Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tuvaro/www_Searchnow and Other Issue (s)


  • This topic is locked This topic is locked
24 replies to this topic

#1 mosscomes

mosscomes

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 06 May 2014 - 11:06 AM

It's my neighbor's Windows 7SP1 laptop. He's been too aggressive installing freeware, not running his anti-malware products and keeping Java and Flash up to date. The Tuvaro/www_searchnow hijack was installed a couple of weeks ago. This is the first indication my neighbor had he was infected. Except for a short period, (less than a day) I have been unable to remove it. The system was slow on startups and shutdowns.That has improved dramatically after running Malwarebytes. Internet Explorer (now the only browser installed) performance at coming up is now very slow.

 Two other problems presented itself at the same time:

1. The Firefox web browser, after updating to version 29, keeps launching the "Welcome to Firefox" web page (a well-documented bug that sometimes occurs). Attempts to access the add-ons page were redirected.I was unable to edit the Firefox preferences file (permissions issue-not the file itself). Internet Explorer keeps showing the "Set as default browser dialog box" even after being selected. Resetting both browers failed to solve the problem.

 

2. Flash will not update (crashes the browser) and I had a devil of a time getting Java to update (but it is now). Initial attempts to just read the Java install logs were prevented by file permission issues.

I've used numerous tools in both regular and safe modes. Malwarebytes (removed over 3,000 PUP's), Spybot, Superanti-spyware, ADW cleaner, TDSKiller, Kaspersky VRT, and RogueKiller. I have logs of pretty much everything I did. I've also done a SFC check and that reports no Windows integrity issue.

 

Have cleared browser and Java cache, but haven't cleared System Restore points (yet),

 

I also have a full system image backup.

 

The only non-pups I noted were the autokms.exe Trojan, not-a-virus:Adware.Win32.Lyckriks.b, not-a-virus:adware.Win32.agent.ajsd.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.55.2
Run by Bill at 19:41:03 on 2014-05-03
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3767.1614 [GMT -4:00]
.
AV: Bitdefender Antivirus Free Edition *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Bitdefender Antivirus Free Edition *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe
C:\Program Files\Soluto\SolutoLauncherService.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Soluto\Soluto.exe
C:\Program Files (x86)\Start Menu 7\StartMenu7.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Start Menu 7\VistaHookApp.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bitdefender\Antivirus Free Edition\update.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com
mURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: CaptureSaver: {5148AB7D-8868-4490-B6DA-F98368488582} - C:\Program Files (x86)\CaptureSaver\CaptureSaverIE.dll
uRun: [StartMenu7] "C:\Program Files (x86)\Start Menu 7\StartMenu7.exe"
dRun: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
StartupFolder: C:\Users\Bill\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_uninst_.lnk - C:\Users\Bill\AppData\Local\Temp\_uninst_.bat
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972}
IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - <orphaned>
IE: {3BD9DD3E-F9B6-45b9-9ED3-5E1980C2686F} - {5148AB7D-8868-4490-B6DA-F98368488582}
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - <orphaned>
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{9F141F08-39A0-43D3-B885-55418267EAE2} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C2C1172A-BE84-42BB-AD36-2B5E2877E9F1}\341637379656 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C2C1172A-BE84-42BB-AD36-2B5E2877E9F1}\4596D6265627E456470223E243 : DHCPNameServer = 64.233.222.2 64.233.222.7 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: livecall - <Clsid value has no data>
Handler: msnim - <Clsid value has no data>
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Soluto] c:\program files\soluto\soluto.exe /init
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: livecall - <Clsid value has no data>
x64-Handler: msnim - <Clsid value has no data>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2013-12-14 718840]
R0 hotcore3;hc3ServiceName;C:\Windows\System32\drivers\hotcore3.sys [2011-6-22 37456]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-10-11 45856]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [2013-12-14 121928]
R1 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2013-12-14 148696]
R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2013-12-14 593144]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2010-9-5 32296]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-7-20 135560]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-20 56344]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-9-5 38248]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2010-5-20 55336]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-9-5 294760]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-9-5 202792]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-9-5 52584]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-9-5 156392]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2010-9-5 264040]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [2011-10-28 276256]
.
=============== Created Last 30 ================
.
2014-05-03 20:51:19    388096    ----a-r-    C:\Users\Bill\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-05-03 20:51:19    --------    d-----w-    C:\Program Files (x86)\Trend Micro
2014-05-03 20:41:15    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-05-03 20:41:15    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-05-03 20:33:25    --------    d-----w-    C:\$RECYCLE.BIN
2014-05-03 20:17:39    98816    ----a-w-    C:\Windows\sed.exe
2014-05-03 20:17:39    256000    ----a-w-    C:\Windows\PEV.exe
2014-05-03 20:17:39    208896    ----a-w-    C:\Windows\MBR.exe
2014-05-03 20:17:35    --------    d-----w-    C:\ComboFix
2014-05-03 19:43:48    --------    d-----w-    C:\Windows\ERUNT
2014-05-03 15:03:20    12872    ----a-w-    C:\Windows\System32\bootdelete.exe
2014-05-02 23:16:00    --------    d-----w-    C:\Windows\Microsoft Antimalware
2014-05-02 18:28:17    --------    d-----w-    C:\Users\Bill\AppData\Roaming\Wise Registry Cleaner
2014-05-02 18:28:14    --------    d-----w-    C:\Program Files (x86)\Wise
2014-05-02 16:11:00    --------    d-----w-    C:\Program Files\stinger
2014-05-02 15:41:09    --------    d-----w-    C:\ProgramData\Kaspersky Lab
2014-05-02 14:27:48    --------    d-----w-    C:\Users\Bill\AppData\Roaming\SUPERAntiSpyware.com
2014-05-02 13:46:31    --------    d-----w-    C:\Program Files (x86)\MozBackup
2014-05-02 00:35:57    --------    d-----w-    C:\Program Files (x86)\Identity Finder 6
2014-05-01 17:50:20    --------    d-----w-    C:\MGtools
2014-05-01 17:33:42    --------    d-----w-    C:\Program Files\HitmanPro
2014-05-01 17:33:23    --------    d-----w-    C:\ProgramData\HitmanPro
2014-05-01 13:23:19    --------    d-----w-    C:\Users\Bill\AppData\Roaming\Crystal Office
2014-05-01 01:04:18    61120    ----a-w-    C:\Windows\System32\drivers\{e844e171-0702-480a-abc8-39f79c8c6126}w64.sys
2014-04-30 14:22:26    21184    ----a-w-    C:\Windows\System32\drivers\SmartDefragDriver.sys
2014-04-27 17:16:57    --------    d-s---w-    C:\Windows\System32\CompatTel
2014-04-27 17:16:54    465408    ----a-w-    C:\Windows\System32\aepdu.dll
2014-04-27 17:16:54    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-04-24 13:05:53    --------    d-sh--w-    C:\Users\Bill\AppData\Local\EmieUserList
2014-04-24 13:05:53    --------    d-sh--w-    C:\Users\Bill\AppData\Local\EmieSiteList
2014-04-21 13:53:19    261056    ----a-w-    C:\Windows\System32\drivers\avchv.sys
2014-04-21 00:25:37    2157704    ----a-w-    C:\Windows\System32\YamahaAE.dll
2014-04-21 00:25:34    2101848    ----a-w-    C:\Windows\System32\WavesGUILib64.dll
2014-04-21 00:25:28    724728    ----a-w-    C:\Windows\System32\sltech64.dll
2014-04-21 00:25:28    245496    ----a-w-    C:\Windows\System32\slprp64.dll
2014-04-21 00:25:26    1045752    ----a-w-    C:\Windows\System32\slcnt64.dll
2014-04-21 00:25:25    899320    ----a-w-    C:\Windows\System32\sl3apo64.dll
2014-04-21 00:25:20    2825432    ----a-w-    C:\Windows\System32\RtPgEx64.dll
2014-04-21 00:25:16    3872984    ----a-w-    C:\Windows\System32\drivers\RTKVHD64.sys
2014-04-21 00:25:10    2792152    ----a-w-    C:\Windows\System32\RtkAPO64.dll
2014-04-21 00:25:10    1024216    ----a-w-    C:\Windows\System32\RtkApi64.dll
2014-04-21 00:25:08    624344    ----a-w-    C:\Windows\System32\RtDataProc64.dll
2014-04-21 00:25:02    1286872    ----a-w-    C:\Windows\System32\RTCOM64.dll
2014-04-21 00:22:57    33008    ----a-w-    C:\Windows\System32\drivers\Smb_driver_Intel.sys
2014-04-17 00:14:42    274880    ----a-w-    C:\Windows\System32\drivers\msiscsi.sys
2014-04-17 00:12:37    1684928    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
.
==================== Find3M  ====================
.
2014-05-03 21:18:33    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-03 19:29:24    290304    ----a-w-    C:\Windows\SysWow64\subinacl.exe
2014-05-03 13:59:28    17920    ----a-w-    C:\Windows\System32\rpcnetp.exe
2014-05-03 13:59:26    58288    ----a-w-    C:\Windows\SysWow64\rpcnet.dll
2014-05-02 18:22:11    108968    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2014-04-22 01:57:46    387455    ----a-w-    C:\DUMP63a2.tmp
2014-04-21 00:25:01    56270848    ----a-w-    C:\Windows\System32\RCoRes64.dat
2014-04-20 17:48:03    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-18 21:51:32    128320    ----a-w-    C:\Windows\System32\IObitSmartDefragExtension.dll
2014-03-17 01:42:24    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-03-17 01:42:24    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-03-17 01:42:16    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-03-17 01:42:08    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-03-17 01:42:08    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-03-17 01:41:49    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-03-17 01:41:49    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-17 01:41:13    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2014-03-15 02:12:51    70304    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-15 02:12:51    418464    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-04 09:44:21    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21    243712    ----a-w-    C:\Windows\System32\wow64.dll
2014-03-04 09:44:21    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2014-02-28 17:24:19    458960    ----a-w-    C:\Windows\System32\drivers\k57nd60a.sys
2014-02-28 17:24:01    317440    ----a-w-    C:\Windows\System32\drivers\IntcDAud.sys
2014-02-28 17:24:01    14848    ----a-w-    C:\Windows\System32\IntcDAuC.dll
2014-02-28 17:22:18    1958616    ----a-w-    C:\Windows\System32\RTSnMg64.cpl
2014-02-15 14:17:58    3928064    ----a-w-    C:\Windows\System32\d2d1.dll
2014-02-15 14:17:58    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2014-02-15 14:17:58    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2014-02-15 14:17:58    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2014-02-15 14:17:03    2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
2014-02-15 14:17:03    2048    ----a-w-    C:\Windows\System32\msxml3r.dll
2014-02-15 14:17:03    1882112    ----a-w-    C:\Windows\System32\msxml3.dll
2014-02-15 14:17:03    1237504    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2014-02-04 02:35:56    190912    ----a-w-    C:\Windows\System32\drivers\storport.sys
2014-02-04 02:35:35    27584    ----a-w-    C:\Windows\System32\drivers\Diskdump.sys
2014-02-04 02:28:36    2048    ----a-w-    C:\Windows\System32\iologmsg.dll
2014-02-04 02:00:39    2048    ----a-w-    C:\Windows\SysWow64\iologmsg.dll
.
============= FINISH: 19:43:38.42 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:17 AM

Posted 06 May 2014 - 12:26 PM


Hello mosscomes

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mosscomes

mosscomes
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 06 May 2014 - 04:05 PM

