Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Snap.do Removed but Snap.do Engine still in Programs


  • This topic is locked This topic is locked
26 replies to this topic

#1 jhcomputer

jhcomputer

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 23 November 2013 - 11:52 AM

We have Windows Vista and got taken over by Snap.do.  We have ESET Smart Security which it seems could identify the problem but not remove it.  I have run AdwCleaner, Junkware Removal Tool, and Malwarebytes Anti-Malware Cleanup Tool.  In programs, there were two things listed: Snap.do which was using 22MB of space and Snap.do Engine which was not using any space.  I was able to remove Snap.do from my programs but Snap.do Engine is still there and I can't uninstall it.  All of out internet browers seem to be back to normal including Mozilla Firefox, Chrome, and Internet Explorer.   I want to make sure everything is gone and ideally get Snap.do Engine out of our programs.

 

Here is my DDS report:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16520  BrowserJavaVersion: 10.45.2
Run by M HP at 9:15:44 on 2013-11-23
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3068.1096 [GMT -7:00]
.
AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\dcmsvc\dcmsvc.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Windows\ehome\ehtray.exe
C:\Users\McKnight HP\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Users\McKnight HP\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\Users\McKnight HP\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\PdaNet for Android\PdaNetPC.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
D:\Games\Steam.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [AdobeBridge] "c:\program files\adobe\adobe bridge cs4\Bridge.exe" -stealth
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [PhotoshopElementsSyncAgent] c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsSyncAgent.exe
uRun: [Steam] "d:\games\steam.exe" -silent
uRun: [PCShowServer] "c:\users\mcknight hp\appdata\local\directv player\PCShowServerPMWrapper.exe"
uRun: [Google Update] "c:\users\mcknight hp\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [HLBackupScheduler] "c:\program files\verizon cloud\Verizon Cloud Service.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SmartMenu] c:\program files\hewlett-packard\hp mediasmart\SmartMenu.exe
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [TSMAgent] "c:\program files\hewlett-packard\touchsmart\media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\program files\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
mRun: [TVAgent] "c:\program files\hewlett-packard\media\tv\TVAgent.exe"
mRun: [UCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" update "software\hewlett-packard\media\Webcam"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [dcmsvc] c:\program files\dcmsvc\dcmsvc.exe
mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [AgentMonitor] c:\program files\vtech\downloadmanager\system\AgentMonitor.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [VMM Mode Selection] c:\program files\htc\modeselection\VMMModeSelection.exe
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
StartupFolder: c:\users\mcknig~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\users\mcknig~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\disney~1.lnk - c:\program files\disney vacation connection\Disney Vacation Connection.exe
StartupFolder: c:\users\mcknig~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\mcknight hp\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\mcknig~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
TCP: NameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{426977E8-B146-498B-93EE-3C0C3294A1AF} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{697C5966-C693-4C86-B84B-AD696C52DD8F} : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{E1D4E40A-F760-49C0-A7DB-C1C5EE02355C} : NameServer = 205.171.3.65,205.171.2.65
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mcknight hp\appdata\roaming\mozilla\firefox\profiles\yjrdm43m.default-1385169638996\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\users\mcknight hp\appdata\local\directv player\npPCShowPlugin.dll
FF - plugin: c:\users\mcknight hp\appdata\local\directv player\npPlayerPlugin.dll
FF - plugin: c:\users\mcknight hp\appdata\local\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\users\mcknight hp\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2013-2-20 47568]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2013-2-20 171680]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2013-1-10 122240]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys [2013-1-10 46056]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2011/09/26 19:23:02];c:\program files\hewlett-packard\media\dvd\000.fcl [2011-9-26 87536]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_827e372d\AEstSrv.exe [2009-3-2 81920]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2012-9-7 87992]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2013-3-21 1341664]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 26168]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\motorola mobility\motorola device manager\MotoHelperService.exe [2013-3-25 121144]
R2 PST Service;PST Service;c:\program files\motorola\motforwarddaemon\ForwardDaemon.exe [2012-6-19 65657]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-1-16 365952]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVCapSvc.exe [2009-4-22 296320]
R2 TVSched;TV Task Scheduler (TVTS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVSched.exe [2009-4-22 116104]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-1-16 222512]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-9-4 54784]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-10-23 107360]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-3-31 4232704]
R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2010-12-2 13312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-7-25 162672]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2010-9-11 401920]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2011-8-5 19456]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-20 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\futuremark\futuremark systeminfo\FMSISvc.exe [2012-1-26 135584]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;"c:\program files\roxio creator 2009 ultimate\digital home 11\roxioupnprenderer11.exe" --> c:\program files\roxio creator 2009 ultimate\digital home 11\RoxioUPnPRenderer11.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2013-11-23 05:44:26    --------    d-----w-    c:\users\mcknight hp\appdata\roaming\Malwarebytes
2013-11-23 05:43:24    --------    d-----w-    c:\programdata\Malwarebytes
2013-11-23 05:43:20    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-11-23 05:43:20    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-11-23 05:25:00    --------    d-sh--w-    c:\windows\system32\AI_RecycleBin
2013-11-23 04:49:08    --------    d-----w-    c:\windows\ERUNT
2013-11-23 04:26:04    --------    d-----w-    C:\AdwCleaner
2013-11-22 23:44:47    --------    d-----w-    c:\users\mcknight hp\appdata\roaming\BRITAX FRONTIER 85 user guide
2013-11-22 12:37:25    7772552    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{9b293da9-dcef-4bfd-af1e-6aeeb5c8e4b8}\mpengine.dll
2013-11-20 12:51:15    --------    d-----w-    c:\program files\Verizon Cloud
2013-11-14 16:41:27    768512    ----a-w-    c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-11-13 20:28:15    297984    ----a-w-    c:\windows\system32\gdi32.dll
2013-11-13 20:28:09    993792    ----a-w-    c:\windows\system32\crypt32.dll
2013-11-13 20:28:00    444928    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-11-13 20:27:59    596480    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-11-10 03:29:48    --------    d-----w-    c:\program files\iPod
2013-11-10 03:29:45    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-10 03:29:45    --------    d-----w-    c:\program files\iTunes
.
==================== Find3M  ====================
.
2013-11-21 12:39:43    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-21 12:39:43    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-11-11 12:50:18    230048    ------w-    c:\windows\system32\MpSigStub.exe
2013-10-13 09:48:06    1806848    ----a-w-    c:\windows\system32\jscript9.dll
2013-10-13 09:35:52    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-10-13 09:35:38    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-10-13 09:30:14    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-10-13 09:29:02    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-10-13 09:25:39    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-10-08 13:50:41    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-10-03 08:09:44    602112    ----a-w-    c:\windows\system32\xvid.dll
2013-08-29 07:36:04    2050048    ----a-w-    c:\windows\system32\win32k.sys
2013-08-27 02:47:50    219648    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47:50    189952    ----a-w-    c:\windows\system32\d3d10core.dll
2013-08-27 02:47:50    160768    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-08-27 02:47:50    1029120    ----a-w-    c:\windows\system32\d3d10.dll
2013-08-27 01:52:08    1172480    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-08-27 01:50:40    486400    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-08-27 01:32:20    683008    ----a-w-    c:\windows\system32\d2d1.dll
2013-08-27 01:28:36    1069056    ----a-w-    c:\windows\system32\DWrite.dll
2013-08-27 01:28:35    798208    ----a-w-    c:\windows\system32\FntCache.dll
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST9320421AS rev.HP15 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0;  }
user != kernel MBR !!!
.
============= FINISH:  9:24:46.35 ===============
 

Attached Files


Edited by jhcomputer, 23 November 2013 - 11:53 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:28 AM

Posted 23 November 2013 - 03:06 PM


Hello jhcomputer

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jhcomputer

jhcomputer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 23 November 2013 - 11:09 PM

Since I had already run these, here are the logs from previously.  Please let me know if you would like me to run them again.

