Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer infected with unknown malware


  • This topic is locked This topic is locked
32 replies to this topic

#1 Retvan

Retvan

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 21 October 2013 - 04:50 AM

I'm working with another computer that I believe is infected with malware of some sort, though what malware specifically I cannot identify. My reasons for this belief are that the computer cannot shut down properly (it will take about 5 minutes to get out of the logging out screen, and will remain on the shutting down screen indefinitely unless force booted), cannot access existing antivirus programs that it claims are running, states that conflicting firewalls that have not been installed are both turned off while the installed firewall is working, and dds.com fails to complete its analysis outside of safe mode (<40 minutes stalling out at 2/3rds mark). In safe mode the computer works fine, and so the dds log here is from safe mode. DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.25.2 Run by S at 6:14:22 on 2013-10-20 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4025.3152 [GMT -7:00] . AV: EarthLink Protection Control Center *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: EarthLink Protection Control Center *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxps://www.google.com/ uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5738&r=273612093906l0328z1i5t4711w114 uProxyOverride = *.dimdimsecure.com;*.local uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll uURLSearchHooks: : {00A6FAF6-072E-44cf-8957-5838F569A31D} - mURLSearchHooks: Mapit 1 Toolbar: {d5f7c10d-2f86-4e99-90da-25f8b0400992} - mWinlogon: Userinit = userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe uRun: [Google Update] "C:\Users\S\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe mRun: [RMAlert] "C:\Program Files (x86)\Registry Mechanic\Alert.exe" /PRODUCT=RM /R mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED mRun: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" mRun: [BounceBack Setup] "C:\Program Files (x86)\CMS Peripherals\BounceBack Express\AppLaunch.exe" /Launchit mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" StartupFolder: C:\Users\S\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\S\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BOUNCE~1.LNK - C:\Program Files (x86)\CMS Peripherals\BounceBack Express\BBLauncher.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Dimdim.lnk - C:\Program Files (x86)\Dimdim\Plugin\Application\Dimdim.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: &Search - IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{9BE9164A-2FA7-45A1-AD41-5DEE849DE6F0} : NameServer = 86.51.35.24 86.51.34.24 TCP: Interfaces\{D9B80372-5867-4349-875E-38EA57F2D0CA} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{E7404235-8FED-44D2-941B-FF3093F30F26} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{E7404235-8FED-44D2-941B-FF3093F30F26}\1414347457563747 : DHCPNameServer = 68.94.156.1 68.94.157.1 TCP: Interfaces\{E7404235-8FED-44D2-941B-FF3093F30F26}\14D696E616D235169646 : DHCPNameServer = 192.168.2.1 192.168.2.1 TCP: Interfaces\{E7404235-8FED-44D2-941B-FF3093F30F26}\2456C6B696E6F5E4B2F5446333144334 : DHCPNameServer = 192.168.2.1 192.168.2.1 TCP: Interfaces\{E7404235-8FED-44D2-941B-FF3093F30F26}\25F6467656277237D27657563747 : DHCPNameServer = 10.82.228.80 TCP: Interfaces\{E7404235-8FED-44D2-941B-FF3093F30F26}\84F4D454D293335423 : DHCPNameServer = 75.75.75.75 75.75.76.76 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - x64-mSearchAssistant = hxxp://www.google.com/ie x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - . ============= SERVICES / DRIVERS =============== . R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2013-7-22 49752] S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576] S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016] S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-9-25 844320] S2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496] S2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-1-12 517632] S2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-8-7 311592] S2 MyWebSearchService;My Web Search Service;C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwssvc.exe [2010-7-30 28762] S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-8-20 62720] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640] S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-9-16 583640] S2 Protection Control Center Task Manager;Protection Control Center Task Manager;C:\PROGRA~2\EARTHL~1\PROTEC~1\MxTask.exe -Service --> C:\PROGRA~2\EARTHL~1\PROTEC~1\MxTask.exe -Service [?] S2 SBAMSvc;Protection Control Center;C:\Program Files (x86)\Common Files\Antivirus\SBAMSvc.exe [2010-10-11 2763080] S2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2010-6-14 64600] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-21 240160] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560] S3 dfmirage;dfmirage;C:\Windows\System32\drivers\dfmirage.sys [2009-3-28 36432] S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2011-11-3 243200] S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\System32\drivers\ewusbdev.sys [2011-11-3 114304] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-9-25 138752] S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-20 317480] S3 KFilter;KFilter;C:\PROGRA~2\EARTHL~1\PROTEC~1\KFilter.sys [2013-7-22 48352] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-9-25 5435904] S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432] S3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2010-1-18 4608] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-8-21 216064] S3 TFilter;TFilter;C:\PROGRA~2\EARTHL~1\PROTEC~1\TFilter.sys [2013-7-22 40112] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-2 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-29 1255736] . =============== File Associations =============== . FileExt: .txt: txt_auto_file="C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde [default=edit - 'Open' doesn't exist] . =============== Created Last 30 ================ . 2013-10-17 15:42:06 -------- d-sh--w- C:\found.001 2013-10-17 04:37:13 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-10-17 02:34:49 -------- d-sh--w- C:\found.000 2013-10-16 21:08:25 -------- d-----w- C:\Users\S\AppData\Roaming\Malwarebytes 2013-10-16 21:08:18 -------- d-----w- C:\ProgramData\Malwarebytes 2013-10-16 21:08:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-14 21:11:19 -------- d-----w- C:\Users\S\AppData\Local\QuickenWindow 2013-10-11 10:17:53 -------- d-----w- C:\81da3572ca147f76028d 2013-10-10 17:49:34 -------- d-----w- C:\Program Files\McAfee Security Scan 2013-10-08 05:21:34 -------- d-----w- C:\Users\S\AppData\Local\Intuit 2013-10-08 05:19:02 -------- d-----w- C:\Users\S\AppData\Local\IsolatedStorage 2013-10-08 04:19:17 4200744 ----a-w- C:\Windows\SysWow64\cdintf400.dll 2013-09-28 07:35:43 -------- d-----w- C:\Program Files (x86)\AnyMeeting Plug-in . ==================== Find3M ==================== . 2013-10-09 02:18:35 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-09 02:18:35 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll 2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys 2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll 2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll 2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll 2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll 2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll 2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll 2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll 2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll 2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll 2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys 2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll 2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys 2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe 2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe 2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2013-08-01 12:09:36 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL . ============= FINISH: 6:16:57.04 ===============

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:14 AM

Posted 23 October 2013 - 09:20 PM

Please attach the logs or make sure word wrap is off in Notepad as all the lines are run together making the log impossible to read.

