Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RogueKiller scan. need help


  • This topic is locked This topic is locked
27 replies to this topic

#1 caveanimal

caveanimal

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 12 February 2015 - 04:14 PM

Mod Edit: Moved to Malware Logs Forum ~~ boopme

Hi all I do scans all the time to try and keep my sons computer clean and when I did a scan with RogueKiller it came up with some items. I have scanned in safe mode and in normal mode the file is deleted and gone but keeps coming back. is this something In windows that I should ignore or is it something else. I have done scans with malwarebytes, Superantispyware, panda scan, TdssKiller.and addware cleaner. and nothing comes up. I will add the results from the RogueKiller scan.
 
 
 Thanks    John

Attached Files


Edited by caveanimal, 13 February 2015 - 01:07 PM.


BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:05 PM

Posted 15 February 2015 - 02:33 PM

Please post all logs directly into the thread as reply. I can not open any attachments on my system. :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 caveanimal

caveanimal
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 15 February 2015 - 08:43 PM

here is the log hope it is what you want........ I took out some of the numbers for the server numbers didn't know if they have something to do with my connections

Attached Files



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:05 PM

Posted 16 February 2015 - 04:42 AM

Hey, :)

You said: I have done scans with malwarebytes, Superantispyware, panda scan, TdssKiller.and addware cleaner
I need these logs.

Don't attach them - post them directly into the thread as reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 caveanimal

caveanimal
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 16 February 2015 - 12:00 PM

here are the scans I could find superantisyware would not load maybe wrong file .

Attached Files



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:05 PM

Posted 16 February 2015 - 03:04 PM

What did I say? :D

Don't attach them - post them directly into the thread as reply.


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 caveanimal

caveanimal
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 16 February 2015 - 03:46 PM

sorry for the screw up

 

# AdwCleaner v4.109 - Report created 03/02/2015 at 10:57:32
# Updated 24/01/2015 by Xplode
# Database : 2015-02-02.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Lee - LEE-PC
# Running from : C:\Users\Lee\Desktop\adwcleaner_4.109.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

*************************

AdwCleaner[R0].txt - [697 octets] - [17/11/2014 20:20:57]
AdwCleaner[R10].txt - [1661 octets] - [03/02/2015 10:36:18]
AdwCleaner[R1].txt - [815 octets] - [17/11/2014 20:28:41]
AdwCleaner[R2].txt - [882 octets] - [15/12/2014 15:16:44]
AdwCleaner[R3].txt - [941 octets] - [15/12/2014 15:21:11]
AdwCleaner[R4].txt - [1516 octets] - [04/01/2015 11:13:20]
AdwCleaner[R5].txt - [1249 octets] - [04/01/2015 11:20:41]
AdwCleaner[R6].txt - [1394 octets] - [26/01/2015 09:58:07]
AdwCleaner[R7].txt - [1420 octets] - [26/01/2015 12:01:16]
AdwCleaner[R8].txt - [1541 octets] - [28/01/2015 11:01:43]
AdwCleaner[R9].txt - [1600 octets] - [01/02/2015 21:12:59]
AdwCleaner[S0].txt - [757 octets] - [17/11/2014 20:26:23]
AdwCleaner[S1].txt - [1001 octets] - [15/12/2014 15:22:23]
AdwCleaner[S2].txt - [1539 octets] - [04/01/2015 11:15:19]
AdwCleaner[S3].txt - [1311 octets] - [04/01/2015 11:31:14]
AdwCleaner[S4].txt - [1410 octets] - [26/01/2015 10:02:49]
AdwCleaner[S5].txt - [1482 octets] - [26/01/2015 12:03:16]
AdwCleaner[S6].txt - [1582 octets] - [03/02/2015 10:57:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1642 octets] ##########

 

 

rootkit

 

<?xml version="1.0" encoding="UTF-8"?>

-<logs>

<record toVersion="2015.2.3.1" name="Rootkit Database" last_modified_tag="9de52af5-5fdb-43df-8186-ff66f3a97d41" fromVersion="2015.1.14.1" systemname="LEE-PC" username="SYSTEM" type="Update" source="Manual" datetime="2015-02-11T15:46:46.499480-05:00" LoggingEventType="1" severity="debug"/>

<record toVersion="2015.2.11.7" name="Malware Database" last_modified_tag="121711af-45cc-4370-a2d9-c05ba7bb9bd7" fromVersion="2015.1.30.7" systemname="LEE-PC" username="SYSTEM" type="Update" source="Manual" datetime="2015-02-11T15:46:52.287090-05:00" LoggingEventType="1" severity="debug"/>

<record last_modified_tag="5ffa298a-73d2-40cc-8ac0-0e02edc06120" systemname="LEE-PC" username="SYSTEM" type="Scan" source="Manual" datetime="2015-02-11T16:04:31.419750-05:00" LoggingEventType="6" severity="debug" scanresult="completed" nonmalwaredetections="0" malwaredetections="0" duration="1054" starttime="2015-02-11T15:46:57-05:00" scantype="threat"/>