 

# AdwCleaner v3.012 - Report created 22/11/2013 at 21:29:30
# Updated 11/11/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : M HP - MHP-PC
# Running from : C:\Users\M HP\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files\Plus-HD-4.7
Folder Deleted : C:\Users\M HP\AppData\Local\Smartbar
Folder Deleted : C:\Users\M~1\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\M~1\AppData\Local\Temp\TempDir
Folder Deleted : C:\Users\M HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Folder Deleted : C:\Users\M HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\poahhcggenldhhngmcdolbgdjnpicfim
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Windows\Tasks\Plus-HD-4.7-chromeinstaller.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-4.7-chromeinstaller
File Deleted : C:\Windows\Tasks\Plus-HD-4.7-codedownloader.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-4.7-codedownloader
File Deleted : C:\Windows\Tasks\Plus-HD-4.7-enabler.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-4.7-enabler
File Deleted : C:\Windows\Tasks\Plus-HD-4.7-firefoxinstaller.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-4.7-firefoxinstaller
File Deleted : C:\Windows\Tasks\Plus-HD-4.7-updater.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-4.7-updater

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\M HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Search.lnk

***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A583F58A-8355-4815-9C41-887375C82A8C}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A583F58A-8355-4815-9C41-887375C82A8C}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EC4432EB-0F74-4FF7-87E5-D0678663AEF8}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC4432EB-0F74-4FF7-87E5-D0678663AEF8}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{937E96C3-6C87-49EF-8B2E-88A1BB77B6A8}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{937E96C3-6C87-49EF-8B2E-88A1BB77B6A8}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F40A72E3-AA0E-494C-8261-346DB47D36C6}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F40A72E3-AA0E-494C-8261-346DB47D36C6}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{010D6F2B-1355-4BAC-88FD-C713A9845657}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{010D6F2B-1355-4BAC-88FD-C713A9845657}
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0039682.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0039682.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0039682.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0039682.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311961182}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322962282}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355965582}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366966682}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344964482}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311961182}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311961182}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0e4418e0-5a69-40e4-92e9-ac6fbd136cf1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22fdd76e-b9ac-4ffb-a834-d98ecf15db45}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{675c574a-00ab-4907-99a6-a4c57cf875a7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c6a18264-5585-4650-8657-b5c2b5d433ab}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{327C2873-E90D-4C37-AA9D-10AC9BABA46C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\smartbarbackup
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Plus-HD-4.7
Key Deleted : HKLM\Software\Plus-HD-4.7
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-4.7
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Plus-HD-4.7

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16520

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\M HP\AppData\Roaming\Mozilla\Firefox\Profiles\yjrdm43m.default-1385169638996\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\M HP\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : suggest_url
Deleted : keyword
Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [11861 octets] - [22/11/2013 21:26:07]
AdwCleaner[S0].txt - [10283 octets] - [22/11/2013 21:29:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10344 octets] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by M HP on Fri 11/22/2013 at 21:55:34.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar



~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\Users\M HP\AppData\Roaming\big fish games"
Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"



~~~ Chrome

Successfully deleted: [Folder] C:\Users\M HP\appdata\local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/22/2013 at 22:00:11.41
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


Edited by jhcomputer, 23 November 2013 - 11:10 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:28 AM

Posted 23 November 2013 - 11:29 PM


Hello jhcomputer,

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jhcomputer

jhcomputer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 24 November 2013 - 12:37 AM

Here is the ComboFix log below.  Under programs the following still appears: Name Snap.Do Engine, Publisher Resoft Ltd, Installed On 11/22/13, size is blank.  The computer is running fine, but the problem is not resolved.

 

 

ComboFix 13-11-23.02 - M HP 11/23/2013  21:43:11.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3068.1394 [GMT -7:00]

Running from: c:\users\M HP\Downloads\ComboFix.exe

AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\M~1\AppData\Local\Temp\_MEI36802\_ctypes.pyd

c:\users\M~1\AppData\Local\Temp\_MEI36802\_elementtree.pyd

c:\users\M~1\AppData\Local\Temp\_MEI36802\_hashlib.pyd

c:\users\M~1\AppData\Local\Temp\_MEI36802\_multiprocessing.pyd

c:\users\M~1\AppData\Local\Temp\_MEI36802\_socket.pyd

c:\users\M~1\AppData\Local\Temp\_MEI36802\_ssl.pyd

c:\users\M~1\AppData\Local\Temp\_MEI36802\msvcp100.dll

c:\users\M~1\AppData\Local\Temp\_MEI36802\msvcr100.dll

c:\users\M~1\AppData\Local\Temp\_MEI36802\pyexpat.pyd

c:\users\M~1\AppData\Local\Temp\_MEI36802\pysqlite2._sqlite.pyd

c:\users\M~1\AppData\Local\Temp\_MEI36802\python27.dll

c:\users\M~1\AppData\Local\Temp\_MEI36802\pythoncom27.dll

c:\users\M~1\AppData\Local\Temp\_MEI36802\PyWinTypes27.dll

c:\users\M~1\AppData\Local\Temp\_MEI36802\select.pyd

c:\users\M~1\AppData\Local\Temp\_MEI36802\unicodedata.pyd

c:\users\M~1\AppData\Local\Temp\_MEI36802\win32api.pyd

c:\users\M~1\AppData\Local\Temp\_MEI36802\win32com.shell.shell.pyd

c:\users\M~1\AppData\Local\Temp\_MEI36802\win32crypt.pyd

c:\users\M~1\AppData\Local\Temp\_MEI36802\win32event.pyd

c:\users\M~1\AppData\Local\Temp\_MEI36802\win32file.pyd

c:\users\M~1\AppData\Local\Temp\_MEI36802\win32inet.pyd

c:\users\M~1\AppData\Local\Temp\_MEI36802\win32pdh.pyd

c:\users\M~1\AppData\Local\Temp\_MEI36802\win32process.pyd

c:\users\M~1\AppData\Local\Temp\_MEI36802\win32profile.pyd

c:\users\M~1\AppData\Local\Temp\_MEI36802\win32security.pyd

c:\users\M~1\AppData\Local\Temp\_MEI36802\win32ts.pyd

c:\users\M~1\AppData\Local\Temp\_MEI36802\windows._cacheinvalidation.pyd

c:\users\M~1\AppData\Local\Temp\_MEI36802\wx._controls_.pyd

c:\users\M~1\AppData\Local\Temp\_MEI36802\wx._core_.pyd

c:\users\M~1\AppData\Local\Temp\_MEI36802\wx._gdi_.pyd

c:\users\M~1\AppData\Local\Temp\_MEI36802\wx._html2.pyd

c:\users\M~1\AppData\Local\Temp\_MEI36802\wx._misc_.pyd

c:\users\M~1\AppData\Local\Temp\_MEI36802\wx._windows_.pyd

c:\users\M~1\AppData\Local\Temp\_MEI36802\wx._wizard.pyd

c:\users\M~1\AppData\Local\Temp\_MEI36802\wxbase294u_net_vc90.dll

c:\users\M~1\AppData\Local\Temp\_MEI36802\wxbase294u_vc90.dll

c:\users\M~1\AppData\Local\Temp\_MEI36802\wxmsw294u_adv_vc90.dll

c:\users\M~1\AppData\Local\Temp\_MEI36802\wxmsw294u_core_vc90.dll

c:\users\M~1\AppData\Local\Temp\_MEI36802\wxmsw294u_html_vc90.dll

c:\users\M~1\AppData\Local\Temp\_MEI36802\wxmsw294u_webview_vc90.dll

c:\users\M HP\AppData\Local\Temp\_MEI36802\_ctypes.pyd

c:\users\M HP\AppData\Local\Temp\_MEI36802\_elementtree.pyd

c:\users\M HP\AppData\Local\Temp\_MEI36802\_hashlib.pyd

c:\users\M HP\AppData\Local\Temp\_MEI36802\_multiprocessing.pyd

c:\users\M HP\AppData\Local\Temp\_MEI36802\_socket.pyd

c:\users\M HP\AppData\Local\Temp\_MEI36802\_ssl.pyd

c:\users\M HP\AppData\Local\Temp\_MEI36802\msvcp100.dll

c:\users\M HP\AppData\Local\Temp\_MEI36802\msvcr100.dll

c:\users\M HP\AppData\Local\Temp\_MEI36802\pyexpat.pyd

c:\users\M HP\AppData\Local\Temp\_MEI36802\pysqlite2._sqlite.pyd

c:\users\M HP\AppData\Local\Temp\_MEI36802\python27.dll

c:\users\M HP\AppData\Local\Temp\_MEI36802\pythoncom27.dll

c:\users\M HP\AppData\Local\Temp\_MEI36802\PyWinTypes27.dll

c:\users\M HP\AppData\Local\Temp\_MEI36802\select.pyd

c:\users\M HP\AppData\Local\Temp\_MEI36802\unicodedata.pyd

c:\users\M HP\AppData\Local\Temp\_MEI36802\win32api.pyd

c:\users\M HP\AppData\Local\Temp\_MEI36802\win32com.shell.shell.pyd

c:\users\M HP\AppData\Local\Temp\_MEI36802\win32crypt.pyd

c:\users\M HP\AppData\Local\Temp\_MEI36802\win32event.pyd

c:\users\M HP\AppData\Local\Temp\_MEI36802\win32file.pyd

c:\users\M HP\AppData\Local\Temp\_MEI36802\win32inet.pyd

c:\users\M HP\AppData\Local\Temp\_MEI36802\win32pdh.pyd

c:\users\M HP\AppData\Local\Temp\_MEI36802\win32process.pyd

c:\users\M HP\AppData\Local\Temp\_MEI36802\win32profile.pyd

c:\users\M HP\AppData\Local\Temp\_MEI36802\win32security.pyd

c:\users\M HP\AppData\Local\Temp\_MEI36802\win32ts.pyd

c:\users\M HP\AppData\Local\Temp\_MEI36802\windows._cacheinvalidation.pyd

c:\users\M HP\AppData\Local\Temp\_MEI36802\wx._controls_.pyd

c:\users\M HP\AppData\Local\Temp\_MEI36802\wx._core_.pyd

c:\users\M HP\AppData\Local\Temp\_MEI36802\wx._gdi_.pyd

c:\users\M HP\AppData\Local\Temp\_MEI36802\wx._html2.pyd

c:\users\M HP\AppData\Local\Temp\_MEI36802\wx._misc_.pyd

c:\users\M HP\AppData\Local\Temp\_MEI36802\wx._windows_.pyd

c:\users\M HP\AppData\Local\Temp\_MEI36802\wx._wizard.pyd

c:\users\M HP\AppData\Local\Temp\_MEI36802\wxbase294u_net_vc90.dll

c:\users\M HP\AppData\Local\Temp\_MEI36802\wxbase294u_vc90.dll

c:\users\M HP\AppData\Local\Temp\_MEI36802\wxmsw294u_adv_vc90.dll

c:\users\M HP\AppData\Local\Temp\_MEI36802\wxmsw294u_core_vc90.dll

c:\users\M HP\AppData\Local\Temp\_MEI36802\wxmsw294u_html_vc90.dll

c:\users\M HP\AppData\Local\Temp\_MEI36802\wxmsw294u_webview_vc90.dll

c:\users\M HP\AppData\Local\Z@!-60c6ae0c-adea-41ba-8ae1-5bd241dbf1da.tmp

c:\users\M HP\AppData\Local\Z@!-a37c3da4-4d76-4f4f-acd9-9f4ddb55f7bc.tmp

c:\users\M HP\AppData\Roaming\log.txt

c:\users\Public\invokesi.exe

c:\windows\COUPon~1.ocx

c:\windows\system32\FlashPlayerApp.exe

c:\windows\wininit.ini

c:\windows\XSxS

D:\Documents.lnk

D:\install.exe

D:\Music.lnk

D:\Pictures.lnk

.

.

(((((((((((((((((((((((((   Files Created from 2013-10-24 to 2013-11-24  )))))))))))))))))))))))))))))))

.

.

2013-11-24 04:59 . 2013-11-24 04:59         --------   d-----w-                c:\users\hedev\AppData\Local\temp

2013-11-24 04:59 . 2013-11-24 04:59         --------   d-----w-                c:\users\Default\AppData\Local\temp

2013-11-23 05:44 . 2013-11-23 05:44         --------   d-----w-                c:\users\M HP\AppData\Roaming\Malwarebytes

2013-11-23 05:43 . 2013-11-23 05:43         --------   d-----w-                c:\programdata\Malwarebytes

2013-11-23 05:43 . 2013-11-23 05:43         --------   d-----w-                c:\program files\Malwarebytes' Anti-Malware

2013-11-23 05:43 . 2013-04-04 21:50         22856    ----a-w-                c:\windows\system32\drivers\mbam.sys

2013-11-23 04:49 . 2013-11-23 04:49         --------   d-----w-                c:\windows\ERUNT

2013-11-23 04:26 . 2013-11-24 04:14         --------   d-----w-                C:\AdwCleaner

2013-11-22 23:44 . 2013-11-22 23:44         --------   d-----w-                c:\users\M HP\AppData\Roaming\BRITAX FRONTIER 85 user guide

2013-11-20 12:51 . 2013-11-20 12:51         --------   d-----w-                c:\program files\Verizon Cloud

2013-11-13 20:28 . 2013-10-03 12:45         297984  ----a-w-                c:\windows\system32\gdi32.dll

2013-11-13 20:28 . 2013-10-03 12:45         993792  ----a-w-                c:\windows\system32\crypt32.dll

2013-11-13 20:28 . 2013-10-11 02:08         444928  ----a-w-                c:\windows\system32\IKEEXT.DLL

2013-11-13 20:27 . 2013-10-11 02:07         596480  ----a-w-                c:\windows\system32\FWPUCLNT.DLL

2013-11-10 03:29 . 2013-11-10 03:29         --------   d-----w-                c:\program files\iPod

2013-11-10 03:29 . 2013-11-10 03:31         --------   d-----w-                c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-11-10 03:29 . 2013-11-10 03:31         --------   d-----w-                c:\program files\iTunes

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-21 12:39 . 2011-05-19 14:17         71048    ----a-w-                c:\windows\system32\FlashPlayerCPLApp.cpl

2013-11-11 12:50 . 2010-09-10 13:14         230048  ------w- c:\windows\system32\MpSigStub.exe

2013-10-08 13:50 . 2013-10-21 20:32         94632    ----a-w-                c:\windows\system32\WindowsAccessBridge.dll

2013-10-03 08:09 . 2013-10-03 08:09         602112  ----a-w-                c:\windows\system32\xvid.dll

2013-08-29 07:36 . 2013-10-09 17:38         2050048                ----a-w-                c:\windows\system32\win32k.sys

2013-08-27 02:47 . 2013-10-09 17:38         219648  ----a-w-                c:\windows\system32\d3d10_1core.dll

2013-08-27 02:47 . 2013-10-09 17:38         189952  ----a-w-                c:\windows\system32\d3d10core.dll

2013-08-27 02:47 . 2013-10-09 17:38         160768  ----a-w-                c:\windows\system32\d3d10_1.dll

2013-08-27 02:47 . 2013-10-09 17:38         1029120                ----a-w-                c:\windows\system32\d3d10.dll

2013-08-27 01:52 . 2013-10-09 17:38         1172480                ----a-w-                c:\windows\system32\d3d10warp.dll

2013-08-27 01:50 . 2013-10-09 17:38         486400  ----a-w-                c:\windows\system32\d3d10level9.dll

2013-08-27 01:32 . 2013-10-09 17:38         683008  ----a-w-                c:\windows\system32\d2d1.dll

2013-08-27 01:28 . 2013-10-09 17:38         1069056                ----a-w-                c:\windows\system32\DWrite.dll

2013-08-27 01:28 . 2013-10-09 17:38         798208  ----a-w-                c:\windows\system32\FntCache.dll

2009-09-13 05:05 . 2013-11-15 23:25         124240  ----a-w-                c:\program files\mozilla firefox\plugins\CCMSDK.dll

2009-09-13 05:06 . 2013-11-15 23:25         13136    ----a-w-                c:\program files\mozilla firefox\plugins\cgpcfg.dll

2009-09-13 05:06 . 2013-11-15 23:25         70488    ----a-w-                c:\program files\mozilla firefox\plugins\CgpCore.dll

2009-09-13 05:06 . 2013-11-15 23:25         91480    ----a-w-                c:\program files\mozilla firefox\plugins\confmgr.dll

2009-09-13 05:06 . 2013-11-15 23:25         22360    ----a-w-                c:\program files\mozilla firefox\plugins\ctxlogging.dll

2009-09-13 05:07 . 2013-11-15 23:25         255312  ----a-w-                c:\program files\mozilla firefox\plugins\ctxmui.dll

2009-09-13 05:06 . 2013-11-15 23:25         31064    ----a-w-                c:\program files\mozilla firefox\plugins\icafile.dll

2009-09-13 05:06 . 2013-11-15 23:25         40280    ----a-w-                c:\program files\mozilla firefox\plugins\icalogon.dll

2009-08-14 19:33 . 2013-11-15 23:25         652640  ----a-w-                c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2009-09-13 05:06 . 2013-11-15 23:25         23896    ----a-w-                c:\program files\mozilla firefox\plugins\TcpPServ.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2013-10-10 22:26              1021448                ----a-r-  c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2013-10-10 22:26              1021448                ----a-r-  c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2013-10-10 22:26              1021448                ----a-r-  c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09              131248  ----a-w-                c:\users\M HP\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09              131248  ----a-w-                c:\users\M HP\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09              131248  ----a-w-                c:\users\M HP\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-09-25 23:37              579024  ----a-w-                c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-09-25 23:37              579024  ----a-w-                c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-09-25 23:37              579024  ----a-w-                c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-09-25 23:37              579024  ----a-w-                c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-09-25 23:37              579024  ----a-w-                c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-09-25 23:37              579024  ----a-w-                c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"PhotoshopElementsSyncAgent"="c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsSyncAgent.exe" [2010-01-14 1779040]