# AdwCleaner v3.014 - Report created 03/12/2013 at 17:14:08
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bill - BILL-PC
# Running from : C:\Downloads\Software\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\IObit Apps Toolbar
Folder Deleted : C:\Program Files (x86)\LyricsSpeaker
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\Secure Speed Dial
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Users\Bill\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Bill\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Bill\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Bill\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Bill\Desktop\NCH Software
Folder Deleted : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\0hk9nvs2.default\Extensions\speeddial@instair.net
Folder Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\abepbblpkilpjohncjbccmdjhdhbnhdj
Folder Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Folder Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Folder Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Folder Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
File Deleted : C:\Users\Bill\AppData\Local\mysearchdial_speedial_v9.0.2.crx
File Deleted : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\0hk9nvs2.default\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\0hk9nvs2.default\user.js
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
File Deleted : C:\Windows\Tasks\LyricsSpeaker Update.job
File Deleted : C:\Windows\System32\Tasks\LyricsSpeaker Update
File Deleted : C:\Windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D86A75B-CB6B-4764-885D-CA6336F04BA2}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\lyricsdroid
Key Deleted : HKCU\Software\AppDataLow\Software\lyricsspeaker
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\Search Settings

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\0hk9nvs2.default\prefs.js ]


-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [14782 octets] - [27/10/2013 12:54:02]
AdwCleaner[R1].txt - [1448 octets] - [04/11/2013 01:08:39]
AdwCleaner[R2].txt - [7865 octets] - [03/12/2013 17:12:18]
AdwCleaner[S0].txt - [14199 octets] - [27/10/2013 12:58:00]
AdwCleaner[S1].txt - [1527 octets] - [04/11/2013 01:10:36]
AdwCleaner[S2].txt - [7859 octets] - [03/12/2013 17:14:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [7919 octets] ##########
# AdwCleaner v3.207 - Report created 06/05/2014 at 16:19:26
# Updated 05/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bill - BILL-PC
# Running from : C:\Users\Bill\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : SecureUpdateSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\FileCure
Folder Deleted : C:\Program Files (x86)\TidyNetwork
Folder Deleted : C:\Users\Bill\AppData\LocalLow\Object Browser
File Deleted : C:\Users\Bill\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Windows\System32\Tasks\Driver Booster Update
File Deleted : C:\Windows\System32\Tasks\Object Browser-updater
File Deleted : C:\Windows\System32\Tasks\ShopperPro
File Deleted : C:\Windows\System32\Tasks\ShopperProJSUpd
File Deleted : C:\Windows\System32\Tasks\SMupdate1

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Google Chrome v34.0.1847.131

*************************

AdwCleaner[R0].txt - [49533 octets] - [27/10/2013 13:54:02]
AdwCleaner[R1].txt - [8992 octets] - [04/11/2013 02:08:39]
AdwCleaner[R2].txt - [9794 octets] - [03/12/2013 18:12:18]
AdwCleaner[R3].txt - [1931 octets] - [04/05/2014 09:08:06]
AdwCleaner[R4].txt - [1952 octets] - [06/05/2014 16:18:01]
AdwCleaner[S0].txt - [21627 octets] - [27/10/2013 13:58:00]
AdwCleaner[S1].txt - [3533 octets] - [04/11/2013 02:10:36]
AdwCleaner[S2].txt - [9744 octets] - [03/12/2013 18:14:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [9804 octets] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Bill on Tue 05/06/2014 at 16:32:56.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Bill\appdata\local\{D566988C-F357-445E-BDB1-145930F15234}
Successfully deleted: [Empty Folder] C:\Users\Bill\appdata\local\{EC11B698-E860-4685-9415-A27AD9FC0DFA}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/06/2014 at 16:41:20.49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

system initially started up very slowly (slower than before) and Ads started popping up when IE was running. That hadn't happened previously.



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:17 AM

Posted 07 May 2014 - 07:06 AM


Hello mosscomes

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mosscomes

mosscomes
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 07 May 2014 - 09:52 AM

Here ya go, Gringo:

 

Boot performance before and after was very very slow. Launching of IE was very slow before and after. The IE homepage did not go back to Tuvaro after I changed it and rebooted. But the IE default browser dialog continues to return even after I select IE as default browser.

 

I noted something I else I never saw before in a Win 7 system. In task manager, I saw a process titled "vistahookapp.exe," which may not may not be adware, depending on which internet source you want to believe. I consider it adware.

 