</logs>

 

<?xml version="1.0" encoding="UTF-8"?>

<logs><record toVersion="2015.2.3.1" name="Rootkit Database" last_modified_tag="9de52af5-5fdb-43df-8186-ff66f3a97d41" fromVersion="2015.1.14.1" systemname="LEE-PC" username="SYSTEM" type="Update" source="Manual" datetime="2015-02-11T15:46:46.499480-05:00" LoggingEventType="1" severity="debug"/><record toVersion="2015.2.11.7" name="Malware Database" last_modified_tag="121711af-45cc-4370-a2d9-c05ba7bb9bd7" fromVersion="2015.1.30.7" systemname="LEE-PC" username="SYSTEM" type="Update" source="Manual" datetime="2015-02-11T15:46:52.287090-05:00" LoggingEventType="1" severity="debug"/><record last_modified_tag="5ffa298a-73d2-40cc-8ac0-0e02edc06120" systemname="LEE-PC" username="SYSTEM" type="Scan" source="Manual" datetime="2015-02-11T16:04:31.419750-05:00" LoggingEventType="6" severity="debug" scanresult="completed" nonmalwaredetections="0" malwaredetections="0" duration="1054" starttime="2015-02-11T15:46:57-05:00" scantype="threat"/></logs>

 

 

this is from silent runners logs just in case

 

"Silent Runners.vbs", revision 69, http://www.silentrunners.org/
Operating System: Microsoft Windows 7 Ultimate Service Pack 1 (64-bit)
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [Piriform Ltd]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSC = "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [MS]
NvBackend = "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [NVIDIA Corporation]
ShadowPlay = C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
IAStorIcon = C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\(Default) = Canon Easy-WebPrint EX BHO
  -> {HKLM…CLSID} = Canon Easy-WebPrint EX BHO
                 \InProcServer32\(Default) = C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [CANON INC.]
  -> {HKLM…Wow…CLSID} = Canon Easy-WebPrint EX BHO
                     \InProcServer32\(Default) = C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [CANON INC.]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\(Default) = Canon Easy-WebPrint EX BHO
  -> {HKLM…CLSID} = Canon Easy-WebPrint EX BHO
                 \InProcServer32\(Default) = C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [CANON INC.]
  -> {HKLM…Wow…CLSID} = Canon Easy-WebPrint EX BHO
                     \InProcServer32\(Default) = C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [CANON INC.]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM…Wow…CLSID} = Java™ Plug-In SSV Helper
                     \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
  -> {HKLM…Wow…CLSID} = Java™ Plug-In 2 SSV Helper
                     \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{7842554E-6BED-11D2-8CDB-B05550C10000} = Monitor
  -> {HKLM…CLSID} = Monitor Class
                 \InProcServer32\(Default) = C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll [Broadcom Corporation.]

{2F603045-309F-11CF-9774-0020AFD0CFF6} = Synaptics Control Panel
  -> {HKLM…CLSID} = (no title provided)
                 \InProcServer32\(Default) = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [Synaptics Incorporated]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM…CLSID} = (no title provided)
                 \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\MSOHEVI.DLL [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM…CLSID} = Microsoft Office Metadata Handler
                 \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
  -> {HKLM…CLSID} = Microsoft Office Thumbnail Handler
                 \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{09A47860-11B0-4DA5-AFA5-26D86198A780} = EPP
  -> {HKLM…CLSID} = (no title provided)
                 \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\shellext.dll [MS]

{E0D79304-84BE-11CE-9641-444553540000} = WinZip
  -> {HKLM…CLSID} = WinZip
                 \InProcServer32\(Default) = C:\PROGRA~2\WINZIP\WZSHLS64.DLL [WinZip Computing, S.L.]

{E0D79305-84BE-11CE-9641-444553540000} = WinZip
  -> {HKLM…CLSID} = WinZip
                 \InProcServer32\(Default) = C:\PROGRA~2\WINZIP\WZSHLS64.DLL [WinZip Computing, S.L.]

{E0D79306-84BE-11CE-9641-444553540000} = WinZip
  -> {HKLM…CLSID} = WinZip
                 \InProcServer32\(Default) = C:\PROGRA~2\WINZIP\WZSHLS64.DLL [WinZip Computing, S.L.]

{E0D79307-84BE-11CE-9641-444553540000} = WinZip
  -> {HKLM…CLSID} = WinZip
                 \InProcServer32\(Default) = C:\PROGRA~2\WINZIP\WZSHLS64.DLL [WinZip Computing, S.L.]