Please run the following:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Retvan

Retvan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 25 October 2013 - 05:46 AM

Attached File  Addition.txt   28.12KB   1 downloads

Managed to get this to run in normal mode, so that's good.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-10-2013
Ran by S (administrator) on S-ACER on 25-10-2013 01:41:48
Running from C:\Users\S\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(MyWebSearch.com) C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwssvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Avanquest Software) C:\PROGRA~2\EARTHL~1\PROTEC~1\MxTask.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Avanquest Software) C:\PROGRA~2\EARTHL~1\PROTEC~1\mxtask2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intuit Inc.) C:\Program Files (x86)\Quicken\bagent.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Sunbelt Software) C:\Program Files (x86)\Common Files\Antivirus\SBAMSvc.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dropbox, Inc.) C:\Users\S\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\PROGRA~2\HP\DIGITA~1\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\McUicnt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-05] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2009-09-25] ()
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-08-07] (Egis Technology Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [QuickenScheduledUpdates] - C:\Program Files (x86)\Quicken\bagent.exe [77096 2013-09-23] (Intuit Inc.)
HKCU\...\Run: [Google Update] - C:\Users\S\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-06-27] (Google Inc.)
HKCU\...\Run: [DW7] - "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
MountPoints2: {c532dad4-689d-11e0-a06d-00262d501688} - E:\LaunchU3.exe -a
MountPoints2: {ca3e7714-f73b-11e0-90ee-00262d501688} - E:\AutoRun.exe
MountPoints2: {ca3e7726-f73b-11e0-90ee-00262d501688} - E:\AutoRun.exe
MountPoints2: {cde89ee2-711c-11e0-a161-00262d501688} - E:\LaunchU3.exe -a
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [SSDMonitor] - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [104408 2010-08-05] (PC Tools)
HKLM-x32\...\Run: [RMAlert] - C:\Program Files (x86)\Registry Mechanic\Alert.exe [1016792 2010-08-05] (PC Tool)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [PlayMovie] - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-08-04] (Acer Corp.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-24] (Symantec Corporation)
HKLM-x32\...\Run: [My Web Search Bar Search Scope Monitor] - C:\PROGRA~2\MYWEBS~1\bar\2.bin\m3SrchMn.exe [28783 2010-07-30] (MyWebSearch.com)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1194504 2009-08-27] (Dritek System Inc.)
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-08-27] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [BounceBack Setup] - "C:\Program Files (x86)\CMS Peripherals\BounceBack Express\AppLaunch.exe" /Launchit
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-20] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-07-31] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Acer Assist Launcher] - C:\Program Files (x86)\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-08] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-08] ()
HKU\HomeGroupUser$\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-08] ()
Startup: C:\Users\S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\S\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5738&r=273612093906l0328z1i5t4711w114
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
URLSearchHook: (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} -  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLL No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1        plugin.dimdimsecure.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9BE9164A-2FA7-45A1-AD41-5DEE849DE6F0}: [NameServer]86.51.35.24 86.51.34.24

FireFox:
========
FF ProfilePath: C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\2afvr1kj.default
FF user.js: detected! => C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\2afvr1kj.default\user.js
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://daylily.com/cgi-bin/auction.cgi
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @cnw.com/cnwplugin - C:\Program Files (x86)\AnyMeeting Plug-in\npcnwplugin.dll (AnyMeeting, Inc.)
FF Plugin-x32: @dimdim.com/DimdimPlugin - C:\Program Files (x86)\Dimdim\Plugin\Application\npDimDimControl.dll (Dimdim, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin-x32: @mywebsearch.com/Plugin - C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll (MyWebSearch.com)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin HKCU: @banckle.com/ScreenCapPlugin - C:\Program Files (x86)\Banckle Online Meeting\npBanckleRSPClient.dll ( )
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\S\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\S\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\S\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\S\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\S\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\S\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\S\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\2afvr1kj.default\searchplugins\mywebsearch.xml
FF SearchPlugin: C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\2afvr1kj.default\searchplugins\tinkersgardenscom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\2afvr1kj.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: PDF Download - C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\2afvr1kj.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF Extension: Adobe DLM (powered by getPlus®) - C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\2afvr1kj.default\Extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files (x86)\MyWebSearch\bar\2.bin
FF Extension: My Web Search - C:\Program Files (x86)\MyWebSearch\bar\2.bin
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com", "hxxp://mysearch.avg.com/?cid={EEFA85A7-2C68-48BA-A647-A3B635789200}&mid=564399c6306547d3aa42d16f6bb4ff7b-d77ed5c76ab551a8088cacc97627d828aa358145&lang=en&ds=oc011&pr=sa&d=2013-08-05 23:11:56&v=15.4.0.5&pid=safeguard&sg=0&sap=hp"
CHR Plugin: (Shockwave Flash) - C:\Users\S\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\S\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\S\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\S\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\S\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Banckle Screen Capture Client 1.0.0.4) - C:\Program Files (x86)\Banckle Online Meeting\npBanckleRSPClient.dll ( )
CHR Plugin: (Motive Plugin) - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
CHR Plugin: (Dimdim NPRuntime Plugin for Netscape browsers) - C:\Program Files (x86)\Dimdim\Plugin\Application\npDimDimControl.dll (Dimdim, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (McAfee Virtual Technician) - C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll (MyWebSearch.com)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Plugin) - C:\Users\S\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Google Translate) - C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0
CHR Extension: (Google Drive) - C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (AdBlock) - C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0
CHR Extension: (spring time) - C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgijfekckahamekahpcobaaniifadhl\1_0
CHR Extension: (DVDVideoSoft) - C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.2.3.3_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\S\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR StartMenuInternet: Google Chrome - C:\Users\S\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2009-08-14] (Alcatel-Lucent)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S2 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-07] (Egis Technology Inc.)
R2 MyWebSearchService; C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwssvc.exe [28762 2010-07-30] (MyWebSearch.com)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [583640 2010-08-05] (PC Tools)
R2 Protection Control Center Task Manager; C:\PROGRA~2\EARTHL~1\PROTEC~1\MxTask.exe [356792 2013-05-31] (Avanquest Software)
R2 SBAMSvc; C:\Program Files (x86)\Common Files\Antivirus\SBAMSvc.exe [2763080 2010-10-11] (Sunbelt Software)
R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [36432 2009-03-28] (DemoForge, LLC)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 KFilter; C:\PROGRA~2\EARTHL~1\PROTEC~1\KFilter.sys [48352 2013-05-31] ()
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA))
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [64600 2010-06-14] (Sunbelt Software)
R1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [49752 2010-03-22] (Sunbelt Software)
R1 SBRE; C:\Windows\SysWow64\drivers\SBREdrv.sys [98392 2010-05-13] (Sunbelt Software)
R3 TFilter; C:\PROGRA~2\EARTHL~1\PROTEC~1\TFilter.sys [40112 2013-05-31] ()
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