ComboFix 14-05-07.03 - Bill 05/07/2014   9:43.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3767.1920 [GMT -4:00]
Running from: c:\users\Bill\Desktop\ComboFix.exe
AV: Bitdefender Antivirus Free Edition *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Bitdefender Antivirus Free Edition *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\install.exe
c:\programdata\1374502988.bdinstall.bin
c:\programdata\1374503402.bdinstall.bin
c:\programdata\1374503452.1216.bin
c:\programdata\1374503452.5136.bin
c:\programdata\1374503452.6008.bin
c:\programdata\1374504028.bdinstall.bin
c:\programdata\1374650010.bdinstall.bin
c:\programdata\1374650020.3816.bin
c:\programdata\1374650020.5200.bin
c:\programdata\1374650020.5456.bin
c:\programdata\1374650020.5640.bin
c:\programdata\1374683253.bdinstall.bin
c:\programdata\1374685349.bdinstall.bin
c:\programdata\1374685352.bdinstall.bin
c:\programdata\1374685751.bdinstall.bin
c:\programdata\1374685811.1860.bin
c:\programdata\1374685811.3692.bin
c:\programdata\1374685811.4020.bin
c:\programdata\1374686211.bdinstall.bin
c:\programdata\1374686238.bdinstall.bin
c:\programdata\1374691315.bdinstall.bin
c:\programdata\1374714459.bdinstall.bin
c:\programdata\1386983218.bdinstall.bin
c:\programdata\1387012337.bdinstall.bin
c:\programdata\1387012458.1624.bin
c:\programdata\1387012458.2248.bin
c:\programdata\1387012458.384.bin
c:\programdata\1387016299.bdinstall.bin
c:\programdata\1390757593.bdinstall.bin
c:\programdata\1390757945.bdinstall.bin
c:\users\Bill\AppData\Local\AnyProtectScannerSetup.exe
c:\windows\wininit.ini
.
Infected copy of c:\windows\SysWow64\ntdll.dll was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!SysWOW64!ntdll.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-07 to 2014-05-07  )))))))))))))))))))))))))))))))
.
.
2014-05-07 14:00 . 2014-05-07 14:00    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-05-07 13:07 . 2014-05-07 13:07    --------    d-----w-    c:\program files\Microsoft.NET
2014-05-06 14:07 . 2014-05-06 14:07    --------    d-----w-    c:\users\Bill\AppData\Local\Xara
2014-05-04 12:25 . 2014-05-04 12:25    --------    d-----w-    c:\program files (x86)\Tweaking.com
2014-05-03 23:29 . 2014-05-03 23:29    --------    d-----w-    c:\users\Bill\AppData\Roaming\Oracle
2014-05-03 21:18 . 2014-05-03 21:18    --------    d-----w-    c:\program files (x86)\Java
2014-05-03 20:51 . 2014-05-03 20:51    --------    d-----w-    c:\program files (x86)\Trend Micro
2014-05-03 20:41 . 2014-04-29 14:01    23547904    ----a-w-    c:\windows\system32\mshtml.dll
2014-05-03 20:41 . 2014-04-29 13:40    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-05-03 20:41 . 2014-04-29 12:34    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2014-05-03 19:43 . 2014-05-03 19:43    --------    d-----w-    c:\windows\ERUNT
2014-05-03 15:03 . 2014-05-03 15:03    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2014-05-02 23:16 . 2014-05-02 23:54    --------    d-----w-    c:\windows\Microsoft Antimalware
2014-05-02 18:22 . 2014-05-02 18:22    313256    ----a-w-    c:\windows\system32\javaws.exe
2014-05-02 18:22 . 2014-05-02 18:22    189352    ----a-w-    c:\windows\system32\javaw.exe
2014-05-02 18:22 . 2014-05-02 18:22    189352    ----a-w-    c:\windows\system32\java.exe
2014-05-02 16:43 . 2014-05-02 16:43    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-05-02 16:11 . 2014-05-03 15:21    --------    d-----w-    c:\program files\stinger
2014-05-02 15:41 . 2014-05-02 15:41    --------    d-----w-    c:\programdata\Kaspersky Lab
2014-05-02 14:27 . 2014-05-02 14:27    --------    d-----w-    c:\users\Bill\AppData\Roaming\SUPERAntiSpyware.com
2014-05-02 13:46 . 2014-05-02 13:46    --------    d-----w-    c:\program files (x86)\MozBackup
2014-05-02 00:35 . 2014-05-03 22:41    --------    d-----w-    c:\program files (x86)\Identity Finder 6
2014-05-01 23:38 . 2014-05-01 23:38    --------    d-----w-    c:\users\Public\OEM
2014-05-01 17:33 . 2014-05-02 11:30    --------    d-----w-    c:\program files\HitmanPro
2014-05-01 17:33 . 2014-05-01 20:55    --------    d-----w-    c:\programdata\HitmanPro
2014-05-01 13:23 . 2014-05-01 13:23    --------    d-----w-    c:\users\Bill\AppData\Roaming\Crystal Office
2014-05-01 01:04 . 2014-04-24 16:22    61120    ----a-w-    c:\windows\system32\drivers\{e844e171-0702-480a-abc8-39f79c8c6126}w64.sys
2014-04-30 14:22 . 2013-12-24 14:40    21184    ----a-w-    c:\windows\system32\drivers\SmartDefragDriver.sys
2014-04-27 17:16 . 2014-04-27 17:16    --------    d-s---w-    c:\windows\system32\CompatTel
2014-04-27 17:16 . 2014-04-27 17:16    465408    ----a-w-    c:\windows\system32\aepdu.dll
2014-04-27 17:16 . 2014-04-27 17:16    424448    ----a-w-    c:\windows\system32\aeinv.dll
2014-04-24 13:05 . 2014-04-24 13:05    --------    d-sh--w-    c:\users\Bill\AppData\Local\EmieUserList
2014-04-24 13:05 . 2014-04-24 13:05    --------    d-sh--w-    c:\users\Bill\AppData\Local\EmieSiteList
2014-04-21 13:53 . 2014-04-21 13:53    261056    ----a-w-    c:\windows\system32\drivers\avchv.sys
2014-04-21 00:24 . 2014-04-21 00:24    946392    ----a-w-    c:\windows\system32\RCoInstII64.dll
2014-04-21 00:22 . 2014-04-21 00:22    33008    ----a-w-    c:\windows\system32\drivers\Smb_driver_Intel.sys
2014-04-17 00:14 . 2014-02-04 02:35    274880    ----a-w-    c:\windows\system32\drivers\msiscsi.sys
2014-04-17 00:12 . 2014-01-24 02:37    1684928    ----a-w-    c:\windows\system32\drivers\ntfs.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-07 14:03 . 2010-07-20 08:23    17920    ----a-w-    c:\windows\system32\rpcnetp.exe
2014-05-07 14:03 . 2010-11-27 02:16    58288    ----a-w-    c:\windows\SysWow64\rpcnet.dll
2014-05-03 21:18 . 2013-10-27 17:51    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-03 19:29 . 2014-03-16 20:35    290304    ----a-w-    c:\windows\SysWow64\subinacl.exe
2014-05-02 18:22 . 2013-06-22 16:51    108968    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2014-04-22 01:57 . 2010-09-05 18:17    387455    ----a-w-    C:\DUMP63a2.tmp
2014-04-21 00:33 . 2010-11-28 22:51    90655440    ----a-w-    c:\windows\system32\MRT.exe
2014-03-18 21:51 . 2014-01-24 14:00    128320    ----a-w-    c:\windows\system32\IObitSmartDefragExtension.dll
2014-03-17 01:42 . 2014-03-17 01:42    624128    ----a-w-    c:\windows\system32\qedit.dll
2014-03-17 01:42 . 2014-03-17 01:42    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
2014-03-17 01:42 . 2014-03-17 01:42    3156480    ----a-w-    c:\windows\system32\win32k.sys
2014-03-17 01:42 . 2014-03-17 01:42    484864    ----a-w-    c:\windows\system32\wer.dll
2014-03-17 01:42 . 2014-03-17 01:42    381440    ----a-w-    c:\windows\SysWow64\wer.dll
2014-03-17 01:41 . 2014-03-17 01:41    1424384    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-03-17 01:41 . 2014-03-17 01:41    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2014-03-17 01:41 . 2014-03-17 01:41    228864    ----a-w-    c:\windows\system32\wwansvc.dll
2014-03-15 02:12 . 2012-04-03 12:45    418464    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-15 02:12 . 2011-08-31 01:13    70304    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-04 09:17 . 2014-04-17 00:14    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2014-02-28 17:24 . 2014-02-28 17:24    458960    ----a-w-    c:\windows\system32\drivers\k57nd60a.sys
2014-02-28 17:24 . 2014-02-28 17:24    317440    ----a-w-    c:\windows\system32\drivers\IntcDAud.sys
2014-02-28 17:24 . 2014-02-28 17:24    14848    ----a-w-    c:\windows\system32\IntcDAuC.dll
2014-02-28 17:22 . 2014-02-28 17:22    1958616    ----a-w-    c:\windows\system32\RTSnMg64.cpl
2014-02-28 17:19 . 2014-02-28 17:19    90112    ----a-w-    c:\windows\system32\igfxCoIn_v2993.dll
2014-02-28 17:19 . 2014-02-28 17:19    168944    ----a-w-    c:\windows\system32\igfxtray.exe
2014-02-28 17:19 . 2014-02-28 17:19    9014784    ----a-w-    c:\windows\system32\igfxress.dll
2014-02-28 17:19 . 2014-02-28 17:19    510960    ----a-w-    c:\windows\system32\igfxsrvc.exe
2014-02-28 17:19 . 2014-02-28 17:19    418800    ----a-w-    c:\windows\system32\igfxpers.exe
2014-02-28 17:19 . 2014-02-28 17:19    4096    ----a-w-    c:\windows\system32\IGFXDEVLib.dll
2014-02-28 17:19 . 2014-02-28 17:19    378368    ----a-w-    c:\windows\system32\igfxTMM.dll
2014-02-28 17:19 . 2014-02-28 17:19    376320    ----a-w-    c:\windows\system32\igfxpph.dll
2014-02-28 17:19 . 2014-02-28 17:19    293888    ----a-w-    c:\windows\SysWow64\igfxdv32.dll
2014-02-28 17:19 . 2014-02-28 17:19    287232    ----a-w-    c:\windows\system32\igfxrfra.lrc
2014-02-28 17:19 . 2014-02-28 17:19    287232    ----a-w-    c:\windows\system32\igfxresn.lrc
2014-02-28 17:19 . 2014-02-28 17:19    287232    ----a-w-    c:\windows\system32\igfxrell.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286720    ----a-w-    c:\windows\system32\igfxrsky.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286720    ----a-w-    c:\windows\system32\igfxrrus.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286720    ----a-w-    c:\windows\system32\igfxrrom.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286720    ----a-w-    c:\windows\system32\igfxrptg.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286720    ----a-w-    c:\windows\system32\igfxrplk.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286720    ----a-w-    c:\windows\system32\igfxrnld.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286720    ----a-w-    c:\windows\system32\igfxrita.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286720    ----a-w-    c:\windows\system32\igfxrhrv.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286720    ----a-w-    c:\windows\system32\igfxrdeu.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286720    ----a-w-    c:\windows\system32\igfxrcsy.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286208    ----a-w-    c:\windows\system32\igfxrtrk.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286208    ----a-w-    c:\windows\system32\igfxrsve.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286208    ----a-w-    c:\windows\system32\igfxrslv.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286208    ----a-w-    c:\windows\system32\igfxrptb.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286208    ----a-w-    c:\windows\system32\igfxrnor.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286208    ----a-w-    c:\windows\system32\igfxrhun.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286208    ----a-w-    c:\windows\system32\igfxrfin.lrc
