWNER [Admin rights]
Mode : Scan -- Date : 08/27/2013 04:09:01
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" - /silent $(Arg0) [x][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 45edde40c11b9268fbe48e6b0fd794fe
[BSP] 2dfa851a71cb3d932cd438f3fdc85c0d : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12542 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25767936 | Size: 941286 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_08272013_040901.txt >>

====================================

Rkill 2.6.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/27/2013 04:11:55 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 08/27/2013 04:12:03 AM
Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)
 

====================================

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ef1b42a0651462458b5bf3a9a4200f91
# engine=13833
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-05-15 10:18:00
# local_time=2013-05-15 06:18:00 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=772 16777213 83 94 0 144404952 0 0
# compatibility_mode=5893 16776574 66 85 60286132 120156530 0 0
# scanned=138490
# found=1
# cleaned=0
# scan_time=5288
sh=DAB571D20EE4EA2D8BDD215421A1950F7362EA7E ft=1 fh=d312b3a9e1365a4d vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\OWNER\Desktop\Installation files\duplicate-file-finder-setup.exe"

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ef1b42a0651462458b5bf3a9a4200f91
# engine=13941
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-05-29 09:15:57
# local_time=2013-05-29 05:15:57 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 0 145610829 0 0
# compatibility_mode=5893 16776574 66 85 61492009 121362407 0 0
# scanned=412114
# found=2
# cleaned=2
# scan_time=11327
sh=DAB571D20EE4EA2D8BDD215421A1950F7362EA7E ft=1 fh=d312b3a9e1365a4d vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Restored folder 5-23-2013\duplicate-file-finder-setup.exe"
sh=DAB571D20EE4EA2D8BDD215421A1950F7362EA7E ft=1 fh=d312b3a9e1365a4d vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\OWNER\Desktop\Installation files\duplicate-file-finder-setup.exe"

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ef1b42a0651462458b5bf3a9a4200f91
# engine=14061
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-06-13 11:57:07
# local_time=2013-06-13 07:57:07 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 1161209 146916499 0 0
# compatibility_mode=5893 16776573 100 94 0 122668077 0 0
# scanned=311386
# found=0
# cleaned=0

# scan_time=8549
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ef1b42a0651462458b5bf3a9a4200f91
# engine=14716
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-08-10 08:31:44
# local_time=2013-08-10 04:31:44 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 1645558 151915376 0 0
# compatibility_mode=5893 16776573 100 94 0 127666954 0 0
# scanned=149658
# found=1
# cleaned=0
# scan_time=4063
sh=9434866971DD357600C9F2B1E31B7893C3A070F0 ft=1 fh=4f14aeb246e47811 vn="Win32/OpenCandy application" ac=I fn="C:\Users\OWNER\Desktop\Installation files\PDFCreator-1_7_1_setup.exe"

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ef1b42a0651462458b5bf3a9a4200f91
# engine=14776
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-08-15 06:37:47
# local_time=2013-08-15 02:37:47 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 2070721 152340539 0 0
# compatibility_mode=5893 16776573 100 94 0 128092117 0 0
# scanned=4038
# found=1
# cleaned=0
# scan_time=119
sh=9434866971DD357600C9F2B1E31B7893C3A070F0 ft=1 fh=4f14aeb246e47811 vn="Win32/OpenCandy application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1955353798-2932276707-1562356408-1000\$RL9B8LM.exe"

# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ef1b42a0651462458b5bf3a9a4200f91
# engine=14776
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-08-15 07:11:02
# local_time=2013-08-15 03:11:02 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 2072716 152342534 0 0
# compatibility_mode=5893 16776573 100 94 0 128094112 0 0
# scanned=3767
# found=1
# cleaned=0
# scan_time=184
sh=9434866971DD357600C9F2B1E31B7893C3A070F0 ft=1 fh=4f14aeb246e47811 vn="Win32/OpenCandy application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1955353798-2932276707-1562356408-1000\$RL9B8LM.exe"

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ef1b42a0651462458b5bf3a9a4200f91
# engine=14776
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-08-15 08:18:26
# local_time=2013-08-15 04:18:26 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 0 152346578 0 0
# compatibility_mode=5893 16776573 100 94 0 128098156 0 0
# scanned=37399
# found=1
# cleaned=0
# scan_time=1105
sh=9434866971DD357600C9F2B1E31B7893C3A070F0 ft=1 fh=4f14aeb246e47811 vn="Win32/OpenCandy application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1955353798-2932276707-1562356408-1000\$RL9B8LM.exe"