http://www.amyuni.com) C:\Windows\SysWOW64\cdintf400.dll
2013-10-25 01:31 - 2013-10-25 01:31 - 00000000 ____D C:\FRST
2013-10-25 00:49 - 2013-10-25 00:49 - 00000476 _____ C:\Users\S\Desktop\defogger_disable.log
2013-10-25 00:49 - 2013-10-25 00:49 - 00000000 _____ C:\Users\S\defogger_reenable
2013-10-24 20:20 - 2013-10-24 05:15 - 00050477 _____ C:\Users\S\Desktop\Defogger.exe
2013-10-24 05:10 - 2013-10-24 04:55 - 01955412 _____ (Farbar) C:\Users\S\Desktop\FRST64.exe
2013-10-21 10:07 - 2013-10-21 10:07 - 00457736 _____ C:\Windows\Minidump\102113-123833-01.dmp
2013-10-18 00:37 - 2013-10-20 06:19 - 00020492 _____ C:\Users\S\Desktop\dds.txt
2013-10-18 00:37 - 2013-10-20 06:17 - 00033648 _____ C:\Users\S\Desktop\attach.txt
2013-10-18 00:31 - 2013-10-18 00:31 - 00688992 ____R (Swearware) C:\Users\S\Desktop\dds.com
2013-10-17 08:42 - 2013-10-17 08:42 - 00000000 __SHD C:\found.001
2013-10-16 21:37 - 2013-10-16 21:37 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-16 21:37 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-16 21:34 - 2013-10-16 21:35 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\S\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-16 19:34 - 2013-10-16 19:34 - 00000000 __SHD C:\found.000
2013-10-16 14:08 - 2013-10-16 21:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-16 14:08 - 2013-10-16 14:08 - 00000000 ____D C:\Users\S\AppData\Roaming\Malwarebytes
2013-10-16 14:08 - 2013-10-16 14:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-14 14:11 - 2013-10-14 14:11 - 00000000 ____D C:\Users\S\AppData\Local\QuickenWindow
2013-10-12 10:41 - 2013-09-22 16:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-12 10:41 - 2013-09-22 16:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-12 10:41 - 2013-09-22 16:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-12 10:41 - 2013-09-22 16:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-12 10:41 - 2013-09-22 16:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-12 10:41 - 2013-09-22 16:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-12 10:41 - 2013-09-22 16:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-12 10:41 - 2013-09-22 16:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-12 10:41 - 2013-09-22 16:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-12 10:41 - 2013-09-22 16:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-12 10:41 - 2013-09-22 16:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-12 10:41 - 2013-09-22 16:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-12 10:41 - 2013-09-22 16:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-12 10:41 - 2013-09-22 15:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-12 10:41 - 2013-09-22 15:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-12 10:41 - 2013-09-22 15:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-12 10:41 - 2013-09-22 15:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-12 10:41 - 2013-09-22 15:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-12 10:41 - 2013-09-22 15:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-12 10:41 - 2013-09-22 15:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-12 10:41 - 2013-09-22 15:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-12 10:41 - 2013-09-22 15:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-12 10:41 - 2013-09-22 15:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-12 10:41 - 2013-09-22 15:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-12 10:41 - 2013-09-22 15:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-12 10:41 - 2013-09-22 15:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-12 10:41 - 2013-09-22 15:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-12 10:41 - 2013-09-20 20:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-12 10:41 - 2013-09-20 20:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-12 10:41 - 2013-09-20 19:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-12 10:41 - 2013-09-20 19:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-11 03:17 - 2013-10-11 03:17 - 00000000 ____D C:\81da3572ca147f76028d
2013-10-10 10:49 - 2013-10-10 10:49 - 00001935 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-10 10:49 - 2013-10-10 10:49 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-10 10:27 - 2013-09-13 18:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 10:27 - 2013-09-07 19:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 10:27 - 2013-09-07 19:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 10:27 - 2013-09-07 19:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 10:27 - 2013-08-28 19:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 10:27 - 2013-08-28 19:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 10:27 - 2013-08-28 19:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 10:27 - 2013-08-28 19:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-10 10:27 - 2013-08-28 19:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 10:27 - 2013-08-28 18:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 10:27 - 2013-08-28 18:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 10:27 - 2013-08-28 18:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 10:27 - 2013-08-28 18:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 10:27 - 2013-08-28 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 10:27 - 2013-08-28 18:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 10:27 - 2013-08-28 17:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 10:27 - 2013-08-28 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 10:27 - 2013-08-28 17:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 10:27 - 2013-08-28 17:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 10:27 - 2013-08-27 18:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 10:27 - 2013-08-27 18:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 10:27 - 2013-08-01 05:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 10:27 - 2013-07-20 03:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 10:27 - 2013-07-20 03:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 10:27 - 2013-07-12 03:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-10 10:27 - 2013-07-12 03:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 10:27 - 2013-07-12 03:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-10 10:27 - 2013-07-04 05:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 10:27 - 2013-07-04 05:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 10:27 - 2013-07-04 05:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 10:27 - 2013-07-04 04:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 10:27 - 2013-07-04 04:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 10:27 - 2013-07-04 04:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 10:27 - 2013-07-04 03:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 10:27 - 2013-07-02 21:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 10:27 - 2013-07-02 21:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 10:27 - 2013-07-02 21:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 10:27 - 2013-06-25 15:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 10:27 - 2013-06-05 22:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 10:27 - 2013-06-05 22:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 10:27 - 2013-06-05 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 10:27 - 2013-06-05 22:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 10:27 - 2013-06-05 21:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 10:27 - 2013-06-05 21:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 10:27 - 2013-06-05 21:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 10:27 - 2013-06-05 20:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 10:27 - 2013-06-05 20:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 10:27 - 2013-06-05 20:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-07 22:21 - 2013-10-07 22:21 - 00000000 ____D C:\Users\S\AppData\Local\Intuit
2013-10-07 22:19 - 2013-10-07 22:19 - 00000000 ____D C:\Users\S\AppData\Local\IsolatedStorage
2013-10-07 21:19 - 2013-10-07 21:19 - 00001806 _____ C:\Users\Public\Desktop\Quicken Deluxe 2014.lnk
2013-10-07 21:19 - 2013-10-07 21:19 - 00000329 _____ C:\Users\Public\Desktop\View Credit Score.url
2013-10-07 21:19 - 2013-09-23 21:23 - 04200744 _____ (Amyuni Technologies
2013-10-07 21:06 - 2013-10-07 21:07 - 112168720 _____ (Intuit Inc.                                                 ) C:\Users\S\Downloads\Quicken_Deluxe_2014.exe
2013-09-28 00:35 - 2013-09-28 00:35 - 00000000 ____D C:\Program Files (x86)\AnyMeeting Plug-in