"Steam"="d:\games\steam.exe" [2013-10-30 1820584]

"PCShowServer"="c:\users\M HP\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-04-02 351888]

"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-09-25 20133824]

"HLBackupScheduler"="c:\program files\Verizon Cloud\Verizon Cloud Service.exe" [2013-10-03 9361728]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-19 914224]

"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]

"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-04 450652]

"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-30 1328424]

"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-30 185640]

"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-04-23 206120]

"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]

"dcmsvc"="c:\program files\dcmsvc\dcmsvc.exe" [2009-04-07 30440]

"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]

"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]

"AgentMonitor"="c:\program files\VTech\DownloadManager\System\AgentMonitor.exe" [2011-11-30 393640]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2010-02-26 1148200]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]

"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]

"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]

"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-03 140640]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 5078504]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392]

"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2013-10-10 1056264]

.

c:\users\M HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]

Dropbox.lnk - c:\users\M HP\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-11-1 29769432]

PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2010-12-2 473616]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 727592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe [2009-03-03 81920]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ                BthServ

LocalServiceAndNoImpersonation           REG_MULTI_SZ                FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-01-28 04:28              451872  ----a-w-                c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 12:39]

.

2013-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-04 20:58]

.

2013-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-04 20:58]

.

2013-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3167983224-1537764196-2259667236-1000Core1ce7e916a862910.job

- c:\users\M HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-27 21:59]

.

2013-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3167983224-1537764196-2259667236-1000UA.job

- c:\users\M HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-27 21:59]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local;192.168.*.*

uSearchAssistant = hxxp://www.google.com

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: intuit.com\accounts

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.0.1 205.171.2.25

TCP: Interfaces\{E1D4E40A-F760-49C0-A7DB-C1C5EE02355C}: NameServer = 205.171.3.65,205.171.2.65

FF - ProfilePath - c:\users\M HP\AppData\Roaming\Mozilla\Firefox\Profiles\yjrdm43m.default-1385169638996\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKCU-Run-AdobeBridge - c:\program files\Adobe\Adobe Bridge CS4\Bridge.exe

c:\users\M HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Disney Vacation Connection.lnk - c:\program files\Disney Vacation Connection\Disney Vacation Connection.exe

SafeBoot-WudfPf

SafeBoot-WudfRd

AddRemove-Coupon Printer for Windows4.0 - c:\program files\Coupons\uninstall.exe

AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files\Coupons\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-11-23 22:05

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ... 

.

scanning hidden autostart entries ...

.

scanning hidden files ... 

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]

"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(4792)

c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

c:\windows\system32\btmmhook.dll

c:\windows\system32\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe

c:\windows\system32\Hpservice.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe

c:\program files\Motorola Media Link\Lite\NServiceEntry.exe

c:\program files\ESET\ESET Smart Security\ekrn.exe

c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\Motorola\MotForwardDaemon\ForwardDaemon.exe

c:\program files\SMINST\BLService.exe

c:\program files\CyberLink\Shared files\RichVideo.exe

c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\windows\system32\DllHost.exe

c:\users\M HP\AppData\Roaming\Dropbox\bin\Dropbox.exe

c:\users\M HP\AppData\Local\DIRECTV Player\NDSPCShowServer.exe

c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe

c:\windows\ehome\ehmsas.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

c:\program files\Common Files\Steam\SteamService.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Hewlett-Packard\Shared\hpqToaster.exe

c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Completion time: 2013-11-23  22:19:25 - machine was rebooted

ComboFix-quarantined-files.txt  2013-11-24 05:19

.

Pre-Run: 126,269,849,600 bytes free

Post-Run: 140,922,982,400 bytes free

.

- - End Of File - - B79D39DCB08549DE48E0876A2BF5E9C3

5C616939100B85E558DA92B899A0FC36



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:28 AM

Posted 24 November 2013 - 03:16 AM


Hello jhcomputer

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jhcomputer

jhcomputer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 24 November 2013 - 10:53 AM

Here is the report running CFScript.  Snap.do Engine is still in programs as described above.

 

 

ComboFix 13-11-23.02 - M HP 11/24/2013   8:14.2.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3068.1533 [GMT -7:00]

Running from: c:\users\M HP\Downloads\ComboFix.exe

Command switches used :: c:\users\M HP\Desktop\CFScript.txt

AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\M~1\AppData\Local\Temp\_MEI31362\_ctypes.pyd

c:\users\M~1\AppData\Local\Temp\_MEI31362\_elementtree.pyd

c:\users\M~1\AppData\Local\Temp\_MEI31362\_hashlib.pyd

c:\users\M~1\AppData\Local\Temp\_MEI31362\_multiprocessing.pyd

c:\users\M~1\AppData\Local\Temp\_MEI31362\_socket.pyd

c:\users\M~1\AppData\Local\Temp\_MEI31362\_ssl.pyd

c:\users\M~1\AppData\Local\Temp\_MEI31362\msvcp100.dll

c:\users\M~1\AppData\Local\Temp\_MEI31362\msvcr100.dll

c:\users\M~1\AppData\Local\Temp\_MEI31362\pyexpat.pyd

c:\users\M~1\AppData\Local\Temp\_MEI31362\pysqlite2._sqlite.pyd

c:\users\M~1\AppData\Local\Temp\_MEI31362\python27.dll

c:\users\M~1\AppData\Local\Temp\_MEI31362\pythoncom27.dll

c:\users\M~1\AppData\Local\Temp\_MEI31362\PyWinTypes27.dll

c:\users\M~1\AppData\Local\Temp\_MEI31362\select.pyd

c:\users\M~1\AppData\Local\Temp\_MEI31362\unicodedata.pyd

c:\users\M~1\AppData\Local\Temp\_MEI31362\win32api.pyd

c:\users\M~1\AppData\Local\Temp\_MEI31362\win32com.shell.shell.pyd

c:\users\M~1\AppData\Local\Temp\_MEI31362\win32crypt.pyd

c:\users\M~1\AppData\Local\Temp\_MEI31362\win32event.pyd

c:\users\M~1\AppData\Local\Temp\_MEI31362\win32file.pyd

c:\users\M~1\AppData\Local\Temp\_MEI31362\win32inet.pyd

c:\users\M~1\AppData\Local\Temp\_MEI31362\win32pdh.pyd

c:\users\M~1\AppData\Local\Temp\_MEI31362\win32process.pyd

c:\users\M~1\AppData\Local\Temp\_MEI31362\win32profile.pyd

c:\users\M~1\AppData\Local\Temp\_MEI31362\win32security.pyd

c:\users\M~1\AppData\Local\Temp\_MEI31362\win32ts.pyd

c:\users\M~1\AppData\Local\Temp\_MEI31362\windows._cacheinvalidation.pyd

c:\users\M~1\AppData\Local\Temp\_MEI31362\wx._controls_.pyd

c:\users\M~1\AppData\Local\Temp\_MEI31362\wx._core_.pyd

c:\users\M~1\AppData\Local\Temp\_MEI31362\wx._gdi_.pyd

c:\users\M~1\AppData\Local\Temp\_MEI31362\wx._html2.pyd

c:\users\M~1\AppData\Local\Temp\_MEI31362\wx._misc_.pyd

c:\users\M~1\AppData\Local\Temp\_MEI31362\wx._windows_.pyd

c:\users\M~1\AppData\Local\Temp\_MEI31362\wx._wizard.pyd

c:\users\M~1\AppData\Local\Temp\_MEI31362\wxbase294u_net_vc90.dll

c:\users\M~1\AppData\Local\Temp\_MEI31362\wxbase294u_vc90.dll

c:\users\M~1\AppData\Local\Temp\_MEI31362\wxmsw294u_adv_vc90.dll

c:\users\M~1\AppData\Local\Temp\_MEI31362\wxmsw294u_core_vc90.dll

c:\users\M~1\AppData\Local\Temp\_MEI31362\wxmsw294u_html_vc90.dll

c:\users\M~1\AppData\Local\Temp\_MEI31362\wxmsw294u_webview_vc90.dll

c:\users\M HP\AppData\Local\Temp\_MEI31362\_ctypes.pyd

c:\users\M HP\AppData\Local\Temp\_MEI31362\_elementtree.pyd

c:\users\M HP\AppData\Local\Temp\_MEI31362\_hashlib.pyd

c:\users\M HP\AppData\Local\Temp\_MEI31362\_multiprocessing.pyd

c:\users\M HP\AppData\Local\Temp\_MEI31362\_socket.pyd

c:\users\M HP\AppData\Local\Temp\_MEI31362\_ssl.pyd

c:\users\M HP\AppData\Local\Temp\_MEI31362\msvcp100.dll

c:\users\M HP\AppData\Local\Temp\_MEI31362\msvcr100.dll

c:\users\M HP\AppData\Local\Temp\_MEI31362\pyexpat.pyd

c:\users\M HP\AppData\Local\Temp\_MEI31362\pysqlite2._sqlite.pyd

c:\users\M HP\AppData\Local\Temp\_MEI31362\python27.dll

c:\users\M HP\AppData\Local\Temp\_MEI31362\pythoncom27.dll

c:\users\M HP\AppData\Local\Temp\_MEI31362\PyWinTypes27.dll

c:\users\M HP\AppData\Local\Temp\_MEI31362\select.pyd

c:\users\M HP\AppData\Local\Temp\_MEI31362\unicodedata.pyd

c:\users\M HP\AppData\Local\Temp\_MEI31362\win32api.pyd

c:\users\M HP\AppData\Local\Temp\_MEI31362\win32com.shell.shell.pyd

c:\users\M HP\AppData\Local\Temp\_MEI31362\win32crypt.pyd

c:\users\M HP\AppData\Local\Temp\_MEI31362\win32event.pyd

c:\users\M HP\AppData\Local\Temp\_MEI31362\win32file.pyd

c:\users\M HP\AppData\Local\Temp\_MEI31362\win32inet.pyd

c:\users\M HP\AppData\Local\Temp\_MEI31362\win32pdh.pyd

c:\users\M HP\AppData\Local\Temp\_MEI31362\win32process.pyd

c:\users\M HP\AppData\Local\Temp\_MEI31362\win32profile.pyd

c:\users\M HP\AppData\Local\Temp\_MEI31362\win32security.pyd

c:\users\M HP\AppData\Local\Temp\_MEI31362\win32ts.pyd

c:\users\M HP\AppData\Local\Temp\_MEI31362\windows._cacheinvalidation.pyd

c:\users\M HP\AppData\Local\Temp\_MEI31362\wx._controls_.pyd

c:\users\M HP\AppData\Local\Temp\_MEI31362\wx._core_.pyd

c:\users\M HP\AppData\Local\Temp\_MEI31362\wx._gdi_.pyd

c:\users\M HP\AppData\Local\Temp\_MEI31362\wx._html2.pyd

c:\users\M HP\AppData\Local\Temp\_MEI31362\wx._misc_.pyd

c:\users\M HP\AppData\Local\Temp\_MEI31362\wx._windows_.pyd

c:\users\M HP\AppData\Local\Temp\_MEI31362\wx._wizard.pyd

c:\users\M HP\AppData\Local\Temp\_MEI31362\wxbase294u_net_vc90.dll

c:\users\M HP\AppData\Local\Temp\_MEI31362\wxbase294u_vc90.dll

c:\users\M HP\AppData\Local\Temp\_MEI31362\wxmsw294u_adv_vc90.dll

c:\users\M HP\AppData\Local\Temp\_MEI31362\wxmsw294u_core_vc90.dll

c:\users\M HP\AppData\Local\Temp\_MEI31362\wxmsw294u_html_vc90.dll

c:\users\M HP\AppData\Local\Temp\_MEI31362\wxmsw294u_webview_vc90.dll

.

.

(((((((((((((((((((((((((   Files Created from 2013-10-24 to 2013-11-24  )))))))))))))))))))))))))))))))

.

.

2013-11-24 15:26 . 2013-11-24 15:26         --------   d-----w-                c:\users\hedev\AppData\Local\temp

2013-11-24 15:26 . 2013-11-24 15:26         --------   d-----w-                c:\users\Default\AppData\Local\temp