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ef1b42a0651462458b5bf3a9a4200f91
# engine=14911
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-08-27 05:10:20
# local_time=2013-08-27 01:10:20 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 107997 153372092 0 0
# compatibility_mode=5893 16776573 100 94 0 129123670 0 0
# scanned=46233
# found=0
# cleaned=0

# scan_time=1344
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ef1b42a0651462458b5bf3a9a4200f91
# engine=14911
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-08-27 05:29:28
# local_time=2013-08-27 01:29:28 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 109145 153373240 0 0
# compatibility_mode=5893 16776573 100 94 0 129124818 0 0
# scanned=46244
# found=0
# cleaned=0

# scan_time=1061
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ef1b42a0651462458b5bf3a9a4200f91
# engine=14911
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-08-27 07:39:01
# local_time=2013-08-27 03:39:01 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 116918 153381013 0 0
# compatibility_mode=5893 16776573 100 94 0 129132591 0 0
# scanned=275749
# found=0
# cleaned=0

# scan_time=7545
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ef1b42a0651462458b5bf3a9a4200f91
# engine=14911
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-08-27 08:04:52
# local_time=2013-08-27 04:04:52 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 118469 153382564 0 0
# compatibility_mode=5893 16776573 100 94 0 129134142 0 0
# scanned=61
# found=0
# cleaned=0

# scan_time=1237
ESETSmartInstaller@High as downloader log:
all ok

 

 

 

=================

Combofix items in Quarantine  [What are these? Any of concern?]

2013-08-21 04:29:56 . 2013-08-21 04:29:56              377 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47}.reg.dat
2013-08-21 04:29:53 . 2013-08-21 04:29:53              558 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-CleanHlp.sys.reg.dat
2013-08-21 04:29:53 . 2013-08-21 04:29:53              542 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-CleanHlp.reg.dat
2013-08-21 04:19:18 . 2013-08-21 04:19:18            7,024 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-08-21 04:13:56 . 2013-08-21 04:13:56               51 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2013-08-15 20:01:22 . 2013-08-09 16:16:13           49,912 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6280\AddOnDownloaded\9a29e1fb-664e-4651-a32c-e1ab34198ded.dll.vir
2013-08-15 20:01:22 . 2013-08-09 16:03:43           49,912 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6280\AddOnDownloaded\357a8a4f-74a2-42f1-aed0-bea5984fd709.dll.vir
2013-08-15 20:01:22 . 2013-08-09 15:29:27           49,912 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6280\AddOnDownloaded\ad3867bf-de78-4ebd-93f2-0811b275b627.dll.vir
2013-08-15 20:01:22 . 2013-08-08 22:23:18           49,912 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6280\AddOnDownloaded\393c4795-5a95-448d-89c3-2d1321ae7575.dll.vir
2013-08-09 00:23:25 . 2013-08-05 15:41:28           49,912 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6280\AddOnDownloaded\97b26c73-ba78-4c33-81e8-2f3210990c0e.dll.vir
=================================

 

 

# AdwCleaner v3.001 - Report created 27/08/2013 at 13:16:36
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : OWNER - OWNER-PC
# Running from : C:\Users\OWNER\Desktop\Bleeping-August\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\jetpack

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [OpenDNS Updater]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\prefs.js ]

Line Found : user_pref("extensions.greasemonkey.scriptvals.hxxp://userscripts.org/users/86416/Social Fixer.1003347172/friendslist", "for (;;);{\"__ar\":1,\"payload\":{\"entries\":[{\"uid\":1025526573,\"photo\":\"h[...]
Line Found : user_pref("extensions.greasemonkey.scriptvals.hxxp://userscripts.org/users/86416/Social Fixer.1003347172/prefs", "{\"update_show_after\":1353659821366,\"friend_tracker\":{\"friends\":{\"1320067768\":{[...]
Line Found : user_pref("extensions.greasemonkey.scriptvals.hxxp://userscripts.org/users/86416/Social Fixer.1003347172/typeahead_new", "for (;;);{\"__ar\":1,\"payload\":{\"entries\":[{\"uid\":1025526573,\"photo\":\[...]
Line Found : user_pref("extensions.linkextend.addit.remoteInstallItems", "{ \"software\": {\"7\": {\"id\": \"7\",\"title\": \"Billeo\",\"type\": \"XPI\",\"url\": \"hxxps://addons.mozilla.org/firefox/downloads/file[...]
Line Found : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Found : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Found : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
Line Found : user_pref("socialfixer.1003347172/friendslist", "for (;;);{\"__ar\":1,\"payload\":{\"entries\":[{\"uid\":657551512,\"photo\":\"hxxps:\\/\\/fbcdn-profile-a.akamaihd.net\\/hprofile-ak-prn2\\/276216_6575[...]
Line Found : user_pref("socialfixer.1003347172/prefs", "{\"installed_on_5\":1343794404399,\"sfx_donate_check_time2\":1346993222765,\"last_message_check\":1377574483108,\"tip_show_after\":1362513316555,\"update_sho[...]