==================== One Month Modified Files and Folders =======

2013-10-25 01:39 - 2009-09-25 10:07 - 01669404 _____ C:\Windows\WindowsUpdate.log
2013-10-25 01:31 - 2013-10-25 01:31 - 00000000 ____D C:\FRST
2013-10-25 01:27 - 2010-06-27 15:58 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-87726530-948991245-2457579746-1001UA.job
2013-10-25 01:27 - 2010-06-27 15:58 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-87726530-948991245-2457579746-1001Core.job
2013-10-25 01:18 - 2012-10-11 13:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-25 01:10 - 2011-07-14 15:46 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-25 00:49 - 2013-10-25 00:49 - 00000476 _____ C:\Users\S\Desktop\defogger_disable.log
2013-10-25 00:49 - 2013-10-25 00:49 - 00000000 _____ C:\Users\S\defogger_reenable
2013-10-25 00:49 - 2009-12-23 13:53 - 00000000 ____D C:\Users\S
2013-10-24 22:02 - 2012-03-22 21:58 - 00000406 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2013-10-24 18:00 - 2010-09-16 18:49 - 00000298 _____ C:\Windows\Tasks\next.job
2013-10-24 10:10 - 2011-07-14 15:46 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-24 05:21 - 2010-09-20 15:23 - 00009333 _____ C:\Users\S\AppData\Roaming\Tab Separated Values (Windows).EML
2013-10-24 05:15 - 2013-10-24 20:20 - 00050477 _____ C:\Users\S\Desktop\Defogger.exe
2013-10-24 04:55 - 2013-10-24 05:10 - 01955412 _____ (Farbar) C:\Users\S\Desktop\FRST64.exe
2013-10-23 23:37 - 2012-10-17 14:42 - 00016896 ___SH C:\Users\S\Thumbs.db
2013-10-23 14:42 - 2009-07-13 21:45 - 00017600 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-23 14:42 - 2009-07-13 21:45 - 00017600 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-23 14:37 - 2011-01-23 00:31 - 00000000 ____D C:\Users\S\AppData\Roaming\Dropbox
2013-10-23 14:36 - 2011-01-23 00:41 - 00000000 ___RD C:\Users\S\Dropbox
2013-10-23 14:33 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-23 14:33 - 2009-07-13 21:51 - 00151979 _____ C:\Windows\setupact.log
2013-10-21 10:07 - 2013-10-21 10:07 - 00457736 _____ C:\Windows\Minidump\102113-123833-01.dmp
2013-10-21 10:07 - 2010-04-08 10:44 - 00000000 ____D C:\Windows\Minidump
2013-10-21 10:05 - 2010-04-08 10:44 - 512994644 _____ C:\Windows\MEMORY.DMP
2013-10-20 22:17 - 2007-12-31 08:24 - 00000000 ___DC C:\Users\S\Documents\Bilal
2013-10-20 22:10 - 2008-02-27 08:11 - 00000000 ___DC C:\Users\S\Documents\Threshold
2013-10-20 21:55 - 2008-12-24 11:38 - 00000000 ___DC C:\Users\S\Documents\Sufism
2013-10-20 21:49 - 2013-02-13 19:20 - 00000000 ____D C:\Users\S\Desktop\from recorder
2013-10-20 21:49 - 2009-12-25 01:25 - 00000000 ___RD C:\Users\S\Desktop\unused desktop stuff
2013-10-20 06:19 - 2013-10-18 00:37 - 00020492 _____ C:\Users\S\Desktop\dds.txt
2013-10-20 06:17 - 2013-10-18 00:37 - 00033648 _____ C:\Users\S\Desktop\attach.txt
2013-10-18 00:31 - 2013-10-18 00:31 - 00688992 ____R (Swearware) C:\Users\S\Desktop\dds.com
2013-10-17 13:58 - 2009-08-22 15:18 - 00899210 _____ C:\Windows\PFRO.log
2013-10-17 13:56 - 2010-05-09 11:13 - 00000000 ____D C:\Program Files (x86)\FunWebProducts
2013-10-17 08:42 - 2013-10-17 08:42 - 00000000 __SHD C:\found.001
2013-10-16 21:37 - 2013-10-16 21:37 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-16 21:37 - 2013-10-16 14:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-16 21:35 - 2013-10-16 21:34 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\S\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-16 20:21 - 2013-07-31 10:49 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-10-16 20:21 - 2013-05-25 12:17 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-16 20:21 - 2013-05-25 12:17 - 00000000 ____D C:\Program Files\iTunes
2013-10-16 20:21 - 2013-05-25 12:17 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-16 20:21 - 2012-03-22 22:01 - 00000000 ____D C:\Users\S\AppData\Roaming\FreeFileViewer
2013-10-16 20:21 - 2010-09-16 01:16 - 00000000 ____D C:\Program Files (x86)\Registry Mechanic
2013-10-16 20:21 - 2009-12-24 00:47 - 00000000 ____D C:\Users\HomeGroupUser$
2013-10-16 20:21 - 2009-08-21 22:41 - 00000000 ____D C:\Program Files\Google
2013-10-16 20:21 - 2009-08-21 22:40 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-16 20:21 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2013-10-16 20:21 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\AppCompat
2013-10-16 20:21 - 2007-10-08 00:01 - 00000000 ___DC C:\BounceBack
2013-10-16 20:20 - 2013-05-25 12:17 - 00000000 ____D C:\Program Files\iPod
2013-10-16 20:20 - 2009-12-24 06:20 - 00000000 ____D C:\ProgramData\Apple Computer
2013-10-16 20:20 - 2009-12-23 22:59 - 00000000 ____D C:\Users\S\AppData\Local\Google
2013-10-16 20:20 - 2009-08-22 15:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-10-16 20:20 - 2009-08-21 22:40 - 00000000 ____D C:\ProgramData\Google
2013-10-16 19:34 - 2013-10-16 19:34 - 00000000 __SHD C:\found.000
2013-10-16 14:08 - 2013-10-16 14:08 - 00000000 ____D C:\Users\S\AppData\Roaming\Malwarebytes
2013-10-16 14:08 - 2013-10-16 14:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-16 01:56 - 2007-12-31 08:24 - 00000000 ___DC C:\Users\S\Documents\Flourishing
2013-10-14 23:11 - 2009-12-30 12:53 - 00000000 ____D C:\Dell flourishing