2013-11-24 14:53 . 2013-11-24 14:53         6836       ----a-w-                c:\users\M HP\AppData\Local\d3d9caps.tmp

2013-11-23 05:44 . 2013-11-23 05:44         --------   d-----w-                c:\users\M HP\AppData\Roaming\Malwarebytes

2013-11-23 05:43 . 2013-11-23 05:43         --------   d-----w-                c:\programdata\Malwarebytes

2013-11-23 05:43 . 2013-11-23 05:43         --------   d-----w-                c:\program files\Malwarebytes' Anti-Malware

2013-11-23 05:43 . 2013-04-04 21:50         22856    ----a-w-                c:\windows\system32\drivers\mbam.sys

2013-11-23 04:49 . 2013-11-23 04:49         --------   d-----w-                c:\windows\ERUNT

2013-11-23 04:26 . 2013-11-24 04:14         --------   d-----w-                C:\AdwCleaner

2013-11-22 23:44 . 2013-11-22 23:44         --------   d-----w-                c:\users\M HP\AppData\Roaming\BRITAX FRONTIER 85 user guide

2013-11-20 12:51 . 2013-11-20 12:51         --------   d-----w-                c:\program files\Verizon Cloud

2013-11-13 20:28 . 2013-10-03 12:45         297984  ----a-w-                c:\windows\system32\gdi32.dll

2013-11-13 20:28 . 2013-10-03 12:45         993792  ----a-w-                c:\windows\system32\crypt32.dll

2013-11-13 20:28 . 2013-10-11 02:08         444928  ----a-w-                c:\windows\system32\IKEEXT.DLL

2013-11-13 20:27 . 2013-10-11 02:07         596480  ----a-w-                c:\windows\system32\FWPUCLNT.DLL

2013-11-10 03:29 . 2013-11-10 03:29         --------   d-----w-                c:\program files\iPod

2013-11-10 03:29 . 2013-11-10 03:31         --------   d-----w-                c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-11-10 03:29 . 2013-11-10 03:31         --------   d-----w-                c:\program files\iTunes

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-21 12:39 . 2011-05-19 14:17         71048    ----a-w-                c:\windows\system32\FlashPlayerCPLApp.cpl

2013-11-11 12:50 . 2010-09-10 13:14         230048  ------w- c:\windows\system32\MpSigStub.exe

2013-11-08 01:15 . 2013-11-22 12:37         7772552                ----a-w-                c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B293DA9-DCEF-4BFD-AF1E-6AEEB5C8E4B8}\mpengine.dll

2013-10-08 13:50 . 2013-10-21 20:32         94632    ----a-w-                c:\windows\system32\WindowsAccessBridge.dll

2013-10-03 08:09 . 2013-10-03 08:09         602112  ----a-w-                c:\windows\system32\xvid.dll

2013-08-29 07:36 . 2013-10-09 17:38         2050048                ----a-w-                c:\windows\system32\win32k.sys

2013-08-27 02:47 . 2013-10-09 17:38         219648  ----a-w-                c:\windows\system32\d3d10_1core.dll

2013-08-27 02:47 . 2013-10-09 17:38         189952  ----a-w-                c:\windows\system32\d3d10core.dll

2013-08-27 02:47 . 2013-10-09 17:38         160768  ----a-w-                c:\windows\system32\d3d10_1.dll

2013-08-27 02:47 . 2013-10-09 17:38         1029120                ----a-w-                c:\windows\system32\d3d10.dll

2013-08-27 01:52 . 2013-10-09 17:38         1172480                ----a-w-                c:\windows\system32\d3d10warp.dll

2013-08-27 01:50 . 2013-10-09 17:38         486400  ----a-w-                c:\windows\system32\d3d10level9.dll

2013-08-27 01:32 . 2013-10-09 17:38         683008  ----a-w-                c:\windows\system32\d2d1.dll

2013-08-27 01:28 . 2013-10-09 17:38         1069056                ----a-w-                c:\windows\system32\DWrite.dll

2013-08-27 01:28 . 2013-10-09 17:38         798208  ----a-w-                c:\windows\system32\FntCache.dll

2009-09-13 05:05 . 2013-11-15 23:25         124240  ----a-w-                c:\program files\mozilla firefox\plugins\CCMSDK.dll

2009-09-13 05:06 . 2013-11-15 23:25         13136    ----a-w-                c:\program files\mozilla firefox\plugins\cgpcfg.dll

2009-09-13 05:06 . 2013-11-15 23:25         70488    ----a-w-                c:\program files\mozilla firefox\plugins\CgpCore.dll

2009-09-13 05:06 . 2013-11-15 23:25         91480    ----a-w-                c:\program files\mozilla firefox\plugins\confmgr.dll

2009-09-13 05:06 . 2013-11-15 23:25         22360    ----a-w-                c:\program files\mozilla firefox\plugins\ctxlogging.dll

2009-09-13 05:07 . 2013-11-15 23:25         255312  ----a-w-                c:\program files\mozilla firefox\plugins\ctxmui.dll

2009-09-13 05:06 . 2013-11-15 23:25         31064    ----a-w-                c:\program files\mozilla firefox\plugins\icafile.dll

2009-09-13 05:06 . 2013-11-15 23:25         40280    ----a-w-                c:\program files\mozilla firefox\plugins\icalogon.dll

2009-08-14 19:33 . 2013-11-15 23:25         652640  ----a-w-                c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2009-09-13 05:06 . 2013-11-15 23:25         23896    ----a-w-                c:\program files\mozilla firefox\plugins\TcpPServ.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2013-10-10 22:26              1021448                ----a-r-  c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2013-10-10 22:26              1021448                ----a-r-  c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2013-10-10 22:26              1021448                ----a-r-  c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09              131248  ----a-w-                c:\users\M HP\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09              131248  ----a-w-                c:\users\M HP\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09              131248  ----a-w-                c:\users\M HP\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-09-25 23:37              579024  ----a-w-                c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-09-25 23:37              579024  ----a-w-                c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-09-25 23:37              579024  ----a-w-                c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-09-25 23:37              579024  ----a-w-                c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-09-25 23:37              579024  ----a-w-                c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-09-25 23:37              579024  ----a-w-                c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"PhotoshopElementsSyncAgent"="c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsSyncAgent.exe" [2010-01-14 1779040]

"Steam"="d:\games\steam.exe" [2013-10-30 1820584]

"PCShowServer"="c:\users\M HP\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-04-02 351888]

"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-09-25 20133824]

"HLBackupScheduler"="c:\program files\Verizon Cloud\Verizon Cloud Service.exe" [2013-10-03 9361728]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-19 914224]

"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]

"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-04 450652]

"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-30 1328424]

"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-30 185640]

"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-04-23 206120]

"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]

"dcmsvc"="c:\program files\dcmsvc\dcmsvc.exe" [2009-04-07 30440]

"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]

"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]

"AgentMonitor"="c:\program files\VTech\DownloadManager\System\AgentMonitor.exe" [2011-11-30 393640]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2010-02-26 1148200]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]

"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]

"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]

"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-03 140640]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 5078504]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392]

"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2013-10-10 1056264]

.

c:\users\M HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]

Dropbox.lnk - c:\users\M HP\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-11-1 29769432]

PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2010-12-2 473616]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 727592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe [2009-03-03 81920]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ                BthServ

LocalServiceAndNoImpersonation           REG_MULTI_SZ                FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-01-28 04:28              451872  ----a-w-                c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 12:39]

.

2013-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-04 20:58]

.

2013-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-04 20:58]

.

2013-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3167983224-1537764196-2259667236-1000Core1ce7e916a862910.job

- c:\users\M HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-27 21:59]

.

2013-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3167983224-1537764196-2259667236-1000UA.job

- c:\users\M HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-27 21:59]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local;192.168.*.*

uSearchAssistant = hxxp://www.google.com

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: intuit.com\accounts

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.0.1 205.171.2.25

TCP: Interfaces\{E1D4E40A-F760-49C0-A7DB-C1C5EE02355C}: NameServer = 205.171.3.65,205.171.2.65

FF - ProfilePath - c:\users\M HP\AppData\Roaming\Mozilla\Firefox\Profiles\yjrdm43m.default-1385169638996\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-11-24 08:37

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ... 

.

scanning hidden autostart entries ...

.

scanning hidden files ... 

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.0.6002 Disk: ST9320421AS rev.HP15 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2

.

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user != kernel MBR !!!

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]

"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(1672)

c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

c:\windows\system32\btmmhook.dll

c:\windows\system32\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe

c:\windows\system32\Hpservice.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe

c:\program files\Motorola Media Link\Lite\NServiceEntry.exe

c:\program files\ESET\ESET Smart Security\ekrn.exe

c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\Motorola\MotForwardDaemon\ForwardDaemon.exe

c:\program files\SMINST\BLService.exe

c:\program files\CyberLink\Shared files\RichVideo.exe

c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\users\M HP\AppData\Roaming\Dropbox\bin\Dropbox.exe

c:\windows\ehome\ehmsas.exe

c:\users\M HP\AppData\Local\DIRECTV Player\NDSPCShowServer.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files\Common Files\Steam\SteamService.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\program files\Hewlett-Packard\Shared\hpqToaster.exe

c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe

c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

c:\windows\system32\vssvc.exe

.

**************************************************************************

.

Completion time: 2013-11-24  08:45:07 - machine was rebooted

ComboFix-quarantined-files.txt  2013-11-24 15:44

ComboFix2.txt  2013-11-24 05:19

.

Pre-Run: 141,032,890,368 bytes free

Post-Run: 140,833,792,000 bytes free

.

- - End Of File - - A37D95A54E121EE2881FAB1E37713A4B

5C616939100B85E558DA92B899A0FC36



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:28 AM

Posted 24 November 2013 - 11:05 AM



Hello jhcomputer

Lets get a deeper look into the system and lets see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 jhcomputer

jhcomputer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 24 November 2013 - 11:34 AM