[ File : C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\lxg22szv.default\prefs.js ]


[ File : C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\ojzlqqs7.profile052308unknown\prefs.js ]


[ File : C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\twnqgpjp.rkap11272012\prefs.js ]


-\\ Google Chrome v28.0.1500.95

[ File : C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\USER 1\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4163 octets] - [20/08/2013 21:18:26]
AdwCleaner[R1].txt - [4239 octets] - [27/08/2013 12:43:36]
AdwCleaner[R2].txt - [4299 octets] - [27/08/2013 12:49:24]
AdwCleaner[R3].txt - [4207 octets] - [27/08/2013 13:16:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [4267 octets] ##########
 

 

Also, it seems like I cannot run my computer in SAFE-MODE WITH NETWORKING as I get no internet connection then.  Even if I select that I get SAFE mode instead.

 

How can post a screenshot for you here?
 


Edited by pandabird, 27 August 2013 - 09:57 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,538 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:14 AM

Posted 28 August 2013 - 09:17 AM

Combofix items in Quarantine [What are these? Any of concern?]

No they were quarantined. The folder will be removed when I ask you to uninstall ComboFix.

===
 

Please make a notation (ie. " * ", "#", "??", etc. next to any items that should NOT be cleaned.

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
All related to

Skype Toolbar

===
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Related to Skype add-on for Internet Explorer

Decide if you want to keep it.

Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [OpenDNS Updater]
You know about this one.
===
 

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\prefs.js ]

Let AdwCleaner fix this.
===
 

Also, it seems like I cannot run my computer in SAFE-MODE WITH NETWORKING as I get no internet connection then.

Were you able to used that function before?
===

Could this be the issue?
http://support.microsoft.com/kb/305616
===

a TEMPORARY FIX is available here.
http://www.teach-ict.com/as_as_computing/ocr/H447/F453/3_3_1/modern_pc/miniweb_pc/pg4.htm

Select the BOOT.INI tab.
This will open your boot.ini file
Check /Safeboot and the NETWORK button.

Restart the computer normally.

You should boot to Safe mode and the Internet connectivity should be availabe.

To boot normally you will have to reverse what you did.
That is uncheck the /safemode and networking button.

p.s.
To attach a picture you must use the Reply to this topic button in red on top of the topic.

#11 pandabird

pandabird
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:14 AM

Posted 29 August 2013 - 09:48 PM

I realized that I did not have my E: External drive connected when I ran CoboFix so I ran it again. I am posting that  Log below.

 

RogueKiller and rkill were run as well .

 

 

I re-ran the AdwCleaner unchecking the Skype/OpenDNS entries per your previous reply explaining them. I cleaned the below entry per your instructions. Other entries may have been deleted from other sections dealing with various Firefox addons such as Social Fixer (great add-on to have to make FB easier to use!). This AdwCleaner CLEAN log is posted below.
 

Quote

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\prefs.js ]

Let AdwCleaner fix this.

 

 

This CLEAN routine must have helped my computer as I was then able to run my computer in SAFE-MODE with NETWORKING with no probllems after a re-boot.

Quote

Also, it seems like I cannot run my computer in SAFE-MODE WITH NETWORKING as I get no internet connection then.

Were you able to used that function before?
===

Could this be the issue?
http://support.microsoft.com/kb/305616
===

I was able to use the function before and can now use it again. The microsoft link was not the issue; I am not using wireless.