2013-10-14 20:16 - 2010-01-01 00:02 - 00000000 ____D C:\ProgramData\Intuit
2013-10-14 14:11 - 2013-10-14 14:11 - 00000000 ____D C:\Users\S\AppData\Local\QuickenWindow
2013-10-13 07:00 - 2009-08-22 15:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-13 06:57 - 2012-05-13 07:34 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-13 06:57 - 2012-05-13 07:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-12 11:27 - 2009-07-13 21:45 - 02301752 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 23:14 - 2013-07-22 18:15 - 00000000 ___HD C:\_Backup
2013-10-11 12:10 - 2011-02-16 15:56 - 00000000 ____D C:\Users\S\Documents\Financial
2013-10-11 10:35 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 10:03 - 2009-07-13 22:13 - 00730532 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-11 03:17 - 2013-10-11 03:17 - 00000000 ____D C:\81da3572ca147f76028d
2013-10-11 03:10 - 2013-07-23 15:12 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 03:05 - 2009-12-25 00:51 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-11 01:21 - 2010-06-27 15:58 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-87726530-948991245-2457579746-1001UA
2013-10-11 01:21 - 2010-06-27 15:58 - 00003494 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-87726530-948991245-2457579746-1001Core
2013-10-11 01:04 - 2011-06-30 22:54 - 00000000 ____D C:\Users\S\Documents\Pinole
2013-10-10 10:49 - 2013-10-10 10:49 - 00001935 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-10 10:49 - 2013-10-10 10:49 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-09 10:05 - 2011-07-14 15:46 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-09 10:05 - 2011-07-14 15:46 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-08 19:18 - 2012-10-11 13:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 19:18 - 2012-10-11 13:18 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 19:18 - 2011-06-27 10:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-07 22:21 - 2013-10-07 22:21 - 00000000 ____D C:\Users\S\AppData\Local\Intuit
2013-10-07 22:19 - 2013-10-07 22:19 - 00000000 ____D C:\Users\S\AppData\Local\IsolatedStorage
2013-10-07 21:57 - 2010-01-01 00:04 - 00000000 ____D C:\Users\S\Documents\Quicken
2013-10-07 21:19 - 2013-10-07 21:19 - 00001806 _____ C:\Users\Public\Desktop\Quicken Deluxe 2014.lnk
2013-10-07 21:19 - 2013-10-07 21:19 - 00000329 _____ C:\Users\Public\Desktop\View Credit Score.url
2013-10-07 21:19 - 2010-01-01 00:03 - 00000171 _____ C:\Windows\Quicken.ini
2013-10-07 21:19 - 2010-01-01 00:02 - 00000000 ____D C:\Program Files (x86)\Quicken
2013-10-07 21:07 - 2013-10-07 21:06 - 112168720 _____ (Intuit Inc.                                                 ) C:\Users\S\Downloads\Quicken_Deluxe_2014.exe
2013-10-03 12:27 - 2008-09-16 21:38 - 00000000 ___DC C:\Users\S\Documents\Rumi
2013-09-28 18:07 - 2010-07-24 23:26 - 00000000 ____D C:\Users\S\AppData\Roaming\Skype
2013-09-28 11:39 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-28 00:35 - 2013-09-28 00:35 - 00000000 ____D C:\Program Files (x86)\AnyMeeting Plug-in
2013-09-26 23:50 - 2009-12-24 01:30 - 00000000 ____D C:\Users\S\AppData\Roaming\Mozilla

Files to move or delete:
====================
C:\Users\Public\AdobeAIRInstaller.exe


Some content of TEMP:
====================
C:\Users\S\AppData\Local\Temp\AskSLib.dll
C:\Users\S\AppData\Local\Temp\bing.exe
C:\Users\S\AppData\Local\Temp\converter.exe
C:\Users\S\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\S\AppData\Local\Temp\elnk_pcc_install3.exe
C:\Users\S\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\S\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\S\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\S\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\S\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\S\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\S\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\S\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\S\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\S\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\S\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\S\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\S\AppData\Local\Temp\MvtApp.exe
C:\Users\S\AppData\Local\Temp\oi_{396A0F66-E445-4065-A7D9-D8EC753775FA}.exe
C:\Users\S\AppData\Local\Temp\RDVAlert.exe
C:\Users\S\AppData\Local\Temp\ResetDevice.exe
C:\Users\S\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\S\AppData\Local\Temp\SkypeSetup.exe
C:\Users\S\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\S\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\S\AppData\Local\Temp\vcredist_2008_SP1_x64.exe
C:\Users\S\AppData\Local\Temp\vcredist_2008_SP1_x86.exe
C:\Users\S\AppData\Local\Temp\vcredist_2010_SP1_x64.exe
C:\Users\S\AppData\Local\Temp\vcredist_2010_SP1_x86.exe
C:\Users\S\AppData\Local\Temp\ytb.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-21 06:05

==================== End Of Log ============================
 

Attached Files



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:14 AM

Posted 25 October 2013 - 11:00 AM

Please run the following:

Download attached fixlist.txt file and save it to the Desktop.