2014-02-28 17:19 . 2014-02-28 17:19    285696    ----a-w-    c:\windows\system32\igfxrtha.lrc
2014-02-28 17:19 . 2014-02-28 17:19    285696    ----a-w-    c:\windows\system32\igfxrenu.lrc
2014-02-28 17:19 . 2014-02-28 17:19    285696    ----a-w-    c:\windows\system32\igfxrdan.lrc
2014-02-28 17:19 . 2014-02-28 17:19    285184    ----a-w-    c:\windows\system32\igfxrheb.lrc
2014-02-28 17:19 . 2014-02-28 17:19    285184    ----a-w-    c:\windows\system32\igfxrara.lrc
2014-02-28 17:19 . 2014-02-28 17:19    283648    ----a-w-    c:\windows\system32\igfxrjpn.lrc
2014-02-28 17:19 . 2014-02-28 17:19    283136    ----a-w-    c:\windows\system32\igfxrkor.lrc
2014-02-28 17:19 . 2014-02-28 17:19    282624    ----a-w-    c:\windows\system32\igfxrcht.lrc
2014-02-28 17:19 . 2014-02-28 17:19    282624    ----a-w-    c:\windows\system32\igfxrchs.lrc
2014-02-28 17:19 . 2014-02-28 17:19    24576    ----a-w-    c:\windows\SysWow64\igfxexps32.dll
2014-02-28 17:19 . 2014-02-28 17:19    241136    ----a-w-    c:\windows\system32\igfxext.exe
2014-02-28 17:19 . 2014-02-28 17:19    142336    ----a-w-    c:\windows\system32\igfxdo.dll
2014-02-28 17:19 . 2014-02-28 17:19    126976    ----a-w-    c:\windows\system32\igfxcpl.cpl
2014-02-28 17:19 . 2014-01-26 19:09    62464    ----a-w-    c:\windows\system32\igfxsrvc.dll
2014-02-28 17:19 . 2014-01-26 19:09    28672    ----a-w-    c:\windows\system32\igfxexps.dll
2014-02-28 17:19 . 2014-01-26 19:09    390144    ----a-w-    c:\windows\system32\igfxdev.dll
2014-02-28 17:19 . 2012-01-11 02:28    8314368    ----a-w-    c:\windows\system32\igdumd64.dll
2014-02-28 17:19 . 2011-02-11 23:09    581120    ----a-w-    c:\windows\SysWow64\igdumdx32.dll
2014-02-28 17:19 . 2014-02-28 17:19    12312928    ----a-w-    c:\windows\system32\drivers\igdkmd64.sys
2014-02-28 17:19 . 2011-02-11 23:12    6324224    ----a-w-    c:\windows\SysWow64\igdumd32.dll
2014-02-28 17:19 . 2014-02-28 17:19    18664960    ----a-w-    c:\windows\system32\ig4icd64.dll
2014-02-28 17:19 . 2014-02-28 17:19    13913600    ----a-w-    c:\windows\SysWow64\ig4icd32.dll
2014-02-28 17:19 . 2012-01-11 02:06    9528832    ----a-w-    c:\windows\system32\igd10umd64.dll
2014-02-28 17:19 . 2012-01-11 01:55    7988224    ----a-w-    c:\windows\SysWow64\igd10umd32.dll
2014-02-28 17:19 . 2014-02-28 17:19    394224    ----a-w-    c:\windows\system32\hkcmd.exe
2014-02-28 17:19 . 2014-02-28 17:19    4380144    ----a-w-    c:\windows\system32\GfxUI.exe
2014-02-28 17:19 . 2014-01-26 19:08    110080    ----a-w-    c:\windows\system32\hccutils.dll
2014-02-28 17:19 . 2014-02-28 17:19    185840    ----a-w-    c:\windows\system32\difx64.exe
2014-02-28 17:19 . 2014-02-28 17:19    146432    ----a-w-    c:\windows\system32\gfxSrvc.dll
2014-02-15 14:17 . 2014-02-15 14:17    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2014-02-15 14:17 . 2014-02-15 14:17    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2014-02-15 14:17 . 2014-02-15 14:17    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2014-02-15 14:17 . 2014-02-15 14:17    1987584    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2014-02-15 14:17 . 2014-02-15 14:17    2048    ----a-w-    c:\windows\SysWow64\msxml3r.dll
2014-02-15 14:17 . 2014-02-15 14:17    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2014-02-15 14:17 . 2014-02-15 14:17    1882112    ----a-w-    c:\windows\system32\msxml3.dll
2014-02-15 14:17 . 2014-02-15 14:17    1237504    ----a-w-    c:\windows\SysWow64\msxml3.dll
2014-02-15 14:09 . 2014-02-15 14:09    87040    ----a-w-    c:\windows\SysWow64\secproc_ssp_isv.dll
2014-02-15 14:09 . 2014-02-15 14:09    87040    ----a-w-    c:\windows\SysWow64\secproc_ssp.dll
2014-02-15 14:09 . 2014-02-15 14:09    658432    ----a-w-    c:\windows\system32\RMActivate_isv.exe
2014-02-15 14:09 . 2014-02-15 14:09    626176    ----a-w-    c:\windows\system32\RMActivate.exe
2014-02-15 14:09 . 2014-02-15 14:09    594944    ----a-w-    c:\windows\SysWow64\RMActivate_isv.exe
2014-02-15 14:09 . 2014-02-15 14:09    572416    ----a-w-    c:\windows\SysWow64\RMActivate.exe
2014-02-15 14:09 . 2014-02-15 14:09    553984    ----a-w-    c:\windows\system32\RMActivate_ssp.exe
2014-02-15 14:09 . 2014-02-15 14:09    552960    ----a-w-    c:\windows\system32\RMActivate_ssp_isv.exe
2014-02-15 14:09 . 2014-02-15 14:09    528384    ----a-w-    c:\windows\system32\msdrm.dll
2014-02-15 14:09 . 2014-02-15 14:09    510976    ----a-w-    c:\windows\SysWow64\RMActivate_ssp.exe
2014-02-15 14:09 . 2014-02-15 14:09    508928    ----a-w-    c:\windows\SysWow64\RMActivate_ssp_isv.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-03-13 00:13    1728216    ----a-w-    c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-03-13 00:13    1728216    ----a-w-    c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-03-13 00:13    1728216    ----a-w-    c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40    120176    ----a-w-    c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartMenu7"="c:\program files (x86)\Start Menu 7\StartMenu7.exe" [2011-02-23 2752920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 7"="c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" [2014-02-11 2288928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
.
R0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys;c:\windows\SYSNATIVE\DRIVERS\Lbd.sys [x]
R1 SBRE;SBRE; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 vToolbarUpdater17.1.0;vToolbarUpdater17.1.0; [x]
R3 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [x]
R3 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys;c:\windows\SYSNATIVE\drivers\DigiartyVirtualCDBus.sys [x]
R3 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
R3 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
R3 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver; [x]
R3 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 PasswordBox;PasswordBox;c:\program files (x86)\PasswordBox\pbbtnService.exe;c:\program files (x86)\PasswordBox\pbbtnService.exe [x]
R3 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 SolutoRemoteService;Soluto Remote Service;c:\program files\Soluto\SolutoRemoteService.exe;c:\program files\Soluto\SolutoRemoteService.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys;c:\windows\SYSNATIVE\DRIVERS\hotcore3.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys;c:\windows\SYSNATIVE\DRIVERS\Soluto.sys [x]
S1 {e844e171-0702-480a-abc8-39f79c8c6126}w64;{e844e171-0702-480a-abc8-39f79c8c6126}w64;c:\windows\system32\drivers\{e844e171-0702-480a-abc8-39f79c8c6126}w64.sys;c:\windows\SYSNATIVE\drivers\{e844e171-0702-480a-abc8-39f79c8c6126}w64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys;c:\program files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [x]
S1 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 gzserv;Bitdefender Antivirus Free Edition;c:\program files\Bitdefender\Antivirus Free Edition\gzserv.exe;c:\program files\Bitdefender\Antivirus Free Edition\gzserv.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 SMUpd;Search Module Update;c:\program files\Common Files\Goobzo\GBUpdate\smu.exe;c:\program files\Common Files\Goobzo\GBUpdate\smu.exe [x]
S2 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe;c:\program files\Soluto\SolutoLauncherService.exe [x]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe;c:\program files\Soluto\SolutoService.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 SMUpdd;Search Module UpdateD;c:\program files\Common Files\Goobzo\GBUpdate\smw.sys;c:\program files\Common Files\Goobzo\GBUpdate\smw.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-01 c:\windows\Tasks\GlaryInitialize 3.job
- c:\program files (x86)\Glary Utilities 3\Initialize.exe [2013-10-28 08:36]
.
2014-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-10 01:31]
.
2014-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-10 01:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-03-13 00:10    2333400    ----a-w-    c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-03-13 00:10    2333400    ----a-w-    c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-03-13 00:10    2333400    ----a-w-    c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    97792    ----a-w-    c:\users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    97792    ----a-w-    c:\users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    97792    ----a-w-    c:\users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    97792    ----a-w-    c:\users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42    137584    ----a-w-    c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2013-05-21 19:06    6437192    ----a-w-    c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2013-05-21 19:06    6437192    ----a-w-    c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-04-21 13667032]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-02-28 394224]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-02-28 418800]
"Soluto"="c:\program files\soluto\soluto.exe" [2013-07-10 1230912]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.254
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{9F6B5CC3-5C7B-4B5C-97AF-19DEC1E380E5}"=hex:51,66,7a,6c,4c,1d,38,12,ad,5f,78,
   9b,49,12,32,0e,e8,b9,5a,9e,c4,bd,c4,f1
"{5148AB7D-8868-4490-B6DA-F98368488582}"=hex:51,66,7a,6c,4c,1d,38,12,13,a8,5b,
   55,5a,c6,fe,01,c9,cc,ba,c3,6d,16,c1,96
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
   34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{95D9ECF5-2A4D-4550-BE49-70D42F71296E}"=hex:51,66,7a,6c,4c,1d,38,12,9b,ef,ca,
   91,7f,64,3e,00,c1,5f,33,94,2a,2f,6d,7a
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}"=hex:51,66,7a,6c,4c,1d,38,12,b0,b9,4d,
   f6,7d,c9,e9,34,52,ae,29,b1,f0,09,fe,ca
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,41,a4,eb,ef,49,b5,fe,4f,97,47,b8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,41,a4,eb,ef,49,b5,fe,4f,97,47,b8,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\rpcnet.exe
.
**************************************************************************
.
Completion time: 2014-05-07  10:14:23 - machine was rebooted
ComboFix-quarantined-files.txt  2014-05-07 14:14
.
Pre-Run: 177,070,350,336 bytes free
Post-Run: 177,128,382,464 bytes free
.
- - End Of File - - 0E00520ED960DE161B5C2F2F543AC9D3