OTL logfile created on: 11/24/2013 9:21:16 AM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\M HP\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 44.66% Memory free

6.19 Gb Paging File | 4.40 Gb Available in Paging File | 71.12% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 286.97 Gb Total Space | 128.54 Gb Free Space | 44.79% Space Free | Partition Type: NTFS

Drive D: | 298.09 Gb Total Space | 118.11 Gb Free Space | 39.62% Space Free | Partition Type: NTFS

Drive E: | 11.12 Gb Total Space | 1.84 Gb Free Space | 16.57% Space Free | Partition Type: NTFS

 

Computer Name: MHP-PC | User Name: M HP | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\M HP\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Users\M HP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

PRC - D:\Games\Steam.exe (Valve Corporation)

PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))

PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)

PRC - C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe ()

PRC - C:\Program Files\Google\Drive\googledrivesync.exe (Google)

PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Motorola Mobility LLC)

PRC - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)

PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)

PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)

PRC - C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG)

PRC - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)

PRC - C:\Users\M HP\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe (NDS Technologies)

PRC - C:\Users\M HP\AppData\Local\DIRECTV Player\NDSPCShowServer.exe ()

PRC - C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe ()

PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)

PRC - C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)

PRC - C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()

PRC - C:\Program Files\PdaNet for Android\PdaNetPC.exe ()

PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)

PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)

PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)

PRC - C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)

PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe (IDT, Inc.)

PRC - C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)

PRC - C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)

PRC - C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)

PRC - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()

PRC - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\dcmsvc\dcmsvc.exe ()

PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\AEstSrv.exe (Andrea Electronics Corporation)

PRC - C:\Program Files\SMINST\BLService.exe ()

PRC - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)

PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\_elementtree.pyd ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\win32api.pyd ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\_socket.pyd ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\win32ts.pyd ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\pysqlite2._sqlite.pyd ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\win32com.shell.shell.pyd ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\_multiprocessing.pyd ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\wx._html2.pyd ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\win32crypt.pyd ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\wx._gdi_.pyd ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\windows._cacheinvalidation.pyd ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\pythoncom27.dll ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\_ctypes.pyd ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\win32profile.pyd ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\wx._misc_.pyd ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\wx._core_.pyd ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\_ssl.pyd ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\PyWinTypes27.dll ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\win32security.pyd ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\wx._windows_.pyd ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\_hashlib.pyd ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\wx._wizard.pyd ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\win32process.pyd ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\win32pdh.pyd ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\win32file.pyd ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\win32inet.pyd ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\wx._controls_.pyd ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\unicodedata.pyd ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\pyexpat.pyd ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\win32event.pyd ()

MOD - C:\Users\M HP\AppData\Local\Temp\_MEI33162\select.pyd ()

MOD - C:\Users\M HP\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()

MOD - D:\Games\bin\chromehtml.dll ()

MOD - D:\Games\SDL2.dll ()

MOD - D:\Games\bin\libcef.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bf90f7658dc7e4f7ffdfdb6521f87e65\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2482534bee5c520cdfe9c8f7df6a92f\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c16ade1485996fa4981edc7df436a15b\WindowsBase.ni.dll ()

MOD - C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe ()

MOD - C:\Program Files\Verizon Cloud\swscale-2.dll ()

MOD - C:\Program Files\Verizon Cloud\avcodec-53.dll ()

MOD - C:\Program Files\Verizon Cloud\avformat-53.dll ()

MOD - C:\Program Files\Verizon Cloud\avutil-51.dll ()

MOD - C:\Program Files\Verizon Cloud\libexpat.dll ()

MOD - C:\Users\M HP\AppData\Roaming\Dropbox\bin\libcef.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e77e7cdf3072d5a658832b8863ff439e\System.Management.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c0cc4069b1d17f3f7e9d9ec857d797d4\Microsoft.VisualBasic.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\766ec41669f9986cc118ec647df35cf0\System.Data.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\05034abc5246a6fef208f73cb912d971\Accessibility.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af7b745f6a06b800c73f1556553fe331\PresentationFramework.Aero.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll ()

MOD - D:\Games\bin\avcodec-53.dll ()

MOD - D:\Games\bin\avformat-53.dll ()

MOD - D:\Games\bin\avutil-51.dll ()

MOD - C:\Users\M HP\AppData\Local\DIRECTV Player\z.dll ()

MOD - C:\Users\M HP\AppData\Local\DIRECTV Player\libxml2-2.dll ()

MOD - C:\Users\M HP\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll ()

MOD - C:\Users\M HP\AppData\Local\DIRECTV Player\gsttspplugin.dll ()

MOD - C:\Users\M HP\AppData\Local\DIRECTV Player\ndsLogStore.dll ()

MOD - C:\Users\M HP\AppData\Local\DIRECTV Player\boost_thread-vc90-mt-1_39.dll ()

MOD - C:\Users\M HP\AppData\Local\DIRECTV Player\XferManagerDll.dll ()

MOD - C:\Users\M HP\AppData\Local\DIRECTV Player\TSB.dll ()

MOD - C:\Users\M HP\AppData\Local\DIRECTV Player\PCShowServerDll.dll ()

MOD - C:\Users\M HP\AppData\Local\DIRECTV Player\NDSPCShowServer.exe ()

MOD - C:\Users\M HP\AppData\Local\DIRECTV Player\DrmSingleton.dll ()

MOD - C:\Users\M HP\AppData\Local\DIRECTV Player\CatalogDll.dll ()

MOD - C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe ()

MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll ()

MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()

MOD - C:\Program Files\PdaNet for Android\PdaNetPC.exe ()

MOD - C:\Program Files\VTech\DownloadManager\System\DACommCenter.dll ()

MOD - C:\Program Files\VTech\DownloadManager\System\QtGui4.dll ()

MOD - C:\Program Files\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll ()

MOD - C:\Program Files\VTech\DownloadManager\System\QtCore4.dll ()

MOD - C:\Program Files\VTech\DownloadManager\System\imageformats\qjpeg4.dll ()

MOD - C:\Program Files\VTech\DownloadManager\System\QtWebKit4.dll ()

MOD - C:\Program Files\VTech\DownloadManager\System\phonon4.dll ()

MOD - C:\Program Files\VTech\DownloadManager\System\QtXmlPatterns4.dll ()

MOD - C:\Program Files\VTech\DownloadManager\System\QtNetwork4.dll ()

MOD - C:\Program Files\VTech\DownloadManager\System\QtXml4.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3287.21145__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3287.21223__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3287.21130__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3287.21147__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3287.21224__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3287.21203__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3287.21137__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3287.21183__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3287.21142__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3287.21170__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3287.21137__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3287.21172__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3287.21138__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3287.21148__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3287.21166__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3287.21197__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3287.21182__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3287.21189__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3287.21151__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3287.21147__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3287.21222__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3287.21181__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3287.21189__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3287.21171__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3287.21170__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3287.21188__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3287.21222__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3287.21150__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3287.21181__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3287.21182__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3287.21171__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3287.21171__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3218.28664__90ba9c70f846762e\LOG.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3218.28665__90ba9c70f846762e\NEWAEM.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3218.28687__90ba9c70f846762e\DEM.OS.I0602.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3218.28677__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3218.28672__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3218.28686__90ba9c70f846762e\MOM.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3218.28687__90ba9c70f846762e\DEM.OS.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3218.28688__90ba9c70f846762e\DEM.Graphics.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3218.28683__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3218.28685__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3218.28666__90ba9c70f846762e\CLI.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3218.28702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3218.28727__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3218.28701__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3218.28672__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3218.28676__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3287.21211__90ba9c70f846762e\CLI.Component.Systemtray.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3287.21141__90ba9c70f846762e\CLI.Component.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3287.21217__90ba9c70f846762e\MOM.Implementation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3287.21128__90ba9c70f846762e\CLI.Component.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3287.21215__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3287.21130__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3287.21232__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\CLI.Foundation.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3218.28672__90ba9c70f846762e\LOG.Foundation.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3218.28685__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3218.28686__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3218.28686__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3218.28689__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3218.28685__90ba9c70f846762e\APM.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3218.28678__90ba9c70f846762e\AEM.Server.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()

MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3287.21241__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3287.21128__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3287.21134__90ba9c70f846762e\CLI.Component.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3287.21129__90ba9c70f846762e\ATIDEMOS.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3287.21127__90ba9c70f846762e\APM.Server.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3287.21128__90ba9c70f846762e\AEM.Server.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3218.28675__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3287.21217__90ba9c70f846762e\CCC.Implementation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3218.28695__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()

MOD - C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()

MOD - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus.dll ()

MOD - C:\Program Files\dcmsvc\dcmsvc.exe ()

MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()

MOD - C:\Windows\System32\atitmmxx.dll ()

MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()

MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()

 

 

========== Services (SafeList) ==========

 

SRV - (Roxio UPnP Renderer 11) -- C:\Program Files\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe File not found

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))

SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (Motorola Device Manager) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)

SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)

SRV - (DeviceMonitorService) -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG)

SRV - (IntuitUpdateServiceV4) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)

SRV - (Futuremark SystemInfo Service) -- C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)

SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)

SRV - (PST Service) -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)

SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)

SRV - (Amazon Download Agent) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe (IDT, Inc.)

SRV - (TVCapSvc) -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()

SRV - (TVSched) -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()

SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\AEstSrv.exe (Andrea Electronics Corporation)

SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()

SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (motusbdevice) -- system32\DRIVERS\motusbdevice.sys File not found

DRV - (Motousbnet) -- system32\DRIVERS\Motousbnet.sys File not found

DRV - (MotoSwitchService) -- system32\DRIVERS\motswch.sys File not found

DRV - (motmodem) -- system32\DRIVERS\motmodem.sys File not found

DRV - (motccgpfl) -- system32\DRIVERS\motccgpfl.sys File not found

DRV - (motccgp) -- system32\DRIVERS\motccgp.sys File not found

DRV - (motandroidusb) -- System32\Drivers\motoandroid.sys File not found

DRV - (mbr) -- C:\Users\M~1\AppData\Local\Temp\mbr.sys File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (cpuz135) -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys File not found

DRV - (catchme) -- C:\ComboFix\catchme.sys File not found

DRV - (BTCFilterService) -- system32\DRIVERS\motfilt.sys File not found

DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET)

DRV - (epfwwfp) -- C:\Windows\System32\drivers\epfwwfp.sys (ESET)

DRV - (epfw) -- C:\Windows\System32\drivers\epfw.sys (ESET)

DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)

DRV - (EpfwLWF) -- C:\Windows\System32\drivers\EpfwLWF.sys (ESET)

DRV - (FlyUsb) -- C:\Windows\System32\drivers\FlyUsb.sys (LeapFrog)

DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)

DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)

DRV - (pneteth) -- C:\Windows\System32\drivers\pneteth.sys (June Fabrics Technology Inc.)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )

DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)

DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)

DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)

DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)

DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)

DRV - (MSTAPE) -- C:\Windows\System32\drivers\mstape.sys (Microsoft Corporation)

DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)

DRV - (AVCSTRM) -- C:\Windows\System32\drivers\avcstrm.sys (Microsoft Corporation)

DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

 

IE - HKU\S-1-5-21-3167983224-1537764196-2259667236-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-3167983224-1537764196-2259667236-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-3167983224-1537764196-2259667236-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-3167983224-1537764196-2259667236-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com

IE - HKU\S-1-5-21-3167983224-1537764196-2259667236-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKU\S-1-5-21-3167983224-1537764196-2259667236-1000\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3167983224-1537764196-2259667236-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3167983224-1537764196-2259667236-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\M HP\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )

FF - HKCU\Software\MozillaPlugins\@nds.com/PCShowPlugin: C:\Users\M HP\AppData\Local\DIRECTV Player\npPCShowPlugin.dll (NDS)

FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\M HP\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\M HP\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\M HP\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Users\M HP\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/11/15 16:25:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/22 21:56:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013/05/11 07:57:31 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/11/15 16:25:14 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/22 21:56:24 | 000,000,000 | ---D | M]

 

[2009/06/10 15:19:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\M HP\AppData\Roaming\Mozilla\Extensions

[2013/11/15 16:25:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2013/11/15 16:25:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2013/11/15 16:25:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions

[2013/11/15 16:25:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/09/12 22:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll

[2009/09/12 22:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll

[2009/09/12 22:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll

[2009/09/12 22:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll

[2009/09/12 22:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll

[2009/09/12 22:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

 

========== Chrome  ==========

 

CHR - default_search_provider: Ask (Enabled)

CHR - default_search_provider: search_url = http://www.google.com

CHR - default_search_provider: suggest_url = http://www.google.com,

CHR - homepage: http://www.google.com

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\M HP\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\M HP\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\M HP\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\M HP\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: NDS PCShow Plugin (Enabled) = C:\Users\M HP\AppData\Local\DIRECTV Player\npPCShowPlugin.dll

CHR - plugin: PCShow Player Plugin (Enabled) = C:\Users\M HP\AppData\Local\DIRECTV Player\npPlayerPlugin.dll

CHR - plugin: Google Update (Enabled) = C:\Users\M HP\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Facebook Plugin (Enabled) = C:\Users\M HP\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - Extension: Google Drive = C:\Users\M HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: Chrome In-App Payments service = C:\Users\M HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

 

O1 HOSTS File: ([2013/11/24 08:37:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKU\S-1-5-21-3167983224-1537764196-2259667236-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4 - HKLM..\Run: [AgentMonitor] C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe ()

O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)

O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()

O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)

O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)

O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()

O4 - HKU\S-1-5-21-3167983224-1537764196-2259667236-1000..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)

O4 - HKU\S-1-5-21-3167983224-1537764196-2259667236-1000..\Run: [HLBackupScheduler] C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe ()

O4 - HKU\S-1-5-21-3167983224-1537764196-2259667236-1000..\Run: [PCShowServer] C:\Users\M HP\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe (NDS Technologies)

O4 - HKU\S-1-5-21-3167983224-1537764196-2259667236-1000..\Run: [PhotoshopElementsSyncAgent] C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsSyncAgent.exe (Adobe Systems Incorporated)

O4 - HKU\S-1-5-21-3167983224-1537764196-2259667236-1000..\Run: [Steam] D:\Games\steam.exe (Valve Corporation)

O4 - Startup: C:\Users\M HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)

O4 - Startup: C:\Users\M HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\M HP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\M HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3167983224-1537764196-2259667236-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3167983224-1537764196-2259667236-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()

O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()

O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()

O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-3167983224-1537764196-2259667236-1000\..Trusted Domains: intuit.com ([accounts] https in Trusted sites)

O15 - HKU\S-1-5-21-3167983224-1537764196-2259667236-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O15 - HKU\S-1-5-21-3167983224-1537764196-2259667236-1000\..Trusted Domains: localhost ([]* in Local intranet)

O15 - HKU\S-1-5-21-3167983224-1537764196-2259667236-1000\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.45.2)

O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.45.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{426977E8-B146-498B-93EE-3C0C3294A1AF}: DhcpNameServer = 8.8.8.8

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{697C5966-C693-4C86-B84B-AD696C52DD8F}: DhcpNameServer = 192.168.0.1 205.171.2.25

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1D4E40A-F760-49C0-A7DB-C1C5EE02355C}: NameServer = 205.171.3.65,205.171.2.65

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: D:\Pictures 2\Picasa\Backgrounds\picasabackground-005.bmp

O24 - Desktop BackupWallPaper: D:\Pictures 2\Picasa\Backgrounds\picasabackground-005.bmp