 

I then ran the ESET online scanner on both the C:(main drive) and E:(external) drives while in SAFE-MODE FOR NETWORKING. It took 8+ hours. Only one infectioon was found on E: and placed in Quarantine. Log is pasted below..
==========================

RogueKiller V8.6.6 [Aug 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : OWNER [Admin rights]
Mode : Scan -- Date : 08/28/2013 00:47:37
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" - /silent $(Arg0) [x][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1001FAES-75W7A0 +++++
--- User ---
[MBR] 45edde40c11b9268fbe48e6b0fd794fe
[BSP] 2dfa851a71cb3d932cd438f3fdc85c0d : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12542 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25767936 | Size: 941286 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1001FAES-75W7A0 +++++
--- User ---
[MBR] 239b5737c9ccec8839686058d9a1eff8
[BSP] fcdf32c80a56a79906373c34b09dd153 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953836 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_08282013_004737.txt >>

===================================

Rkill 2.6.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/28/2013 12:55:24 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 08/28/2013 12:55:32 AM
Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)
 

============================================

 

# AdwCleaner v3.001 - Report created 29/08/2013 at 01:29:32
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : OWNER - OWNER-PC
# Running from : C:\Users\OWNER\Desktop\Bleeping-August\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\jetpack

***** [ Shortcuts ] *****


***** [ Registry ] *****

[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [OpenDNS Updater]
[x] Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
[x] Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
[x] Not Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
[x] Not Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
[x] Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\prefs.js ]

Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://userscripts.org/users/86416/Social Fixer.1003347172/friendslist", "for (;;);{\"__ar\":1,\"payload\":{\"entries\":[{\"uid\":1025526573,\"photo\":\"h[...]
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://userscripts.org/users/86416/Social Fixer.1003347172/prefs", "{\"update_show_after\":1353659821366,\"friend_tracker\":{\"friends\":{\"1320067768\":{[...]
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://userscripts.org/users/86416/Social Fixer.1003347172/typeahead_new", "for (;;);{\"__ar\":1,\"payload\":{\"entries\":[{\"uid\":1025526573,\"photo\":\[...]
Line Deleted : user_pref("extensions.linkextend.addit.remoteInstallItems", "{ \"software\": {\"7\": {\"id\": \"7\",\"title\": \"Billeo\",\"type\": \"XPI\",\"url\": \"hxxps://addons.mozilla.org/firefox/downloads/file[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
Line Deleted : user_pref("socialfixer.1003347172/friendslist", "for (;;);{\"__ar\":1,\"payload\":{\"entries\":[{\"uid\":657551512,\"photo\":\"hxxps:\\/\\/fbcdn-profile-a.akamaihd.net\\/hprofile-ak-prn2\\/276216_6575[...]
Line Deleted : user_pref("socialfixer.1003347172/prefs", "{\"installed_on_5\":1343794404399,\"sfx_donate_check_time2\":1346993222765,\"last_message_check\":1377653067225,\"tip_show_after\":1362513316555,\"update_sho[...]

[ File : C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\lxg22szv.default\prefs.js ]


[ File : C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\ojzlqqs7.profile052308unknown\prefs.js ]


[ File : C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\twnqgpjp.rkap11272012\prefs.js ]


-\\ Google Chrome v28.0.1500.95

[ File : C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\USER 1\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4163 octets] - [20/08/2013 21:18:26]
AdwCleaner[R1].txt - [4239 octets] - [27/08/2013 12:43:36]
AdwCleaner[R2].txt - [4299 octets] - [27/08/2013 12:49:24]
AdwCleaner[R3].txt - [4359 octets] - [27/08/2013 13:16:36]
AdwCleaner[R4].txt - [4419 octets] - [29/08/2013 01:14:46]
AdwCleaner[S0].txt - [4402 octets] - [29/08/2013 01:29:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4462 octets] ##########

 