Attached File  FixList.txt   3.12KB   1 downloads

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Retvan

Retvan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 25 October 2013 - 10:30 PM

I ran fix twice, since it deleted the fixlist file and so I thought I hadn't put it there the first time. Here's the fixlog from the second run.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-10-2013
Ran by S at 2013-10-25 20:15:46 Run:2
Running from C:\Users\S\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
(MyWebSearch.com) C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwssvc.exe
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [My Web Search Bar Search Scope Monitor] - C:\PROGRA~2\MYWEBS~1\bar\2.bin\m3SrchMn.exe [28783 2010-07-30] (MyWebSearch.com)
URLSearchHook: (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
URLSearchHook: (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} -  No File
Toolbar: HKLM-x32 - My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLL No File
Toolbar: HKCU - No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin-x32: @mywebsearch.com/Plugin - C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll (MyWebSearch.com)
FF SearchPlugin: C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\2afvr1kj.default\searchplugins\mywebsearch.xml
FF HKLM-x32\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files (x86)\MyWebSearch\bar\2.bin
FF Extension: My Web Search - C:\Program Files (x86)\MyWebSearch\bar\2.bin
C:\Program Files (x86)\MyWebSearch
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll (MyWebSearch.com)
R2 MyWebSearchService; C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwssvc.exe [28762 2010-07-30] (MyWebSearch.com)
2013-10-17 13:56 - 2010-05-09 11:13 - 00000000 ____D C:\Program Files (x86)\FunWebProducts
C:\Users\Public\AdobeAIRInstaller.exe
C:\Users\S\AppData\Local\Temp\AskSLib.dll
C:\Users\S\AppData\Local\Temp\bing.exe
C:\Users\S\AppData\Local\Temp\converter.exe
C:\Users\S\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\S\AppData\Local\Temp\elnk_pcc_install3.exe
C:\Users\S\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\S\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\S\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\S\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\S\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\S\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\S\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\S\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\S\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\S\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\S\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\S\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\S\AppData\Local\Temp\MvtApp.exe
C:\Users\S\AppData\Local\Temp\oi_{396A0F66-E445-4065-A7D9-D8EC753775FA}.exe
C:\Users\S\AppData\Local\Temp\RDVAlert.exe
C:\Users\S\AppData\Local\Temp\ResetDevice.exe
C:\Users\S\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\S\AppData\Local\Temp\SkypeSetup.exe
C:\Users\S\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\S\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\S\AppData\Local\Temp\vcredist_2008_SP1_x64.exe
C:\Users\S\AppData\Local\Temp\vcredist_2008_SP1_x86.exe
C:\Users\S\AppData\Local\Temp\vcredist_2010_SP1_x64.exe
C:\Users\S\AppData\Local\Temp\vcredist_2010_SP1_x86.exe
C:\Users\S\AppData\Local\Temp\ytb.exe
end

*****************

C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwssvc.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor => Value not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value not found.
HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{00A6FAF6-072E-44cf-8957-5838F569A31D} => Value not found.
HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} => Value not found.
HKCR\Wow6432Node\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} => Value not found.
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value not found.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@mywebsearch.com/Plugin => Key not found.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll not found.
"C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\2afvr1kj.default\searchplugins\mywebsearch.xml" => not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com => Value not found.
C:\Program Files (x86)\MyWebSearch\bar\2.bin not found.
"C:\Program Files (x86)\MyWebSearch" => File/Directory not found.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll not found.
MyWebSearchService => Service not found.
"C:\Program Files (x86)\FunWebProducts" => File/Directory not found.
"C:\Users\Public\AdobeAIRInstaller.exe" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\AskSLib.dll" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\bing.exe" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\converter.exe" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\DataCard_Setup64.exe" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\elnk_pcc_install3.exe" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\MvtApp.exe" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\oi_{396A0F66-E445-4065-A7D9-D8EC753775FA}.exe" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\RDVAlert.exe" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\ResetDevice.exe" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\SearchWithGoogleUpdate.exe" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\SkypeSetup.exe" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\The_Weather_Channel_Application.exe" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\UNINSTALL.EXE" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\vcredist_2008_SP1_x64.exe" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\vcredist_2008_SP1_x86.exe" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\vcredist_2010_SP1_x64.exe" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\vcredist_2010_SP1_x86.exe" => File/Directory not found.
"C:\Users\S\AppData\Local\Temp\ytb.exe" => File/Directory not found.

==== End of Fixlog ====



#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:14 AM

Posted 25 October 2013 - 10:35 PM

Please run the following:

Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Retvan

Retvan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 26 October 2013 - 07:42 AM