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/11/24 08:45:10 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/11/24 08:37:17 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2013/11/23 21:39:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/11/23 21:39:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/11/23 21:39:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/11/23 21:39:34 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/11/23 21:38:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/11/22 22:44:26 | 000,000,000 | ---D | C] -- C:\Users\M HP\AppData\Roaming\Malwarebytes

[2013/11/22 22:43:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/11/22 22:43:20 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013/11/22 22:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/11/22 21:49:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/11/22 21:26:04 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2013/11/22 18:20:46 | 000,000,000 | ---D | C] -- C:\Users\M HP\Desktop\Old Firefox Data

[2013/11/22 16:44:47 | 000,000,000 | ---D | C] -- C:\Users\M HP\AppData\Roaming\BRITAX FRONTIER 85 user guide

[2013/11/20 05:51:58 | 000,000,000 | ---D | C] -- C:\Users\M HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon Cloud

[2013/11/20 05:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon Cloud

[2013/11/19 21:57:17 | 000,000,000 | ---D | C] -- C:\Users\M HP\Desktop\Downloads

[2013/11/18 08:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite

[2013/11/15 16:25:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2013/11/14 09:41:27 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013/11/14 09:41:26 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013/11/14 09:41:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013/11/14 09:41:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2013/11/14 09:41:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013/11/14 09:41:25 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2013/11/14 09:41:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2013/11/14 09:41:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2013/11/13 13:27:59 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL

[2013/11/09 20:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2013/11/09 20:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2013/11/09 20:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2013/11/09 20:29:45 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Users\M HP\AppData\Local\*.tmp files -> C:\Users\M HP\AppData\Local\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2013/11/24 09:18:12 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3167983224-1537764196-2259667236-1000UA.job

[2013/11/24 09:10:05 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/11/24 08:47:50 | 000,002,627 | ---- | M] () -- C:\Users\M HP\Desktop\Microsoft Office Word 2007.lnk

[2013/11/24 08:43:19 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/11/24 08:37:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2013/11/24 08:37:03 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/11/24 08:27:56 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013/11/24 08:27:56 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013/11/24 08:27:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/11/24 08:26:55 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2013/11/24 08:10:06 | 000,003,791 | ---- | M] () -- C:\Users\M HP\Desktop\ComboFix - Shortcut.lnk

[2013/11/24 07:53:22 | 000,006,836 | ---- | M] () -- C:\Users\M HP\AppData\Local\d3d9caps.dat

[2013/11/23 21:12:13 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3167983224-1537764196-2259667236-1000Core1ce7e916a862910.job

[2013/11/22 22:43:25 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/11/22 21:29:53 | 000,000,872 | ---- | M] () -- C:\Users\M HP\Application Data\Microsoft\Internet Explorer\Quick Launch\Search.lnk

[2013/11/22 09:50:37 | 000,002,585 | ---- | M] () -- C:\Users\M HP\Desktop\Microsoft Office Excel 2007.lnk

[2013/11/21 05:39:43 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2013/11/21 05:35:59 | 000,607,656 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/11/21 05:35:59 | 000,105,264 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/11/20 21:45:25 | 000,006,709 | ---- | M] () -- C:\Users\M HP\Desktop\WARM Respiratory Scoring Tool.pdf

[2013/11/20 05:53:05 | 000,001,824 | ---- | M] () -- C:\Users\M HP\Desktop\Verizon Cloud.lnk

[2013/11/18 08:23:19 | 000,001,939 | ---- | M] () -- C:\Users\Public\Desktop\Carbonite InfoCenter.lnk

[2013/11/15 05:52:03 | 000,002,076 | ---- | M] () -- C:\Users\M HP\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2013/11/11 22:33:12 | 000,001,398 | ---- | M] () -- C:\Users\M HP\Application Data\Microsoft\Internet Explorer\Quick Launch\OnCall.lnk

[2013/11/11 05:50:18 | 000,230,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2013/11/05 07:16:34 | 000,000,959 | ---- | M] () -- C:\Users\M HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2013/11/05 07:16:10 | 000,000,939 | ---- | M] () -- C:\Users\M HP\Desktop\Dropbox.lnk

[2013/11/01 11:23:34 | 044,500,084 | ---- | M] () -- C:\Users\M HP\Desktop\Documents\Dossier for Promotion to Associate Professor Heather M. M, M.D. Copy.pdf

[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Users\M HP\AppData\Local\*.tmp files -> C:\Users\M HP\AppData\Local\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2013/11/24 08:10:06 | 000,003,791 | ---- | C] () -- C:\Users\M HP\Desktop\ComboFix - Shortcut.lnk

[2013/11/23 21:39:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/11/23 21:39:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/11/23 21:39:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/11/23 21:39:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/11/23 21:39:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/11/22 22:43:25 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/11/22 16:49:11 | 000,000,872 | ---- | C] () -- C:\Users\M HP\Application Data\Microsoft\Internet Explorer\Quick Launch\Search.lnk

[2013/11/20 21:45:24 | 000,006,709 | ---- | C] () -- C:\Users\M HP\Desktop\WARM Respiratory Scoring Tool.pdf

[2013/11/20 05:53:05 | 000,001,824 | ---- | C] () -- C:\Users\M HP\Desktop\Verizon Cloud.lnk

[2013/11/18 08:23:19 | 000,001,939 | ---- | C] () -- C:\Users\Public\Desktop\Carbonite InfoCenter.lnk

[2013/11/13 13:28:00 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF

[2013/11/11 22:33:12 | 000,001,398 | ---- | C] () -- C:\Users\M HP\Application Data\Microsoft\Internet Explorer\Quick Launch\OnCall.lnk

[2013/11/01 11:23:33 | 044,500,084 | ---- | C] () -- C:\Users\M HP\Desktop\Documents\Dossier for Promotion to Associate Professor Heather M. M, M.D. Copy.pdf

[2013/10/03 01:09:44 | 000,602,112 | ---- | C] () -- C:\Windows\System32\xvid.dll

[2013/07/25 10:18:42 | 000,060,864 | ---- | C] () -- C:\Users\M HP\g2mdlhlpx.exe

[2012/01/31 16:16:30 | 000,000,605 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

[2011/12/02 19:27:16 | 000,059,232 | ---- | C] () -- C:\Windows\System32\CNC8100W.DAT

[2011/08/31 06:41:33 | 000,006,836 | ---- | C] () -- C:\Users\M HP\AppData\Local\d3d9caps.dat

[2011/02/24 13:32:20 | 000,000,580 | ---- | C] () -- C:\Users\M HP\AppData\Local\cookies.ini

[2011/01/04 15:03:09 | 000,001,940 | ---- | C] () -- C:\Users\M HP\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2010/01/01 11:26:14 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009/08/08 11:45:32 | 000,010,249 | ---- | C] () -- C:\Users\M HP\AppData\Roaming\Comma Separated Values (Windows).CAL

[2009/06/20 08:48:27 | 000,002,108 | ---- | C] () -- C:\Users\M HP\AppData\Local\rx_audio.Cache

[2009/06/20 08:48:09 | 000,000,000 | ---- | C] () -- C:\Users\M HP\AppData\Local\rx_image32.Cache

[2009/06/11 09:27:12 | 000,072,704 | ---- | C] () -- C:\Users\M HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/06/11 07:53:51 | 000,138,056 | ---- | C] () -- C:\Users\M HP\AppData\Roaming\PnkBstrK.sys

 

========== ZeroAccess Check ==========

 

[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:404390E0

@Alternate Data Stream - 242 bytes -> C:\ProgramData\Temp:E5BA9ADD

@Alternate Data Stream - 240 bytes -> C:\ProgramData\Temp:AD020DC3

@Alternate Data Stream - 239 bytes -> C:\ProgramData\Temp:A26AFC00

@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:9D6EAEC3

@Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:737160C1

@Alternate Data Stream - 227 bytes -> C:\ProgramData\Temp:C9B27A06

@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:F5FC5DCE

@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:5AF0DC60

@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:CDCEE6BF

@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:06C34166

@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:0988A428

@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:8DD36B71

@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:CB0FEE2B

@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:C611D6C8

@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:996104FC

@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:DCA79AB3

@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:3790BACD

@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:CF75D88F

@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:EE7AAC75

@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:66FC2E6F

@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:61B54B15

@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:D8F9D810

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:30DA8392

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:05A9EC70

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:A02025CE

@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:AE2EA3C2

@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E2B84483

@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:0ACF1AF5

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:CD6E25A6

@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4A2862FF

@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:A9ABA3FF

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:0459F5AC

@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:7BA6D322

@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:CF31AEF5

@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:FA7CDE12

 

< End of report >



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:28 AM

Posted 24 November 2013 - 12:45 PM

Hello

Snap.do does not show up anymore in the reports - where do you see it and can you just delete it?

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 jhcomputer

jhcomputer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 24 November 2013 - 01:33 PM

Here is an image.  I can only choose Uninstall/Change. When I choose that, it thinks for a little bit and nothing changes.

 

bqnm.jpg
 


Edited by jhcomputer, 24 November 2013 - 01:34 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:28 AM

Posted 24 November 2013 - 01:54 PM



Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)
  • Programs to remove

    • Adobe Reader X (10.1.8)
      Coupon Printer for Windows
      Snap.Do Engine


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Update Adobe reader
  • Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
    • If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

      Note: When installing FoxitReader, be careful not to install anything to do with AskBar.

Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :


I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 jhcomputer

jhcomputer
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 27 November 2013 - 10:51 PM

I am not going to be able to complete the tasks in the new post for a few more days.



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:28 AM

Posted 27 November 2013 - 11:04 PM

No problem and I will see you over the weekend?

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:28 AM

Posted 02 December 2013 - 01:29 AM

Just coming in to check on you


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users