=================================

ComboFix 13-08-20.01 - OWNER 08/28/2013   1:28.5.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5992.3691 [GMT -4:00]
Running from: c:\users\OWNER\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6280\AddOnDownloaded\3265cc37-1ae8-4a1d-b93a-d8a0d09ba823.dll
c:\programdata\PCDr\6280\AddOnDownloaded\357a8a4f-74a2-42f1-aed0-bea5984fd709.dll
c:\programdata\PCDr\6280\AddOnDownloaded\393c4795-5a95-448d-89c3-2d1321ae7575.dll
c:\programdata\PCDr\6280\AddOnDownloaded\5737a9df-39af-4df3-b97d-07f556d679c5.dll
c:\programdata\PCDr\6280\AddOnDownloaded\8aa95cb2-816d-4a9a-a370-962b815a3013.dll
c:\programdata\PCDr\6280\AddOnDownloaded\97b26c73-ba78-4c33-81e8-2f3210990c0e.dll
c:\programdata\PCDr\6280\AddOnDownloaded\9a29e1fb-664e-4651-a32c-e1ab34198ded.dll
c:\programdata\PCDr\6280\AddOnDownloaded\ad3867bf-de78-4ebd-93f2-0811b275b627.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-28 to 2013-08-28  )))))))))))))))))))))))))))))))
.
.
2013-08-28 05:34 . 2013-08-28 05:34    --------    d-----w-    c:\users\USER 1\AppData\Local\temp
2013-08-28 05:34 . 2013-08-28 05:34    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-08-28 05:34 . 2013-08-28 05:34    --------    d-----w-    c:\users\LocalService\AppData\Local\temp
2013-08-28 05:34 . 2013-08-28 05:34    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-08-28 05:34 . 2013-08-28 05:34    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2013-08-28 00:31 . 2013-08-06 08:58    9515512    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{512E8AE3-0700-43A2-9B24-623133FD453C}\mpengine.dll
2013-08-21 01:18 . 2013-08-27 17:17    --------    d-----w-    C:\AdwCleaner
2013-08-17 07:41 . 2013-08-17 07:41    --------    d-----w-    c:\users\OWNER\AppData\Roaming\QuickScan
2013-08-16 04:35 . 2013-08-16 04:35    --------    d-----w-    c:\program files (x86)\FileZilla FTP Client
2013-08-15 08:20 . 2013-08-15 08:20    --------    d-----w-    C:\Quarantine
2013-08-15 07:08 . 2013-08-15 07:12    --------    d-----w-    c:\windows\system32\MRT
2013-08-15 05:14 . 2013-08-15 05:14    --------    d-----w-    c:\users\OWNER\AppData\Roaming\TrojanHunter
2013-08-15 02:43 . 2013-08-15 02:43    --------    d-----w-    c:\programdata\TrojanHunter
2013-08-15 02:43 . 2013-08-27 20:50    --------    d-----w-    c:\program files (x86)\TrojanHunter 5.5
2013-08-14 16:23 . 2013-07-09 06:03    5550528    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-08-14 16:23 . 2013-07-09 05:54    1732032    ----a-w-    c:\windows\system32\ntdll.dll
2013-08-14 16:23 . 2013-07-09 05:53    243712    ----a-w-    c:\windows\system32\wow64.dll
2013-08-14 16:23 . 2013-07-09 04:53    1292192    ----a-w-    c:\windows\SysWow64\ntdll.dll
2013-08-14 16:23 . 2013-07-09 04:52    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-08-14 16:23 . 2013-07-09 02:49    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-08-14 16:23 . 2013-07-09 02:49    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-08-14 16:23 . 2013-07-09 02:49    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-08-14 16:23 . 2013-07-09 02:49    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-08-14 16:23 . 2013-07-06 06:03    1910208    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-08-14 16:23 . 2013-06-15 04:32    39936    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 08:15 . 2013-08-14 08:15    --------    d-----w-    c:\programdata\Sophos
2013-08-14 08:14 . 2013-08-14 08:14    73728    ----a-r-    c:\users\OWNER\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-08-14 08:14 . 2013-08-14 08:14    73728    ----a-r-    c:\users\OWNER\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-08-14 08:14 . 2013-08-14 08:14    73728    ----a-r-    c:\users\OWNER\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-08-14 08:14 . 2013-08-14 08:14    --------    d-----w-    c:\program files (x86)\Sophos
2013-08-14 06:08 . 2013-08-14 06:08    --------    d-----w-    C:\EEK
2013-08-14 02:10 . 2013-08-14 02:10    --------    d-----w-    c:\programdata\IObit
2013-08-14 02:10 . 2013-08-14 02:10    --------    d-----w-    c:\program files (x86)\IObit
2013-08-13 22:07 . 2013-08-13 22:07    --------    d-----w-    c:\users\OWNER\AppData\Roaming\Simply Super Software
2013-08-13 22:07 . 2013-08-13 22:27    --------    d-----w-    c:\program files (x86)\Trojan Remover
2013-08-07 01:02 . 2013-08-07 14:45    --------    d-----w-    c:\program files (x86)\Mozilla Thunderbird
2013-07-30 23:31 . 2013-07-30 23:31    --------    d-----w-    c:\users\OWNER\AppData\Roaming\FamilyTreeMaker
2013-07-30 22:43 . 2013-07-30 22:43    --------    d-----w-    c:\users\OWNER\AppData\Local\Ancestry.com
2013-07-30 22:42 . 2013-07-31 16:20    --------    d-----w-    c:\program files (x86)\Family Tree Maker 2012
2013-07-30 22:41 . 2013-07-30 22:46    --------    d--h--w-    c:\windows\msdownld.tmp
2013-07-30 22:41 . 2013-07-30 22:41    --------    d-----w-    c:\program files (x86)\Windows Media Components
2013-07-30 22:37 . 2013-08-10 03:50    --------    d--h--w-    c:\programdata\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}
2013-07-29 06:55 . 2013-07-29 06:55    --------    d-----w-    c:\program files (x86)\PDF Architect
2013-07-29 06:53 . 2013-07-29 07:02    --------    d-----w-    c:\program files (x86)\Common Files\PDF Architect