ComboFix 13-10-26.01 - S 10/26/2013   4:55.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4025.2761 [GMT -7:00]
Running from: c:\users\S\Desktop\ComboFix.exe
AV: EarthLink Protection Control Center *Disabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: EarthLink Protection Control Center *Disabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\LOG15.tmp
C:\LOG4C.tmp
C:\LOG54.tmp
C:\LOG70.tmp
C:\LOG76.tmp
C:\LOGC.tmp
c:\users\S\Documents\~WRL0188.tmp
c:\users\S\Documents\~WRL1482.tmp
c:\users\S\GoToAssistDownloadHelper.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-26 to 2013-10-26  )))))))))))))))))))))))))))))))
.
.
2013-10-26 12:12 . 2013-10-26 12:12    --------    d-----w-    c:\users\HomeGroupUser$\AppData\Local\temp
2013-10-26 12:12 . 2013-10-26 12:12    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-10-25 08:31 . 2013-10-25 08:31    --------    d-----w-    C:\FRST
2013-10-17 15:42 . 2013-10-17 15:42    --------    d-----w-    C:\found.001
2013-10-17 04:37 . 2013-04-04 21:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-10-17 02:34 . 2013-10-17 02:34    --------    d-----w-    C:\found.000
2013-10-16 21:08 . 2013-10-16 21:08    --------    d-----w-    c:\users\S\AppData\Roaming\Malwarebytes
2013-10-16 21:08 . 2013-10-17 04:37    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-16 21:08 . 2013-10-16 21:08    --------    d-----w-    c:\programdata\Malwarebytes
2013-10-14 21:11 . 2013-10-14 21:11    --------    d-----w-    c:\users\S\AppData\Local\QuickenWindow
2013-10-11 10:17 . 2013-10-11 10:17    --------    d-----w-    C:\81da3572ca147f76028d
2013-10-10 17:49 . 2013-10-10 17:49    --------    d-----w-    c:\program files\McAfee Security Scan
2013-10-08 05:21 . 2013-10-08 05:21    --------    d-----w-    c:\users\S\AppData\Local\Intuit
2013-10-08 05:19 . 2013-10-08 05:19    --------    d-----w-    c:\users\S\AppData\Local\IsolatedStorage
2013-10-08 04:19 . 2013-09-24 04:23    4200744    ----a-w-    c:\windows\SysWow64\cdintf400.dll
2013-09-28 07:35 . 2013-09-28 07:35    --------    d-----w-    c:\program files (x86)\AnyMeeting Plug-in
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-11 10:05 . 2009-12-25 07:51    80541720    ----a-w-    c:\windows\system32\MRT.exe
2013-10-09 02:18 . 2012-10-11 20:18    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-09 02:18 . 2011-06-27 17:54    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-29 01:48 . 2013-10-10 17:27    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-08-05 02:25 . 2013-09-12 06:40    155584    ----a-w-    c:\windows\system32\drivers\ataport.sys
2013-08-02 02:14 . 2013-09-12 06:40    215040    ----a-w-    c:\windows\system32\winsrv.dll
2013-08-02 02:13 . 2013-09-12 06:40    424448    ----a-w-    c:\windows\system32\KernelBase.dll
2013-08-02 02:13 . 2013-09-12 06:40    1161216    ----a-w-    c:\windows\system32\kernel32.dll
2013-08-02 02:12 . 2013-09-12 06:40    43520    ----a-w-    c:\windows\system32\csrsrv.dll
2013-08-02 02:12 . 2013-09-12 06:40    6144    ---ha-w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 06:40    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 06:40    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 06:40    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 06:40    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 06:40    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 06:40    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 06:39    6656    ----a-w-    c:\windows\system32\apisetschema.dll
2013-08-02 02:12 . 2013-09-12 06:40    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 06:40    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 06:40    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 06:40    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 06:40    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 06:40    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 06:40    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 06:40    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 06:40    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 06:40    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 06:40    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 06:40    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 06:40    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 06:40    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 06:40    5120    ---ha-w-    c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 06:40    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 06:40    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 06:40    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 06:40    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 06:40    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 02:12 . 2013-09-12 06:40    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:50 . 2013-09-12 06:40    274944    ----a-w-    c:\windows\SysWow64\KernelBase.dll
2013-08-02 01:48 . 2013-09-12 06:40    5120    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:40    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:40    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:40    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:40    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:40    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:40    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:40    4608    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:40    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:40    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:40    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:40    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:40    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:40    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:40    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:40    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:40    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:40    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:40    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:40    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:39    6656    ----a-w-    c:\windows\SysWow64\apisetschema.dll
2013-08-02 01:48 . 2013-09-12 06:40    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:40    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:40    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48 . 2013-09-12 06:40    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:09 . 2013-09-12 06:40    338432    ----a-w-    c:\windows\system32\conhost.exe
2013-08-02 00:59 . 2013-09-12 06:40    112640    ----a-w-    c:\windows\system32\smss.exe
2013-08-02 00:43 . 2013-09-12 06:40    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43 . 2013-09-12 06:40    6144    ---ha-w-    c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43 . 2013-09-12 06:40    4608    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43 . 2013-09-12 06:40    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-07-26 01:18    277512    ----a-w-    c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\S\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\S\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\S\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:18    120104    ------w-    c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickenScheduledUpdates"="c:\program files (x86)\Quicken\bagent.exe" [2013-09-24 77096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408]
"RMAlert"="c:\program files (x86)\Registry Mechanic\Alert.exe" [2010-08-05 1016792]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-08-05 181480]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-27 1194504]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-08-27 135536]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-21 261888]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-08-01 128296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
c:\users\S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\S\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BounceBack Launcher.lnk - c:\program files (x86)\CMS Peripherals\BounceBack Express\BBLauncher.exe [2010-2-5 98304]
Dimdim.lnk - c:\program files (x86)\Dimdim\Plugin\Application\Dimdim.exe 34567 startup [2010-11-11 664360]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Protection Control Center Task Manager;Protection Control Center Task Manager;c:\progra~2\EARTHL~1\PROTEC~1\MxTask.exe;c:\progra~2\EARTHL~1\PROTEC~1\MxTask.exe [x]
R2 SBAMSvc;Protection Control Center;c:\program files (x86)\Common Files\Antivirus\SBAMSvc.exe;c:\program files (x86)\Common Files\Antivirus\SBAMSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys;c:\windows\SYSNATIVE\DRIVERS\rcmirror.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys;c:\windows\SYSNATIVE\DRIVERS\dfmirage.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 KFilter;KFilter;c:\progra~2\EARTHL~1\PROTEC~1\KFilter.sys;c:\progra~2\EARTHL~1\PROTEC~1\KFilter.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 TFilter;TFilter;c:\progra~2\EARTHL~1\PROTEC~1\TFilter.sys;c:\progra~2\EARTHL~1\PROTEC~1\TFilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 02:18]
.
2013-10-26 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2012-03-23 21:24]
.
2013-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 22:46]
.
2013-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 22:46]
.
2013-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-87726530-948991245-2457579746-1001Core.job
- c:\users\S\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-27 22:58]
.
2013-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-87726530-948991245-2457579746-1001UA.job
- c:\users\S\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-27 22:58]
.
2013-10-26 c:\windows\Tasks\next.job
- c:\programdata\Dimdim\Updater\next.exe [2010-11-11 14:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-07-26 01:18    336904    ----a-w-    c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\S\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\S\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\S\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\S\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:19    137512    ------w-    c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-09-25 200704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-03 358912]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-07 349480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-03 159232]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-03 380928]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.dimdimsecure.com;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: motive.com\pattta.att
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9BE9164A-2FA7-45A1-AD41-5DEE849DE6F0}: NameServer = 86.51.35.24 86.51.34.24
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-DW7 - c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
Wow6432Node-HKLM-Run-BounceBack Setup - c:\program files (x86)\CMS Peripherals\BounceBack Express\AppLaunch.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Mapit_1 Toolbar - c:\program files (x86)\Mapit_1\uninstall.exe
AddRemove-The Weather Channel App - c:\program files (x86)\The Weather Channel\The Weather Channel App\TheWeatherChannelCustomUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-26  05:17:17
ComboFix-quarantined-files.txt  2013-10-26 12:17
.
Pre-Run: 224,357,908,480 bytes free
Post-Run: 301,677,805,568 bytes free
.
- - End Of File - - D5A9248BC0EC4690BCE8132D5DB5F4B7
5C616939100B85E558DA92B899A0FC36
 