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:17 AM

Posted 08 May 2014 - 11:05 AM


Hello mosscomes

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 mosscomes

mosscomes
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 08 May 2014 - 06:38 PM

Ok, Gringo: Here's the good:

 

System boot times were much better after running: approx 2:30 give or take. (I've not messed with any startup programs). Internet Explorer home page has not reverted back to Tuvaro. Finally conquered the default browser dialog (but only after reinstalling firefox to check if that problem recurrs.) Finally was able to update Flash to the most recent version.

 

And the bad: IE takes 40 or so seconds to load, about 35 seconds of which is white screen (problems with the existing pieces of its BHO's?). Reloaded Firefox, restored settings and bookmarks. The Tuvaro home page reappeared (is not part of the settings-I tested this on another machine). After closing and re-opening, Firefox went back into its "Welcome to Firefox" Screen loop. After closing the browser, the system would not let me modify (or even delete) the prefs.js file. I had deleted all the Mozilla folders from the system previously, but had not from the registry. There is only a disabled dictionary add-on present.

 

 

ComboFix 14-05-07.03 - Bill 05/08/2014  16:16:16.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3767.1845 [GMT -4:00]
Running from: c:\users\Bill\Desktop\ComboFix.exe
Command switches used :: c:\users\Bill\Desktop\CFScript.txt
AV: Bitdefender Antivirus Free Edition *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Bitdefender Antivirus Free Edition *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-08 to 2014-05-08  )))))))))))))))))))))))))))))))
.
.
2014-05-08 20:30 . 2014-05-08 20:30    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-05-07 13:07 . 2014-05-07 13:07    --------    d-----w-    c:\program files\Microsoft.NET
2014-05-06 14:07 . 2014-05-06 14:07    --------    d-----w-    c:\users\Bill\AppData\Local\Xara
2014-05-04 12:25 . 2014-05-04 12:25    --------    d-----w-    c:\program files (x86)\Tweaking.com
2014-05-03 23:29 . 2014-05-03 23:29    --------    d-----w-    c:\users\Bill\AppData\Roaming\Oracle
2014-05-03 21:18 . 2014-05-03 21:18    --------    d-----w-    c:\program files (x86)\Java
2014-05-03 20:51 . 2014-05-03 20:51    --------    d-----w-    c:\program files (x86)\Trend Micro
2014-05-03 20:41 . 2014-04-29 14:01    23547904    ----a-w-    c:\windows\system32\mshtml.dll
2014-05-03 20:41 . 2014-04-29 13:40    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-05-03 20:41 . 2014-04-29 12:34    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2014-05-03 19:43 . 2014-05-03 19:43    --------    d-----w-    c:\windows\ERUNT
2014-05-03 15:03 . 2014-05-03 15:03    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2014-05-02 23:16 . 2014-05-02 23:54    --------    d-----w-    c:\windows\Microsoft Antimalware
2014-05-02 18:22 . 2014-05-02 18:22    313256    ----a-w-    c:\windows\system32\javaws.exe
2014-05-02 18:22 . 2014-05-02 18:22    189352    ----a-w-    c:\windows\system32\javaw.exe
2014-05-02 18:22 . 2014-05-02 18:22    189352    ----a-w-    c:\windows\system32\java.exe
2014-05-02 16:43 . 2014-05-02 16:43    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-05-02 16:11 . 2014-05-03 15:21    --------    d-----w-    c:\program files\stinger
2014-05-02 15:41 . 2014-05-02 15:41    --------    d-----w-    c:\programdata\Kaspersky Lab
2014-05-02 14:27 . 2014-05-02 14:27    --------    d-----w-    c:\users\Bill\AppData\Roaming\SUPERAntiSpyware.com
2014-05-02 13:46 . 2014-05-02 13:46    --------    d-----w-    c:\program files (x86)\MozBackup
2014-05-02 00:35 . 2014-05-03 22:41    --------    d-----w-    c:\program files (x86)\Identity Finder 6
2014-05-01 23:38 . 2014-05-01 23:38    --------    d-----w-    c:\users\Public\OEM
2014-05-01 17:33 . 2014-05-02 11:30    --------    d-----w-    c:\program files\HitmanPro
2014-05-01 17:33 . 2014-05-01 20:55    --------    d-----w-    c:\programdata\HitmanPro
2014-05-01 13:23 . 2014-05-01 13:23    --------    d-----w-    c:\users\Bill\AppData\Roaming\Crystal Office
2014-05-01 01:04 . 2014-04-24 16:22    61120    ----a-w-    c:\windows\system32\drivers\{e844e171-0702-480a-abc8-39f79c8c6126}w64.sys
2014-04-30 14:22 . 2013-12-24 14:40    21184    ----a-w-    c:\windows\system32\drivers\SmartDefragDriver.sys
2014-04-27 17:16 . 2014-04-27 17:16    --------    d-s---w-    c:\windows\system32\CompatTel
2014-04-27 17:16 . 2014-04-27 17:16    465408    ----a-w-    c:\windows\system32\aepdu.dll
2014-04-27 17:16 . 2014-04-27 17:16    424448    ----a-w-    c:\windows\system32\aeinv.dll
2014-04-24 13:05 . 2014-04-24 13:05    --------    d-sh--w-    c:\users\Bill\AppData\Local\EmieUserList
2014-04-24 13:05 . 2014-04-24 13:05    --------    d-sh--w-    c:\users\Bill\AppData\Local\EmieSiteList
2014-04-21 13:53 . 2014-04-21 13:53    261056    ----a-w-    c:\windows\system32\drivers\avchv.sys
2014-04-21 00:24 . 2014-04-21 00:24    946392    ----a-w-    c:\windows\system32\RCoInstII64.dll
2014-04-21 00:22 . 2014-04-21 00:22    33008    ----a-w-    c:\windows\system32\drivers\Smb_driver_Intel.sys
2014-04-17 00:14 . 2014-02-04 02:35    274880    ----a-w-    c:\windows\system32\drivers\msiscsi.sys
2014-04-17 00:12 . 2014-01-24 02:37    1684928    ----a-w-    c:\windows\system32\drivers\ntfs.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-08 20:09 . 2010-07-20 08:23    17920    ----a-w-    c:\windows\system32\rpcnetp.exe
2014-05-08 20:09 . 2010-11-27 02:16    58288    ----a-w-    c:\windows\SysWow64\rpcnet.dll
2014-05-03 21:18 . 2013-10-27 17:51    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-03 19:29 . 2014-03-16 20:35    290304    ----a-w-    c:\windows\SysWow64\subinacl.exe
2014-05-02 18:22 . 2013-06-22 16:51    108968    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2014-04-22 01:57 . 2010-09-05 18:17    387455    ----a-w-    C:\DUMP63a2.tmp
2014-04-21 00:33 . 2010-11-28 22:51    90655440    ----a-w-    c:\windows\system32\MRT.exe
2014-03-18 21:51 . 2014-01-24 14:00    128320    ----a-w-    c:\windows\system32\IObitSmartDefragExtension.dll
2014-03-17 01:42 . 2014-03-17 01:42    624128    ----a-w-    c:\windows\system32\qedit.dll
2014-03-17 01:42 . 2014-03-17 01:42    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
2014-03-17 01:42 . 2014-03-17 01:42    3156480    ----a-w-    c:\windows\system32\win32k.sys
2014-03-17 01:42 . 2014-03-17 01:42    484864    ----a-w-    c:\windows\system32\wer.dll
2014-03-17 01:42 . 2014-03-17 01:42    381440    ----a-w-    c:\windows\SysWow64\wer.dll
2014-03-17 01:41 . 2014-03-17 01:41    1424384    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-03-17 01:41 . 2014-03-17 01:41    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2014-03-17 01:41 . 2014-03-17 01:41    228864    ----a-w-    c:\windows\system32\wwansvc.dll
2014-03-15 02:12 . 2012-04-03 12:45    418464    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-15 02:12 . 2011-08-31 01:13    70304    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-04 09:17 . 2014-04-17 00:14    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2014-02-28 17:24 . 2014-02-28 17:24    458960    ----a-w-    c:\windows\system32\drivers\k57nd60a.sys
2014-02-28 17:24 . 2014-02-28 17:24    317440    ----a-w-    c:\windows\system32\drivers\IntcDAud.sys
2014-02-28 17:24 . 2014-02-28 17:24    14848    ----a-w-    c:\windows\system32\IntcDAuC.dll
2014-02-28 17:22 . 2014-02-28 17:22    1958616    ----a-w-    c:\windows\system32\RTSnMg64.cpl
2014-02-28 17:19 . 2014-02-28 17:19    90112    ----a-w-    c:\windows\system32\igfxCoIn_v2993.dll
2014-02-28 17:19 . 2014-02-28 17:19    168944    ----a-w-    c:\windows\system32\igfxtray.exe
2014-02-28 17:19 . 2014-02-28 17:19    9014784    ----a-w-    c:\windows\system32\igfxress.dll
2014-02-28 17:19 . 2014-02-28 17:19    510960    ----a-w-    c:\windows\system32\igfxsrvc.exe
2014-02-28 17:19 . 2014-02-28 17:19    418800    ----a-w-    c:\windows\system32\igfxpers.exe
2014-02-28 17:19 . 2014-02-28 17:19    4096    ----a-w-    c:\windows\system32\IGFXDEVLib.dll
2014-02-28 17:19 . 2014-02-28 17:19    378368    ----a-w-    c:\windows\system32\igfxTMM.dll
2014-02-28 17:19 . 2014-02-28 17:19    376320    ----a-w-    c:\windows\system32\igfxpph.dll
2014-02-28 17:19 . 2014-02-28 17:19    293888    ----a-w-    c:\windows\SysWow64\igfxdv32.dll
2014-02-28 17:19 . 2014-02-28 17:19    287232    ----a-w-    c:\windows\system32\igfxrfra.lrc
2014-02-28 17:19 . 2014-02-28 17:19    287232    ----a-w-    c:\windows\system32\igfxresn.lrc
2014-02-28 17:19 . 2014-02-28 17:19    287232    ----a-w-    c:\windows\system32\igfxrell.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286720    ----a-w-    c:\windows\system32\igfxrsky.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286720    ----a-w-    c:\windows\system32\igfxrrus.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286720    ----a-w-    c:\windows\system32\igfxrrom.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286720    ----a-w-    c:\windows\system32\igfxrptg.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286720    ----a-w-    c:\windows\system32\igfxrplk.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286720    ----a-w-    c:\windows\system32\igfxrnld.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286720    ----a-w-    c:\windows\system32\igfxrita.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286720    ----a-w-    c:\windows\system32\igfxrhrv.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286720    ----a-w-    c:\windows\system32\igfxrdeu.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286720    ----a-w-    c:\windows\system32\igfxrcsy.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286208    ----a-w-    c:\windows\system32\igfxrtrk.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286208    ----a-w-    c:\windows\system32\igfxrsve.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286208    ----a-w-    c:\windows\system32\igfxrslv.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286208    ----a-w-    c:\windows\system32\igfxrptb.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286208    ----a-w-    c:\windows\system32\igfxrnor.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286208    ----a-w-    c:\windows\system32\igfxrhun.lrc
2014-02-28 17:19 . 2014-02-28 17:19    286208    ----a-w-    c:\windows\system32\igfxrfin.lrc
2014-02-28 17:19 . 2014-02-28 17:19    285696    ----a-w-    c:\windows\system32\igfxrtha.lrc
2014-02-28 17:19 . 2014-02-28 17:19    285696    ----a-w-    c:\windows\system32\igfxrenu.lrc
2014-02-28 17:19 . 2014-02-28 17:19    285696    ----a-w-    c:\windows\system32\igfxrdan.lrc
2014-02-28 17:19 . 2014-02-28 17:19    285184    ----a-w-    c:\windows\system32\igfxrheb.lrc
2014-02-28 17:19 . 2014-02-28 17:19    285184    ----a-w-    c:\windows\system32\igfxrara.lrc
2014-02-28 17:19 . 2014-02-28 17:19    283648    ----a-w-    c:\windows\system32\igfxrjpn.lrc
2014-02-28 17:19 . 2014-02-28 17:19    283136    ----a-w-    c:\windows\system32\igfxrkor.lrc
2014-02-28 17:19 . 2014-02-28 17:19    282624    ----a-w-    c:\windows\system32\igfxrcht.lrc
2014-02-28 17:19 . 2014-02-28 17:19    282624    ----a-w-    c:\windows\system32\igfxrchs.lrc
2014-02-28 17:19 . 2014-02-28 17:19    24576    ----a-w-    c:\windows\SysWow64\igfxexps32.dll
2014-02-28 17:19 . 2014-02-28 17:19    241136    ----a-w-    c:\windows\system32\igfxext.exe
2014-02-28 17:19 . 2014-02-28 17:19    142336    ----a-w-    c:\windows\system32\igfxdo.dll
2014-02-28 17:19 . 2014-02-28 17:19    126976    ----a-w-    c:\windows\system32\igfxcpl.cpl
2014-02-28 17:19 . 2014-01-26 19:09    62464    ----a-w-    c:\windows\system32\igfxsrvc.dll
2014-02-28 17:19 . 2014-01-26 19:09    28672    ----a-w-    c:\windows\system32\igfxexps.dll
2014-02-28 17:19 . 2014-01-26 19:09    390144    ----a-w-    c:\windows\system32\igfxdev.dll
2014-02-28 17:19 . 2012-01-11 02:28    8314368    ----a-w-    c:\windows\system32\igdumd64.dll
2014-02-28 17:19 . 2011-02-11 23:09    581120    ----a-w-    c:\windows\SysWow64\igdumdx32.dll
2014-02-28 17:19 . 2014-02-28 17:19    12312928    ----a-w-    c:\windows\system32\drivers\igdkmd64.sys
2014-02-28 17:19 . 2011-02-11 23:12    6324224    ----a-w-    c:\windows\SysWow64\igdumd32.dll
2014-02-28 17:19 . 2014-02-28 17:19    18664960    ----a-w-    c:\windows\system32\ig4icd64.dll
2014-02-28 17:19 . 2014-02-28 17:19    13913600    ----a-w-    c:\windows\SysWow64\ig4icd32.dll
2014-02-28 17:19 . 2012-01-11 02:06    9528832    ----a-w-    c:\windows\system32\igd10umd64.dll
2014-02-28 17:19 . 2012-01-11 01:55    7988224    ----a-w-    c:\windows\SysWow64\igd10umd32.dll
2014-02-28 17:19 . 2014-02-28 17:19    394224    ----a-w-    c:\windows\system32\hkcmd.exe
2014-02-28 17:19 . 2014-02-28 17:19    4380144    ----a-w-    c:\windows\system32\GfxUI.exe
2014-02-28 17:19 . 2014-01-26 19:08    110080    ----a-w-    c:\windows\system32\hccutils.dll
2014-02-28 17:19 . 2014-02-28 17:19    185840    ----a-w-    c:\windows\system32\difx64.exe
2014-02-28 17:19 . 2014-02-28 17:19    146432    ----a-w-    c:\windows\system32\gfxSrvc.dll
2014-02-15 14:17 . 2014-02-15 14:17    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2014-02-15 14:17 . 2014-02-15 14:17    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2014-02-15 14:17 . 2014-02-15 14:17    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2014-02-15 14:17 . 2014-02-15 14:17    1987584    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2014-02-15 14:17 . 2014-02-15 14:17    2048    ----a-w-    c:\windows\SysWow64\msxml3r.dll
2014-02-15 14:17 . 2014-02-15 14:17    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2014-02-15 14:17 . 2014-02-15 14:17    1882112    ----a-w-    c:\windows\system32\msxml3.dll
2014-02-15 14:17 . 2014-02-15 14:17    1237504    ----a-w-    c:\windows\SysWow64\msxml3.dll
2014-02-15 14:09 . 2014-02-15 14:09    87040    ----a-w-    c:\windows\SysWow64\secproc_ssp_isv.dll
2014-02-15 14:09 . 2014-02-15 14:09    87040    ----a-w-    c:\windows\SysWow64\secproc_ssp.dll
2014-02-15 14:09 . 2014-02-15 14:09    658432    ----a-w-    c:\windows\system32\RMActivate_isv.exe
2014-02-15 14:09 . 2014-02-15 14:09    626176    ----a-w-    c:\windows\system32\RMActivate.exe
2014-02-15 14:09 . 2014-02-15 14:09    594944    ----a-w-    c:\windows\SysWow64\RMActivate_isv.exe
2014-02-15 14:09 . 2014-02-15 14:09    572416    ----a-w-    c:\windows\SysWow64\RMActivate.exe
2014-02-15 14:09 . 2014-02-15 14:09    553984    ----a-w-    c:\windows\system32\RMActivate_ssp.exe
2014-02-15 14:09 . 2014-02-15 14:09    552960    ----a-w-    c:\windows\system32\RMActivate_ssp_isv.exe
2014-02-15 14:09 . 2014-02-15 14:09    528384    ----a-w-    c:\windows\system32\msdrm.dll
2014-02-15 14:09 . 2014-02-15 14:09    510976    ----a-w-    c:\windows\SysWow64\RMActivate_ssp.exe
2014-02-15 14:09 . 2014-02-15 14:09    508928    ----a-w-    c:\windows\SysWow64\RMActivate_ssp_isv.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-03-13 00:13    1728216    ----a-w-    c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-03-13 00:13    1728216    ----a-w-    c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-03-13 00:13    1728216    ----a-w-    c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40    120176    ----a-w-    c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartMenu7"="c:\program files (x86)\Start Menu 7\StartMenu7.exe" [2011-02-23 2752920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 7"="c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" [2014-02-11 2288928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
.
R0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys;c:\windows\SYSNATIVE\DRIVERS\Lbd.sys [x]
R1 SBRE;SBRE; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 vToolbarUpdater17.1.0;vToolbarUpdater17.1.0; [x]
R3 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [x]
R3 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys;c:\windows\SYSNATIVE\drivers\DigiartyVirtualCDBus.sys [x]
R3 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
R3 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
R3 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver; [x]
R3 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 PasswordBox;PasswordBox;c:\program files (x86)\PasswordBox\pbbtnService.exe;c:\program files (x86)\PasswordBox\pbbtnService.exe [x]
R3 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 SolutoRemoteService;Soluto Remote Service;c:\program files\Soluto\SolutoRemoteService.exe;c:\program files\Soluto\SolutoRemoteService.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys;c:\windows\SYSNATIVE\DRIVERS\hotcore3.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys;c:\windows\SYSNATIVE\DRIVERS\Soluto.sys [x]
S1 {e844e171-0702-480a-abc8-39f79c8c6126}w64;{e844e171-0702-480a-abc8-39f79c8c6126}w64;c:\windows\system32\drivers\{e844e171-0702-480a-abc8-39f79c8c6126}w64.sys;c:\windows\SYSNATIVE\drivers\{e844e171-0702-480a-abc8-39f79c8c6126}w64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys;c:\program files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [x]
S1 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 gzserv;Bitdefender Antivirus Free Edition;c:\program files\Bitdefender\Antivirus Free Edition\gzserv.exe;c:\program files\Bitdefender\Antivirus Free Edition\gzserv.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 SMUpd;Search Module Update;c:\program files\Common Files\Goobzo\GBUpdate\smu.exe;c:\program files\Common Files\Goobzo\GBUpdate\smu.exe [x]
S2 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe;c:\program files\Soluto\SolutoLauncherService.exe [x]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe;c:\program files\Soluto\SolutoService.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 SMUpdd;Search Module UpdateD;c:\program files\Common Files\Goobzo\GBUpdate\smw.sys;c:\program files\Common Files\Goobzo\GBUpdate\smw.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-01 c:\windows\Tasks\GlaryInitialize 3.job
- c:\program files (x86)\Glary Utilities 3\Initialize.exe [2013-10-28 08:36]
.
2014-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-10 01:31]
.
2014-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-10 01:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-03-13 00:10    2333400    ----a-w-    c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-03-13 00:10    2333400    ----a-w-    c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-03-13 00:10    2333400    ----a-w-    c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    97792    ----a-w-    c:\users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    97792    ----a-w-    c:\users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    97792    ----a-w-    c:\users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    97792    ----a-w-    c:\users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42    137584    ----a-w-    c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2013-05-21 19:06    6437192    ----a-w-    c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2013-05-21 19:06    6437192    ----a-w-    c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-04-21 13667032]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-02-28 394224]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-02-28 418800]
"Soluto"="c:\program files\soluto\soluto.exe" [2013-07-10 1230912]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.254
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{9F6B5CC3-5C7B-4B5C-97AF-19DEC1E380E5}"=hex:51,66,7a,6c,4c,1d,38,12,ad,5f,78,
   9b,49,12,32,0e,e8,b9,5a,9e,c4,bd,c4,f1
"{5148AB7D-8868-4490-B6DA-F98368488582}"=hex:51,66,7a,6c,4c,1d,38,12,13,a8,5b,
   55,5a,c6,fe,01,c9,cc,ba,c3,6d,16,c1,96
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
   34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{95D9ECF5-2A4D-4550-BE49-70D42F71296E}"=hex:51,66,7a,6c,4c,1d,38,12,9b,ef,ca,
   91,7f,64,3e,00,c1,5f,33,94,2a,2f,6d,7a
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}"=hex:51,66,7a,6c,4c,1d,38,12,b0,b9,4d,
   f6,7d,c9,e9,34,52,ae,29,b1,f0,09,fe,ca
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,41,a4,eb,ef,49,b5,fe,4f,97,47,b8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,41,a4,eb,ef,49,b5,fe,4f,97,47,b8,\
.
Completion time: 2014-05-08  16:34:15
ComboFix-quarantined-files.txt  2014-05-08 20:34
ComboFix2.txt  2014-05-07 14:14
.
Pre-Run: 178,528,268,288 bytes free
Post-Run: 178,437,767,168 bytes free
.
- - End Of File - - 4C86FB115FF90328622F6DCDA9322B2D