2013-07-29 06:53 . 2013-07-29 06:53    --------    d-----w-    c:\users\OWNER\AppData\Roaming\PDF Software
2013-07-29 06:42 . 2013-07-29 06:42    --------    d-----w-    c:\users\OWNER\AppData\Roaming\PDF Architect
2013-07-29 06:40 . 2012-05-05 15:54    137000    ----a-w-    c:\windows\SysWow64\MSMAPI32.OCX
2013-07-29 06:40 . 2013-08-13 05:56    --------    d-----w-    c:\program files (x86)\PDFCreator
2013-07-29 06:40 . 2012-05-05 15:54    23552    ----a-w-    c:\windows\SysWow64\MSMPIDE.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-15 07:08 . 2011-06-06 03:42    78161360    ----a-w-    c:\windows\system32\MRT.exe
2013-07-28 03:27 . 2012-03-31 02:34    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-28 03:27 . 2011-06-06 08:39    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-09 04:45 . 2013-07-09 04:45    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-07-09 04:45 . 2013-07-09 04:45    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-07-09 04:45 . 2013-07-09 04:45    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-07-09 04:45 . 2013-07-09 04:45    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-07-09 04:45 . 2013-07-09 04:45    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-07-09 04:45 . 2013-07-09 04:45    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-07-09 04:45 . 2013-07-09 04:45    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-07-09 04:45 . 2013-07-09 04:45    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-07-09 04:45 . 2013-07-09 04:45    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-07-09 04:45 . 2013-07-09 04:45    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-07-09 04:45 . 2013-07-09 04:45    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-07-09 04:45 . 2013-07-09 04:45    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-07-09 04:45 . 2013-07-09 04:45    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-07-09 04:45 . 2013-07-09 04:45    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-07-09 04:45 . 2013-07-09 04:45    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-07-09 04:45 . 2013-07-09 04:45    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-07-09 04:45 . 2013-07-09 04:45    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-07-09 04:45 . 2013-07-09 04:45    441856    ----a-w-    c:\windows\system32\html.iec
2013-07-09 04:45 . 2013-07-09 04:45    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-07-09 04:45 . 2013-07-09 04:45    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-07-09 04:45 . 2013-07-09 04:45    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-07-09 04:45 . 2013-07-09 04:45    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-07-09 04:45 . 2013-07-09 04:45    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-07-09 04:45 . 2013-07-09 04:45    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-07-09 04:45 . 2013-07-09 04:45    235008    ----a-w-    c:\windows\system32\url.dll
2013-07-09 04:45 . 2013-07-09 04:45    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-07-09 04:45 . 2013-07-09 04:45    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-07-09 04:45 . 2013-07-09 04:45    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-07-09 04:45 . 2013-07-09 04:45    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-07-09 04:45 . 2013-07-09 04:45    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-07-09 04:45 . 2013-07-09 04:45    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-07-09 04:45 . 2013-07-09 04:45    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-07-09 04:45 . 2013-07-09 04:45    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-07-09 04:45 . 2013-07-09 04:45    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-07-09 04:45 . 2013-07-09 04:45    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-07-09 04:45 . 2013-07-09 04:45    149504    ----a-w-    c:\windows\system32\occache.dll
2013-07-09 04:45 . 2013-07-09 04:45    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-07-09 04:45 . 2013-07-09 04:45    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-07-09 04:45 . 2013-07-09 04:45    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-07-09 04:45 . 2013-07-09 04:45    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-07-09 04:45 . 2013-07-09 04:45    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-07-09 04:45 . 2013-07-09 04:45    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-07-09 04:45 . 2013-07-09 04:45    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-07-09 04:45 . 2013-07-09 04:45    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-07-09 04:45 . 2013-07-09 04:45    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-07-09 04:45 . 2013-07-09 04:45    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-07-09 04:45 . 2013-07-09 04:45    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-07-09 04:45 . 2013-07-09 04:45    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-07-09 04:45 . 2013-07-09 04:45    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-07-09 04:45 . 2013-08-14 16:23    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-07-08 16:48 . 2013-07-08 15:43    181064    ----a-w-    c:\windows\PSEXESVC.EXE