#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:14 AM

Posted 26 October 2013 - 06:23 PM

looks better,

Please run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • If items are found, please select the Clean button
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Retvan

Retvan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 27 October 2013 - 02:29 AM

On restart after the adware scan/fix, the computer seemed to be running more slowly than after the JRT one (though that could well be due to the antivirus being back on). Adware cleaner appeared to produce two logs, an R0 and S0, so I'm attaching both to this post.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by S on Sat 10/26/2013 at 18:16:33.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4BAC-9BD3-CBFEA58A0E15}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\fun web products
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\funwebproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\mywebsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\mywebsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_adobe-air_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_adobe-air_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_adobe-media-player_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_adobe-media-player_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_adobe-air_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_adobe-air_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_adobe-media-player_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_adobe-media-player_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\S\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\S\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\S\AppData\Roaming\registry mechanic"
Successfully deleted: [Folder] "C:\Users\S\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\S\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\S\appdata\locallow\funwebproducts"
Successfully deleted: [Folder] "C:\Users\S\appdata\locallow\mywebsearch"
Successfully deleted: [Folder] "C:\Users\S\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\registry mechanic"
Successfully deleted: [Empty Folder] C:\Users\S\appdata\local\{346BB4FC-3E82-4EBE-8978-3FD08E20DB29}
Successfully deleted: [Empty Folder] C:\Users\S\appdata\local\{39A76598-BC98-4E5E-BA2C-65F5425A0D23}



~~~ Chrome

Successfully deleted: [Folder] C:\Users\S\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 10/26/2013 at 18:23:00.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Attached Files



#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:14 AM

Posted 27 October 2013 - 01:17 PM

yes, that will certainly be because of the antivirus, but that is normal.

Looks like those programs removed a lot of junk from the machine.

Please run the following:
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 Retvan

Retvan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 28 October 2013 - 10:40 AM

Computer decided to get extra glitchy during this process, so going over what happened without log at the moment.

 

First tried to run MBAM full scan- that stalled out in program data at around 5 hours until the computer crashed. Quick scan found nothing (I'll attach the log later, but it was the standard no problems log).

 

Unfortunately, internet explorer (once I managed to get it to load, which took about 10 minutes by itself) managed to first hang on loading google.com for

half an hour and then hang on my attempting to type anything indefinitely, gradually leading into the rest of the machine entering a hang state and needing to be force booted. So I wasn't able to get anywhere near the second step.



#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:14 AM

Posted 28 October 2013 - 11:25 AM

Please run the following:

Please download Windows Repair (all in one) from here
  • Install the program then run it
  • Go to step 2 and allow it to run Disk check
  • Once that is done then go to step 3 and allow it to run SFC
    Capture.gif
  • On the the Start Repairs tab => Click the Start
    7fthj.png
  • Click on the select all check box and then click on Start
  • DON'T use the computer while each scan is in progress.
  • Restart may be needed to finish the repair procedure.


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 Retvan

Retvan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 31 October 2013 - 03:30 AM

I downloaded and went through the various steps of the tweaking repair- first time the computer crashed partway through it, second time it finished and I could restart. That did seem to fix the issues with restarting and shutting down the computer.

 

When I went back to the ESET and tried to run that, the first time it crashed the computer after detecting 34 items or so (toolbars, apparently- I wasn't able to get a report out, just what it showed onscreen). So I went ahead and ran a chkdsk on startup, to get at stuff that the tweaking chkdsk hadn't gotten- it found a file that wasn't indexed and one file that had bad sections and fixed those. Then I tried running ESET again. It made it to around 71% and found 38 items, and then crashed the computer again. After restarting the computer, I tried going back to ESET only for it to claim that the internet explorer I was accessing it on was not, in fact, internet explorer. Also, many programs seem to have a dialog when I try to open them saying that windows installer can't find the folder to install them- which sometimes lets me through to the program when I cancel out of it and sometimes does not.



#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:14 AM

Posted 31 October 2013 - 10:51 AM

Try this:

Please download the ESET services repair tool, extract the file to your desktop.
  • Double-click ServicesRepair.exe,
  • If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed.
  • Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
  • a log will be saved in the CCSupport folder the tool created on your desktop, please post the content in your next reply

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 Retvan

Retvan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:14 PM

Posted 31 October 2013 - 12:08 PM

MBAM quick log from earlier attached.

 

Log Opened: 2013-10-31 @ 09:43:43
09:43:43 - -----------------
09:43:43 - | Begin Logging |
09:43:43 - -----------------
09:43:43 - Fix started on a WIN_7 X64 computer
09:43:43 - Prep in progress.  Please Wait.
09:43:46 - Prep complete
09:43:46 - Repairing Services Now.  Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
09:43:48 - Services Repair Complete.
09:43:51 - Reboot Initiated
 

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users