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:17 AM

Posted 09 May 2014 - 04:11 AM


Hello mosscomes



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
    one of the options is to include a shortcut scan - i WANT THIS INCLUDED
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 mosscomes

mosscomes
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 10 May 2014 - 10:26 AM

I have the addition.txt, but can't figure out how to attach it.

 

Here's the FRST:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-05-2014
Ran by Bill (administrator) on BILL-PC on 10-05-2014 10:54:52
Running from C:\Users\Bill\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(OrdinarySoft) C:\Program Files (x86)\Start Menu 7\StartMenu7.exe
(Search Module Ltd.) C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files (x86)\Start Menu 7\VistaHookApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-04-20] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Soluto] => c:\program files\soluto\soluto.exe [1230912 2013-07-10] (Soluto)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2288928 2014-02-11] (IObit)
HKU\S-1-5-21-1824555648-438518814-2331939322-1001\...\Run: [StartMenu7] => C:\Program Files (x86)\Start Menu 7\StartMenu7.exe [2752920 2011-02-23] (OrdinarySoft)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
SearchScopes: HKCU - DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
SearchScopes: HKCU - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - CaptureSaver - {5148AB7D-8868-4490-B6DA-F98368488582} - C:\Program Files (x86)\CaptureSaver\CaptureSaverIE.dll (www.capturesaver.com)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - No CLSID Value -
Handler: msnim - No CLSID Value -
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: livecall - No CLSID Value -
Handler-x32: msnim - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\f4rxxs4p.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\10\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: WordExtra - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\korey@markus.me [2014-03-02]

==================== Services (Whitelisted) =================

S3 ABBYY.Licensing.FineReader.Professional.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [809736 2009-09-29] (ABBYY)
S3 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-05] (WildTangent)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
S3 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2014-03-02] (IObit)
R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [54040 2011-08-04] (Mozy, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [12600 2012-03-26] (Microsoft Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
S3 MySql; C:\Program Files\MySql\MySqlServer\bin\mysqld-nt.exe [5730304 2011-05-30] ()
S3 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-09-24] (PasswordBox, Inc.)
S3 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
S3 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [2545512 2014-04-15] (Search Module Ltd.)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [182848 2013-07-10] (Soluto)
S3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1942528 2013-07-10] (GlavSoft LLC.)
S2 vToolbarUpdater17.1.0; No ImagePath

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2014-04-21] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-10-11] (AVG Technologies)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2013-12-15] (Digiarty Software, Inc.)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37456 2010-09-03] (Paragon Software Group)
S3 Lavasoft Kernexplorer; No ImagePath
R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [67808 2013-05-21] (Mozy, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [203888 2012-03-20] (Microsoft Corporation)
S3 NTIDrvr; No ImagePath
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2011-03-14] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2011-03-14] (RapidSolution Software AG)
S1 SBRE; No ImagePath
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2014-04-20] (Synaptics Incorporated)
R3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [41320 2014-04-15] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 UBHelper; No ImagePath
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [50768 2010-09-03] (Windows ® 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [566864 2010-09-03] (Paragon)
R1 {e844e171-0702-480a-abc8-39f79c8c6126}w64; C:\Windows\System32\drivers\{e844e171-0702-480a-abc8-39f79c8c6126}w64.sys [61120 2014-04-24] (StdLib)
S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-10 10:54 - 2014-05-10 10:55 - 00013751 _____ () C:\Users\Bill\Desktop\FRST.txt
2014-05-10 10:54 - 2014-05-10 10:54 - 00000000 ____D () C:\FRST
2014-05-10 10:53 - 2014-05-10 10:32 - 02065408 _____ (Farbar) C:\Users\Bill\Desktop\FRST64.exe
2014-05-09 09:54 - 2014-05-09 09:54 - 00000000 ____D () C:\Users\Bill\AppData\Local\{B2A56CF0-0044-4596-A5C8-CC9645410088}
2014-05-08 21:28 - 2014-05-08 21:28 - 00000000 ____D () C:\Users\Bill\AppData\Local\{876FEEFD-F2F6-4A5D-971B-3F6F0BA69B1F}
2014-05-08 17:01 - 2014-05-08 17:01 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-08 17:01 - 2014-05-08 17:01 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-08 17:01 - 2014-05-08 17:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-08 16:57 - 2014-05-10 10:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-08 16:57 - 2014-05-08 16:57 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-08 16:34 - 2014-05-08 16:34 - 00035228 _____ () C:\ComboFix.txt
2014-05-08 08:39 - 2014-05-08 08:39 - 00000000 ____D () C:\Users\Bill\AppData\Local\{B79376C9-D534-424D-855F-9D14F82F6D84}
2014-05-07 10:29 - 2014-05-07 10:30 - 00000000 ____D () C:\Users\Bill\AppData\Local\{40A91F7D-04D1-4467-92CC-D57665E0D328}
2014-05-07 09:38 - 2014-05-07 08:27 - 05200039 ____R (Swearware) C:\Users\Bill\Desktop\ComboFix.exe
2014-05-06 16:17 - 2014-05-06 16:17 - 01316991 _____ () C:\Users\Bill\Desktop\AdwCleaner.exe
2014-05-06 16:14 - 2014-05-06 16:14 - 01016261 _____ (Thisisu) C:\Users\Bill\Desktop\JRT.exe
2014-05-06 16:02 - 2014-05-10 10:46 - 00000616 _____ () C:\Windows\setupact.log
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-06 16:00 - 2014-05-08 16:41 - 00004234 _____ () C:\Windows\PFRO.log
2014-05-06 10:07 - 2014-05-06 10:07 - 00000746 _____ () C:\Windows\XaraX.INI
2014-05-06 10:07 - 2014-05-06 10:07 - 00000000 ____D () C:\Users\Bill\AppData\Local\Xara
2014-05-04 08:25 - 2014-05-04 08:25 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-05-03 19:29 - 2014-05-03 19:29 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\Oracle
2014-05-03 17:18 - 2014-05-03 17:18 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-03 17:18 - 2014-05-03 17:18 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-03 17:18 - 2014-05-03 17:18 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-03 17:18 - 2014-05-03 17:18 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-03 16:51 - 2014-05-03 16:51 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-05-03 16:41 - 2014-04-29 10:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 16:41 - 2014-04-29 09:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-03 16:41 - 2014-04-29 08:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-03 16:41 - 2014-04-29 08:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-03 16:17 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-03 16:17 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-03 16:17 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-03 16:17 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-03 16:17 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-03 16:17 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-03 16:17 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-03 16:17 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-03 16:14 - 2014-05-08 16:34 - 00000000 ____D () C:\Qoobox
2014-05-03 15:54 - 2014-05-07 10:04 - 00000000 ____D () C:\Windows\erdnt
2014-05-03 15:43 - 2014-05-03 15:43 - 00000000 ____D () C:\Windows\ERUNT
2014-05-03 11:03 - 2014-05-03 11:03 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-05-02 19:16 - 2014-05-02 19:54 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-05-02 14:27 - 2014-05-02 14:28 - 03224200 _____ (WiseCleaner.com ) C:\Users\Bill\Downloads\WRCFree.exe
2014-05-02 14:22 - 2014-05-02 14:22 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-02 14:22 - 2014-05-02 14:22 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-02 14:22 - 2014-05-02 14:22 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-02 14:06 - 2014-05-02 14:07 - 29164456 _____ (Oracle Corporation) C:\Users\Bill\Downloads\jre-7u55-windows-i586.exe
2014-05-02 12:51 - 2014-05-02 09:50 - 00000292 _____ () C:\Users\Bill\Documents\indexfile.txt
2014-05-02 12:43 - 2014-05-02 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-02 12:11 - 2014-05-03 11:21 - 00000000 ____D () C:\Program Files\stinger
2014-05-02 11:41 - 2014-05-02 11:41 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-02 10:27 - 2014-05-02 10:27 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\SUPERAntiSpyware.com
2014-05-02 09:49 - 2014-05-02 09:49 - 00000131 _____ () C:\Users\Bill\Desktop\seth1.url
2014-05-02 09:46 - 2014-05-02 09:46 - 01035926 _____ () C:\Users\Bill\Downloads\MozBackup-1.5.1-EN.exe
2014-05-02 09:46 - 2014-05-02 09:46 - 00001031 _____ () C:\Users\Public\Desktop\MozBackup.lnk
2014-05-02 09:46 - 2014-05-02 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
2014-05-02 09:46 - 2014-05-02 09:46 - 00000000 ____D () C:\Program Files (x86)\MozBackup
2014-05-02 08:34 - 2014-05-02 08:34 - 00921512 _____ (Oracle Corporation) C:\Users\Bill\Downloads\jxpiinstall.exe
2014-05-02 08:27 - 2014-05-02 08:27 - 00000131 _____ () C:\Users\Bill\Desktop\1.url
2014-05-01 20:35 - 2014-05-03 18:41 - 00000000 ____D () C:\Program Files (x86)\Identity Finder 6
2014-05-01 19:38 - 2014-05-01 19:38 - 00000152 _____ () C:\eRyInfo.dat
2014-05-01 19:38 - 2014-05-01 19:38 - 00000000 ____D () C:\Users\Public\OEM
2014-05-01 16:55 - 2014-05-02 07:19 - 00016616 _____ () C:\Windows\system32\.crusader
2014-05-01 13:33 - 2014-05-02 07:30 - 00000000 ____D () C:\Program Files\HitmanPro
2014-05-01 13:33 - 2014-05-01 16:55 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-01 13:14 - 2014-04-23 14:05 - 01990574 _____ () C:\Users\Bill\Desktop\MGtools.exe
2014-05-01 12:47 - 2014-05-06 16:45 - 00000000 ____D () C:\Users\Bill\Desktop\malwarecleaning05012014
2014-05-01 11:15 - 2014-05-01 11:15 - 00282960 _____ (Mozilla) C:\Users\Bill\Downloads\Firefox Setup Stub 29.0.exe
2014-05-01 09:23 - 2014-05-01 09:23 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\Crystal Office
2014-04-30 21:04 - 2014-04-24 12:22 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{e844e171-0702-480a-abc8-39f79c8c6126}w64.sys
2014-04-30 10:22 - 2014-05-01 08:57 - 00003166 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Startup
2014-04-30 10:22 - 2013-12-24 10:40 - 00021184 _____ (IObit) C:\Windows\system32\Drivers\SmartDefragDriver.sys
2014-04-27 13:16 - 2014-04-27 13:16 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-27 13:16 - 2014-04-27 13:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-27 13:16 - 2014-04-27 13:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-24 09:05 - 2014-04-24 09:05 - 00000000 __SHD () C:\Users\Bill\AppData\Local\EmieUserList
2014-04-24 09:05 - 2014-04-24 09:05 - 00000000 __SHD () C:\Users\Bill\AppData\Local\EmieSiteList
2014-04-21 09:53 - 2014-04-21 09:53 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-04-20 20:25 - 2014-04-20 20:25 - 05804772 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2014-04-20 20:25 - 2014-04-20 20:25 - 03872984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-04-20 20:25 - 2014-04-20 20:25 - 02825432 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-04-20 20:25 - 2014-04-20 20:25 - 02792152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2014-04-20 20:25 - 2014-04-20 20:25 - 02157704 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2014-04-20 20:25 - 2014-04-20 20:25 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2014-04-20 20:25 - 2014-04-20 20:25 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-04-20 20:25 - 2014-04-20 20:25 - 01045752 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2014-04-20 20:25 - 2014-04-20 20:25 - 01024216 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-04-20 20:25 - 2014-04-20 20:25 - 00899320 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2014-04-20 20:25 - 2014-04-20 20:25 - 00757301 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-04-20 20:25 - 2014-04-20 20:25 - 00724728 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2014-04-20 20:25 - 2014-04-20 20:25 - 00624344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2014-04-20 20:25 - 2014-04-20 20:25 - 00245496 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2014-04-20 20:24 - 2014-04-20 20:25 - 56270848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2014-04-20 20:24 - 2014-04-20 20:24 - 28310104 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 14737496 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 12793944 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 05752072 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 03923032 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 02319960 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 02037336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 01932888 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 01419376 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 01419376 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 01033304 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 00946392 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 00942384 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOSettingsIPC.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 00938608 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2014-04-20 20:23 - 2014-04-20 20:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
2014-04-20 20:22 - 2014-04-20 20:22 - 00033008 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2014-04-20 20:15 - 2014-04-20 20:15 - 00001160 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-04-20 20:14 - 2014-04-20 20:14 - 00002862 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2014-04-20 17:47 - 2014-04-20 17:47 - 27264776 _____ (IObit ) C:\Users\Bill\Downloads\iobit-malware-fighter-setup (1).exe
2014-04-20 17:41 - 2014-04-20 17:41 - 27264776 _____ (IObit ) C:\Users\Bill\Downloads\iobit-malware-fighter-setup.exe
2014-04-20 15:23 - 2014-05-01 08:57 - 00003164 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Update
2014-04-20 15:22 - 2014-04-30 10:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
2014-04-20 15:21 - 2014-04-20 15:21 - 07524576 _____ (IObit ) C:\Users\Bill\Downloads\defragsetup-pro.exe
2014-04-20 13:48 - 2014-04-20 13:48 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-20 13:48 - 2014-04-20 13:48 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-20 13:48 - 2014-04-20 13:48 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-20 13:48 - 2014-04-20 13:48 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-20 13:48 - 2014-04-20 13:48 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-20 13:48 - 2014-04-20 13:48 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-20 13:48 - 2014-04-20 13:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-20 13:48 - 2014-04-20 13:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-16 20:14 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-16 20:14 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-16 20:14 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-16 20:14 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-16 20:14 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-16 20:14 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-16 20:14 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-16 20:14 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-16 20:14 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-16 20:14 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-16 20:14 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-16 20:14 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-16 20:14 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-16 20:14 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-16 20:14 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-16 20:14 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-16 20:12 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders =======