2013-07-07 02:59 . 2013-05-02 13:25    378944    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-07-07 02:59 . 2013-05-02 13:25    189936    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-07-07 02:59 . 2013-05-02 13:25    1030952    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-06-07 15:36 . 2013-06-07 15:36    260    ----a-w-    c:\windows\SysWow64\cmdVBS.vbs
2013-06-07 15:36 . 2013-06-07 15:36    256    ----a-w-    c:\windows\SysWow64\MSIevent.bat
2013-06-05 03:34 . 2013-07-10 16:24    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-06-04 13:15 . 2013-06-04 13:15    103448    ----a-w-    c:\windows\system32\drivers\ssudbus.sys
2013-06-04 13:15 . 2013-06-04 13:15    203672    ----a-w-    c:\windows\system32\drivers\ssudmdm.sys
2013-06-04 06:00 . 2013-07-10 16:24    624128    ----a-w-    c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 16:24    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
2011-01-18 08:53 . 2011-01-18 08:53    2994688    ----a-w-    c:\program files (x86)\openofficeorg33.msi
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-06-13 13:37    1020936    ----a-r-    c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-06-13 13:37    1020936    ----a-r-    c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-06-13 13:37    1020936    ----a-r-    c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"OpenDNS Updater"="c:\program files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2013-06-13 1066504]
.
c:\users\USER 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
OpenDNSCrypt.lnk - c:\windows\Installer\{DEF3592F-0751-4632-9875-8BF9AD602898}\_60ADE4ADDDB9C7178BB901.exe [2013-6-7 4710]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0Secunia PSI Tray\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
"UpdReg"=c:\windows\UpdReg.EXE
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxeaserv.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp64.sys;c:\eek\Run\cleanhlp64.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]
R3 DNSCrypt;OpenDNSCrypt;c:\program files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe;c:\program files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R4 DbgSvc;Debug Diagnostic Service;c:\program files\DebugDiag\DbgSvc.exe;c:\program files\DebugDiag\DbgSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswKbd;aswKbd; [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe;c:\windows\SYSNATIVE\lxeacoms.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 PfFilter;PfFilter;c:\program files (x86)\IObit\Protected Folder\pffilter.sys;c:\program files (x86)\IObit\Protected Folder\pffilter.sys [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys;c:\windows\SYSNATIVE\drivers\keyscrambler.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys;c:\windows\SYSNATIVE\DRIVERS\stdriver64.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 19:03    1173456    ----a-w-    c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 03:27]
.
2013-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-09 01:58]
.
2013-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-09 01:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58    133840    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-06-13 13:26    1294344    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-06-13 13:26    1294344    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-06-13 13:26    1294344    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-21 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-21 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-21 440128]
"lxeamon.exe"="c:\program files (x86)\Lexmark S300-S400 Series\lxeamon.exe" [2013-01-23 772712]
"EzPrint"="c:\program files (x86)\Lexmark S300-S400 Series\ezprint.exe" [2013-01-23 150264]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: verizon.net\activate
Trusted Zone: verizon.net\activatemydsl
Trusted Zone: verizon.net\activatemyfios
Trusted Zone: verizon.net\activatemyhsi
Trusted Zone: verizon.net\activatemywifi
Trusted Zone: verizon.net\wbadownload
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F05C40B3-B398-43AB-B672-737E6F5D766A}: NameServer = 208.67.220.220,208.67.222.222
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
FF - ProfilePath - c:\users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/nwshp?hl=en&tab=wn
FF - ExtSQL: 2013-07-15 17:56; isreaditlater@ideashower.com; c:\users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\isreaditlater@ideashower.com
FF - ExtSQL: 2013-07-29 02:40; FFPDFArchitectConverter@pdfarchitect.com; c:\program files (x86)\PDF Architect\FFPDFArchitectExt
FF - ExtSQL: 2013-08-01 10:23; jid1-F9UJ2thwoAm5gQ@jetpack; c:\users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
FF - ExtSQL: 2013-08-01 10:56; troubleshooter@mozilla.org; c:\users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\troubleshooter@mozilla.org.xpi
FF - ExtSQL: 2013-08-15 21:52; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Alias]
@=""
"0"="ActionsPane Schema for Add-Ins"
.
Completion time: 2013-08-28  01:38:43
ComboFix-quarantined-files.txt  2013-08-28 05:38
ComboFix2.txt  2013-08-21 04:31
.
Pre-Run: 771,918,073,856 bytes free
Post-Run: 771,651,612,672 bytes free
.
- - End Of File - - 225A9B2EC82F30387634BE53CA929A92
 

=================================

ComboFix Quarantined entries

 

2013-08-27 05:03:32 . 2013-08-23 22:16:08           49,912 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6280\AddOnDownloaded\3265cc37-1ae8-4a1d-b93a-d8a0d09ba823.dll.vir
2013-08-27 05:03:31 . 2013-08-13 16:12:26           49,912 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6280\AddOnDownloaded\8aa95cb2-816d-4a9a-a370-962b815a3013.dll.vir
2013-08-27 05:03:30 . 2013-08-12 15:22:14           49,912 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6280\AddOnDownloaded\5737a9df-39af-4df3-b97d-07f556d679c5.dll.vir
2013-08-27 05:03:30 . 2013-08-09 16:16:13           49,912 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6280\AddOnDownloaded\9a29e1fb-664e-4651-a32c-e1ab34198ded.dll.vir
2013-08-27 05:03:28 . 2013-08-09 16:03:43           49,912 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6280\AddOnDownloaded\357a8a4f-74a2-42f1-aed0-bea5984fd709.dll.vir
2013-08-27 05:03:28 . 2013-08-09 15:29:27           49,912 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6280\AddOnDownloaded\ad3867bf-de78-4ebd-93f2-0811b275b627.dll.vir
2013-08-27 05:03:27 . 2013-08-08 22:23:18           49,912 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6280\AddOnDownloaded\393c4795-5a95-448d-89c3-2d1321ae7575.dll.vir
2013-08-27 05:03:26 . 2013-08-05 15:41:28           49,912 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\PCDr\6280\AddOnDownloaded\97b26c73-ba78-4c33-81e8-2f3210990c0e.dll.vir
2013-08-21 04:31:32 . 2013-08-21 04:31:32                0 ----a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2013-08-21 04:29:56 . 2013-08-21 04:29:56              377 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47}.reg.dat
2013-08-21 04:29:53 . 2013-08-21 04:29:53              558 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-CleanHlp.sys.reg.dat
2013-08-21 04:29:53 . 2013-08-21 04:29:53              542 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-CleanHlp.reg.dat
2013-08-21 04:19:18 . 2013-08-28 05:32:38            7,044 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-08-21 04:13:56 . 2013-08-28 05:27:08              102 ----a-w-  C:\Qoobox\Quarantine\catchme.log

=================================

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ef1b42a0651462458b5bf3a9a4200f91
# engine=14938
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-08-29 03:18:40
# local_time=2013-08-29 11:18:40 (-0500, Eastern Daylight Time)

# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777214 85 91 317297 153581392 0 0
# compatibility_mode=5893 16776573 100 94 0 129332970 0 0
# scanned=284070
# found=1
# cleaned=1
# scan_time=30697
sh=D4E9C30E1FA128D051280FC519FDB3390D5CB92C ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask application (deleted - quarantined)" ac=C fn="E:\OWNER-PC\Backup Set 2013-05-23 003219\Backup Files 2013-05-23 123430\Backup files 4.zip"


Edited by pandabird, 29 August 2013 - 09:49 PM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,538 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:14 AM

Posted 30 August 2013 - 08:15 AM

When all is well you can reinstall Social Fixer.
http://socialfixer.com/

It may then give you a chance to find out if it's causing you any grief.
===

The ComboFix quatantine folder will be deleted when we the cleanup.

===

What problem persists on this computer?

#13 pandabird

pandabird
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:14 AM

Posted 30 August 2013 - 09:37 PM

So far, everything seems fine with my computer now. SAFE-MODE with networking was fixed. We did a compehensive job in re-checking my computer for malware put on it.

 

I never had problems with Social Fixer add-on. I think that it is  a good application to make using Facebook easier.  Are you aware of problems with this Social Fixer application?

 

My only problem now is I need to re-configure my Windows Firewall which no longer gives a "PASS" report on the Gibson grc.com website as it allows a "ping" to be detected. I do not know if the Tweaking Windows Repair programs, that were run in my previous malware assist here this past June, affected that.  I have posted for help on another forum regarding this but I am still awaiting a solution. If you have any advice please let me know.

 

Thanks for your assistance.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,538 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:14 AM

Posted 31 August 2013 - 08:39 AM

I never had problems with Social Fixer add-on. I think that it is a good application to make using Facebook easier. Are you aware of problems with this Social Fixer application?

No!
I will inform the owner of the AdwCleaner tool of this. Thank you.
===

When all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful addons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#15 pandabird

pandabird
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:14 AM

Posted 11 September 2013 - 10:38 PM

All is fine. Lets close this thread. Thank you for your assistance.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users