2014-05-10 10:55 - 2014-05-10 10:54 - 00013751 _____ () C:\Users\Bill\Desktop\FRST.txt
2014-05-10 10:54 - 2014-05-10 10:54 - 00000000 ____D () C:\FRST
2014-05-10 10:54 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-10 10:54 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-10 10:54 - 2009-07-14 00:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-10 10:52 - 2010-09-05 14:20 - 01889079 _____ () C:\Windows\WindowsUpdate.log
2014-05-10 10:47 - 2010-11-26 22:16 - 00058288 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2014-05-10 10:47 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-10 10:46 - 2014-05-06 16:02 - 00000616 _____ () C:\Windows\setupact.log
2014-05-10 10:44 - 2010-07-20 04:23 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe
2014-05-10 10:39 - 2014-05-08 16:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-10 10:39 - 2011-01-09 21:31 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-10 10:32 - 2014-05-10 10:53 - 02065408 _____ (Farbar) C:\Users\Bill\Desktop\FRST64.exe
2014-05-09 09:54 - 2014-05-09 09:54 - 00000000 ____D () C:\Users\Bill\AppData\Local\{B2A56CF0-0044-4596-A5C8-CC9645410088}
2014-05-08 21:28 - 2014-05-08 21:28 - 00000000 ____D () C:\Users\Bill\AppData\Local\{876FEEFD-F2F6-4A5D-971B-3F6F0BA69B1F}
2014-05-08 17:01 - 2014-05-08 17:01 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-08 17:01 - 2014-05-08 17:01 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-08 17:01 - 2014-05-08 17:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-08 17:01 - 2013-12-03 16:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-08 17:01 - 2010-11-29 10:48 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\Mozilla
2014-05-08 16:57 - 2014-05-08 16:57 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-08 16:57 - 2012-04-03 08:45 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-08 16:57 - 2011-08-30 21:13 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-08 16:56 - 2010-11-26 22:04 - 00000000 ____D () C:\Users\Bill\AppData\Local\Adobe
2014-05-08 16:41 - 2014-05-06 16:00 - 00004234 _____ () C:\Windows\PFRO.log
2014-05-08 16:34 - 2014-05-08 16:34 - 00035228 _____ () C:\ComboFix.txt
2014-05-08 16:34 - 2014-05-03 16:14 - 00000000 ____D () C:\Qoobox
2014-05-08 16:31 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-08 16:08 - 2011-01-09 21:31 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-08 08:39 - 2014-05-08 08:39 - 00000000 ____D () C:\Users\Bill\AppData\Local\{B79376C9-D534-424D-855F-9D14F82F6D84}
2014-05-07 20:38 - 2011-01-09 21:31 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 20:38 - 2011-01-09 21:31 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-07 10:30 - 2014-05-07 10:29 - 00000000 ____D () C:\Users\Bill\AppData\Local\{40A91F7D-04D1-4467-92CC-D57665E0D328}
2014-05-07 10:14 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-05-07 10:04 - 2014-05-03 15:54 - 00000000 ____D () C:\Windows\erdnt
2014-05-07 09:38 - 2009-07-14 00:45 - 03461536 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-07 09:36 - 2010-11-26 10:03 - 00125336 _____ () C:\Users\Bill\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-07 09:14 - 2011-04-07 13:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-07 09:14 - 2009-07-13 22:34 - 00000704 _____ () C:\Windows\win.ini
2014-05-07 09:13 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-05-07 09:07 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-05-07 08:27 - 2014-05-07 09:38 - 05200039 ____R (Swearware) C:\Users\Bill\Desktop\ComboFix.exe
2014-05-06 16:45 - 2014-05-01 12:47 - 00000000 ____D () C:\Users\Bill\Desktop\malwarecleaning05012014
2014-05-06 16:19 - 2013-10-27 13:47 - 00000000 ____D () C:\AdwCleaner
2014-05-06 16:17 - 2014-05-06 16:17 - 01316991 _____ () C:\Users\Bill\Desktop\AdwCleaner.exe
2014-05-06 16:14 - 2014-05-06 16:14 - 01016261 _____ (Thisisu) C:\Users\Bill\Desktop\JRT.exe
2014-05-06 16:02 - 2014-05-06 16:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-06 10:07 - 2014-05-06 10:07 - 00000746 _____ () C:\Windows\XaraX.INI
2014-05-06 10:07 - 2014-05-06 10:07 - 00000000 ____D () C:\Users\Bill\AppData\Local\Xara
2014-05-06 10:04 - 2013-06-22 12:54 - 00000000 ___RD () C:\Users\Bill\Desktop\Desktop Icons
2014-05-06 10:04 - 2011-11-20 15:47 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoftMaker Office 2010
2014-05-06 10:04 - 2011-08-21 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Informer
2014-05-06 10:04 - 2011-02-18 09:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-05-06 10:04 - 2010-11-26 22:06 - 00000000 ___RD () C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-06 10:01 - 2010-11-26 10:02 - 00000000 ____D () C:\Users\Bill
2014-05-05 23:34 - 2011-09-05 16:01 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\vlc
2014-05-05 22:04 - 2011-10-02 15:48 - 00000000 ___DC () C:\Users\Bill\Recovered Files
2014-05-04 09:29 - 2011-04-16 21:08 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\Start Menu 7
2014-05-04 09:21 - 2013-12-05 11:08 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-05-04 08:25 - 2014-05-04 08:25 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-05-03 19:29 - 2014-05-03 19:29 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\Oracle
2014-05-03 18:41 - 2014-05-01 20:35 - 00000000 ____D () C:\Program Files (x86)\Identity Finder 6
2014-05-03 17:18 - 2014-05-03 17:18 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-03 17:18 - 2014-05-03 17:18 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-03 17:18 - 2014-05-03 17:18 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-03 17:18 - 2014-05-03 17:18 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-03 17:18 - 2013-10-27 13:51 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-03 16:51 - 2014-05-03 16:51 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-05-03 15:43 - 2014-05-03 15:43 - 00000000 ____D () C:\Windows\ERUNT
2014-05-03 15:33 - 2014-03-16 16:35 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-05-03 15:29 - 2014-03-16 16:35 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2014-05-03 11:21 - 2014-05-02 12:11 - 00000000 ____D () C:\Program Files\stinger
2014-05-03 11:03 - 2014-05-03 11:03 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-05-02 19:54 - 2014-05-02 19:16 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-05-02 14:28 - 2014-05-02 14:27 - 03224200 _____ (WiseCleaner.com ) C:\Users\Bill\Downloads\WRCFree.exe
2014-05-02 14:22 - 2014-05-02 14:22 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-02 14:22 - 2014-05-02 14:22 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-02 14:22 - 2014-05-02 14:22 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-02 14:22 - 2013-06-22 12:51 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-02 14:07 - 2014-05-02 14:06 - 29164456 _____ (Oracle Corporation) C:\Users\Bill\Downloads\jre-7u55-windows-i586.exe
2014-05-02 13:04 - 2010-12-12 12:57 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\Skype
2014-05-02 12:43 - 2014-05-02 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-02 11:54 - 2013-07-21 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-02 11:54 - 2012-08-26 21:29 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-02 11:54 - 2010-12-12 12:57 - 00000000 ____D () C:\ProgramData\Skype
2014-05-02 11:41 - 2014-05-02 11:41 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-02 10:27 - 2014-05-02 10:27 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\SUPERAntiSpyware.com
2014-05-02 10:12 - 2013-12-06 18:23 - 00000000 ____D () C:\MATS
2014-05-02 09:50 - 2014-05-02 12:51 - 00000292 _____ () C:\Users\Bill\Documents\indexfile.txt
2014-05-02 09:49 - 2014-05-02 09:49 - 00000131 _____ () C:\Users\Bill\Desktop\seth1.url
2014-05-02 09:46 - 2014-05-02 09:46 - 01035926 _____ () C:\Users\Bill\Downloads\MozBackup-1.5.1-EN.exe
2014-05-02 09:46 - 2014-05-02 09:46 - 00001031 _____ () C:\Users\Public\Desktop\MozBackup.lnk
2014-05-02 09:46 - 2014-05-02 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
2014-05-02 09:46 - 2014-05-02 09:46 - 00000000 ____D () C:\Program Files (x86)\MozBackup
2014-05-02 08:34 - 2014-05-02 08:34 - 00921512 _____ (Oracle Corporation) C:\Users\Bill\Downloads\jxpiinstall.exe
2014-05-02 08:27 - 2014-05-02 08:27 - 00000131 _____ () C:\Users\Bill\Desktop\1.url
2014-05-02 07:30 - 2014-05-01 13:33 - 00000000 ____D () C:\Program Files\HitmanPro
2014-05-02 07:19 - 2014-05-01 16:55 - 00016616 _____ () C:\Windows\system32\.crusader
2014-05-01 19:38 - 2014-05-01 19:38 - 00000152 _____ () C:\eRyInfo.dat
2014-05-01 19:38 - 2014-05-01 19:38 - 00000000 ____D () C:\Users\Public\OEM
2014-05-01 16:55 - 2014-05-01 13:33 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-01 16:55 - 2013-07-22 15:50 - 00000000 ____D () C:\Windows\AutoKMS
2014-05-01 13:56 - 2010-07-20 04:49 - 00000000 ____D () C:\Program Files\Google
2014-05-01 13:56 - 2010-07-20 04:49 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-01 13:50 - 2010-11-26 22:06 - 00000000 ____D () C:\Users\Bill\AppData\Local\VirtualStore
2014-05-01 13:06 - 2010-11-26 22:58 - 00000000 ____D () C:\Users\Bill\AppData\Local\Google
2014-05-01 13:06 - 2010-07-20 04:49 - 00000000 ____D () C:\ProgramData\Google
2014-05-01 11:15 - 2014-05-01 11:15 - 00282960 _____ (Mozilla) C:\Users\Bill\Downloads\Firefox Setup Stub 29.0.exe
2014-05-01 09:39 - 2010-09-05 14:37 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-05-01 09:33 - 2011-01-23 21:20 - 00000000 ____D () C:\ProgramData\CyberLink
2014-05-01 09:33 - 2010-07-20 04:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-01 09:23 - 2014-05-01 09:23 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\Crystal Office
2014-05-01 09:10 - 2011-08-23 21:55 - 00000000 ____D () C:\Users\Bill\Documents\SoftMaker
2014-05-01 09:10 - 2011-08-23 21:55 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\SoftMaker
2014-05-01 08:57 - 2014-04-30 10:22 - 00003166 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Startup
2014-05-01 08:57 - 2014-04-20 15:23 - 00003164 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Update
2014-04-30 10:22 - 2014-04-20 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
2014-04-29 22:32 - 2013-09-09 21:32 - 00000000 ____D () C:\Users\Bill\Documents\Outlook Files
2014-04-29 10:01 - 2014-05-03 16:41 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 09:40 - 2014-05-03 16:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 08:48 - 2014-05-03 16:41 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 08:34 - 2014-05-03 16:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-28 05:37 - 2014-02-10 10:51 - 00003202 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1824555648-438518814-2331939322-1001
2014-04-28 05:25 - 2014-02-10 10:51 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1824555648-438518814-2331939322-1001
2014-04-27 13:16 - 2014-04-27 13:16 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-27 13:16 - 2014-04-27 13:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-27 13:16 - 2014-04-27 13:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-24 12:22 - 2014-04-30 21:04 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{e844e171-0702-480a-abc8-39f79c8c6126}w64.sys
2014-04-24 09:05 - 2014-04-24 09:05 - 00000000 __SHD () C:\Users\Bill\AppData\Local\EmieUserList
2014-04-24 09:05 - 2014-04-24 09:05 - 00000000 __SHD () C:\Users\Bill\AppData\Local\EmieSiteList
2014-04-23 14:05 - 2014-05-01 13:14 - 01990574 _____ () C:\Users\Bill\Desktop\MGtools.exe
2014-04-21 21:57 - 2010-09-05 14:17 - 00387455 _____ () C:\DUMP63a2.tmp
2014-04-21 09:53 - 2014-04-21 09:53 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-04-20 21:44 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-04-20 20:53 - 2013-11-22 10:19 - 00000000 ____D () C:\ProgramData\ProductData
2014-04-20 20:44 - 2013-07-22 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-04-20 20:40 - 2013-07-22 16:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-20 20:33 - 2010-11-28 18:51 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-20 20:28 - 2010-11-28 20:31 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-04-20 20:25 - 2014-04-20 20:25 - 05804772 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2014-04-20 20:25 - 2014-04-20 20:25 - 03872984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-04-20 20:25 - 2014-04-20 20:25 - 02825432 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-04-20 20:25 - 2014-04-20 20:25 - 02792152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2014-04-20 20:25 - 2014-04-20 20:25 - 02157704 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2014-04-20 20:25 - 2014-04-20 20:25 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2014-04-20 20:25 - 2014-04-20 20:25 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-04-20 20:25 - 2014-04-20 20:25 - 01045752 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2014-04-20 20:25 - 2014-04-20 20:25 - 01024216 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-04-20 20:25 - 2014-04-20 20:25 - 00899320 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2014-04-20 20:25 - 2014-04-20 20:25 - 00757301 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-04-20 20:25 - 2014-04-20 20:25 - 00724728 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2014-04-20 20:25 - 2014-04-20 20:25 - 00624344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2014-04-20 20:25 - 2014-04-20 20:25 - 00245496 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2014-04-20 20:25 - 2014-04-20 20:24 - 56270848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2014-04-20 20:24 - 2014-04-20 20:24 - 28310104 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 14737496 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 12793944 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 05752072 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 03923032 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 02319960 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 02037336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 01932888 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 01419376 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 01419376 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 01033304 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 00946392 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 00942384 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOSettingsIPC.dll
2014-04-20 20:24 - 2014-04-20 20:24 - 00938608 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2014-04-20 20:23 - 2014-04-20 20:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
2014-04-20 20:22 - 2014-04-20 20:22 - 00033008 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2014-04-20 20:15 - 2014-04-20 20:15 - 00001160 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-04-20 20:15 - 2014-03-02 17:17 - 00002892 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-04-20 20:15 - 2013-11-22 10:19 - 00002137 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-04-20 20:15 - 2013-11-22 10:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-04-20 20:14 - 2014-04-20 20:14 - 00002862 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2014-04-20 20:14 - 2014-02-28 12:37 - 00001102 _____ () C:\Users\Public\Desktop\Driver Booster.lnk
2014-04-20 20:14 - 2013-11-10 09:05 - 00003220 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2014-04-20 20:14 - 2013-11-10 09:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
2014-04-20 17:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-20 17:47 - 2014-04-20 17:47 - 27264776 _____ (IObit ) C:\Users\Bill\Downloads\iobit-malware-fighter-setup (1).exe
2014-04-20 17:41 - 2014-04-20 17:41 - 27264776 _____ (IObit ) C:\Users\Bill\Downloads\iobit-malware-fighter-setup.exe
2014-04-20 15:22 - 2010-12-17 14:04 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\IObit
2014-04-20 15:22 - 2010-12-17 14:04 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-04-20 15:21 - 2014-04-20 15:21 - 07524576 _____ (IObit ) C:\Users\Bill\Downloads\defragsetup-pro.exe
2014-04-20 13:48 - 2014-04-20 13:48 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-20 13:48 - 2014-04-20 13:48 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-20 13:48 - 2014-04-20 13:48 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-20 13:48 - 2014-04-20 13:48 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-20 13:48 - 2014-04-20 13:48 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-20 13:48 - 2014-04-20 13:48 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-20 13:48 - 2014-04-20 13:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-20 13:48 - 2014-04-20 13:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-20 13:48 - 2014-04-20 13:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

Some content of TEMP:
====================
C:\Users\Bill\AppData\Local\Temp\Checkupdate.exe
C:\Users\Bill\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Bill\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Bill\AppData\Local\Temp\gtapi_signed.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-09 20:41

==================== End Of Log ============================



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:17 AM

Posted 12 May 2014 - 07:09 AM

Hello mosscomes


In my instructions I had also asked for the shortcut scan and I will need that report

To attach a file you need to click on more reply options - click on browse and choose the file you want to attach - click on attach this file


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 mosscomes

mosscomes
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 12 May 2014 - 07:27 AM

Here you go, Gringo.


Sorry, still learning the user interface

Attached Files



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:17 AM

Posted 12 May 2014 - 11:15 AM

Hello mosscomes



I need you to download this script I have made for you --> Attached File  fixlist.txt   924bytes   2 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 mosscomes

mosscomes
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 12 May 2014 - 05:33 PM

Ok, Gringo.

 

We may be really close or done with IE. It's initial loading time from a start/restart is 40 seconds, but the status bar reports "waiting for..." after 10-12 seconds. Subsequent restarts of IE are "instaneous." Boot time has been consistent (it will get better when I pull off a number of extraneous programs).

 

Which leaves Firefox and its obnoxious "Welcome to Firefox" and prefs.js file permission issue. The system will not accept any changes to prefs.js. Every time Firefox is launched, it creates a "prefs-n (1, 2, 3, etc for n)" file at 0 K size. I've tried the options that Mozilla support say to correct the problem and they don't work.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-05-2014 01
Ran by Bill at 2014-05-12 17:31:04 Run:1
Running from C:\Users\Bill\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
(Search Module Ltd.) C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe
SearchScopes: HKLM - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
SearchScopes: HKCU - DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
SearchScopes: HKCU - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}
R2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [2545512 2014-04-15] (Search Module Ltd.)
R3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [41320 2014-04-15] ()
C:\Users\Bill\AppData\Local\Temp\Checkupdate.exe
C:\Users\Bill\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Bill\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Bill\AppData\Local\Temp\gtapi_signed.dll

*****************

[2748] C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe => Process closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => Key deleted successfully.
HKCR\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => Key deleted successfully.
HKCR\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => Key not found.
SMUpd => Service stopped successfully.
SMUpd => Service deleted successfully.
SMUpdd => Service stopped successfully.
SMUpdd => Service deleted successfully.
C:\Users\Bill\AppData\Local\Temp\Checkupdate.exe => Moved successfully.
C:\Users\Bill\AppData\Local\Temp\Foxit Reader Updater.exe => Moved successfully.
C:\Users\Bill\AppData\Local\Temp\gcapi_dll.dll => Moved successfully.
C:\Users\Bill\AppData\Local\Temp\gtapi_signed.dll => Moved successfully.

==== End of Fixlog ====



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:17 AM

Posted 13 May 2014 - 07:19 AM


Hello mosscomes

I want you to reset firefox back to defaults, this will remove everything from Firefox

I will let you keep your bookmarks so to do that you can go here - Export BookMarks

Now to reset firefox do the following.
  • At the top of the Firefox window, click the "Firefox" button,
  • go over to the "Help" sub-menu
    • (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".
  • Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
  • click "Reset Firefox" in the confirmation window that opens.
  • Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.
restart the computer and check firefox for me now

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 mosscomes

mosscomes
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 14 May 2014 - 01:45 PM

Okay, Gringo.

 

Firefox now good. IE still good. Everything looks good. Flash updated without issue.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users