{189F1E63-33A7-404B-B2F6-8C76A452CC54} = IObitSmartDefrag Extension
  -> {HKLM…CLSID} = SmartDefragExtension Class
                 \InProcServer32\(Default) = C:\Windows\system32\IObitSmartDefragExtension.dll [IObit]

{DE85006F-2E77-41FA-B8B3-FD9637AEE9A9} = Display the target platform of an EXE or DLL
  -> {HKLM…CLSID} = ZipGenius 6
                 \InProcServer32\(Default) = C:\PROGRA~2\ZIPGEN~1\contmenu.dll [Wininizio.it Software]

{A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class
  -> {HKLM…CLSID} = DesktopContext Class
                 \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation]

{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension
  -> {HKLM…CLSID} = NVIDIA CPL Context Menu Extension
                 \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper
  -> {HKLM…Wow…CLSID} = Groove GFS Browser Helper
                     \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar
  -> {HKLM…Wow…CLSID} = Groove Folder Synchronization
                     \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler
  -> {HKLM…Wow…CLSID} = Groove GFS Stub Icon Handler
                     \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
  -> {HKLM…Wow…CLSID} = Groove GFS Stub Execution Hook
                     \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler
  -> {HKLM…Wow…CLSID} = Groove GFS Context Menu Handler
                     \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler
  -> {HKLM…Wow…CLSID} = Groove XML Icon Handler
                     \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder)
  -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
                     \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub)
  -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
                     \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
  -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
                     \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
  -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
                     \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
  -> {HKLM…Wow…CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
                     \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{0006F045-0000-0000-C000-000000000046} = Microsoft Office Outlook Custom Icon Handler
  -> {HKLM…Wow…CLSID} = Outlook File Icon Extension
                     \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\OLKFSTUB.DLL [MS]

{00020D75-0000-0000-C000-000000000046} = Microsoft Office Outlook Desktop Icon Handler
  -> {HKLM…Wow…CLSID} = Microsoft Office Outlook
                     \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\MLSHEXT.DLL [MS]

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search
  -> {HKLM…Wow…CLSID} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search
                     \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\ONFILTER.DLL [MS]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM…Wow…CLSID} = (no title provided)
                     \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM…Wow…CLSID} = Microsoft Office Metadata Handler
                     \InProcServer32\(Default) = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
  -> {HKLM…Wow…CLSID} = Microsoft Office Thumbnail Handler
                     \InProcServer32\(Default) = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{E0D79306-84BE-11CE-9641-444553540000} = WinZip
  -> {HKLM…Wow…CLSID} = WinZip
                     \InProcServer32\(Default) = C:\Program Files (x86)\WinZip\wzshlstb.dll [WinZip Computing, S.L.]

{E0D79307-84BE-11CE-9641-444553540000} = WinZip
  -> {HKLM…Wow…CLSID} = WinZip
                     \InProcServer32\(Default) = C:\Program Files (x86)\WinZip\wzshlstb.dll [WinZip Computing, S.L.]

{E0D79304-84BE-11CE-9641-444553540000} = WinZip
  -> {HKLM…Wow…CLSID} = WinZip
                     \InProcServer32\(Default) = C:\Program Files (x86)\WinZip\wzshlstb.dll [WinZip Computing, S.L.]

{E0D79305-84BE-11CE-9641-444553540000} = WinZip
  -> {HKLM…Wow…CLSID} = WinZip
                     \InProcServer32\(Default) = C:\Program Files (x86)\WinZip\wzshlstb.dll [WinZip Computing, S.L.]

{FE8D01BF-610A-4261-9C6E-32D65A42C907} = ZipGenius DnD Extract handler
  -> {HKLM…Wow…CLSID} = ZipGenius DnD Extract handler
                     \InProcServer32\(Default) = C:\PROGRA~2\ZIPGEN~1\ZGDRAG~1.DLL [M.Dev Software]

{23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension
  -> {HKLM…Wow…CLSID} = 7-Zip Shell Extension
                     \InProcServer32\(Default) = C:\Program Files (x86)\7-Zip\7-zip.dll [Igor Pavlov]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> BootExecute = autocheck autochk *|PCloudBroom64.exe \systemroot\system32\BroomData.bit [null data]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945}
  -> {HKLM…CLSID} = Microsoft Office InfoPath XML Mime Filter
                 \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM…Wow…CLSID} = 7-Zip Shell Extension
                     \InProcServer32\(Default) = C:\Program Files (x86)\7-Zip\7-zip.dll [Igor Pavlov]

EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780}
  -> {HKLM…CLSID} = (no title provided)
                 \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\shellext.dll [MS]

Foxit_ConvertToPDF_Reader\(Default) = {A94757A0-0226-426F-B4F1-4DF381C630D3}
  -> {HKLM…CLSID} = ConvertToPDF Class
                 \InProcServer32\(Default) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [Foxit Corporation]

SmartDefragExtension\(Default) = {189F1E63-33A7-404B-B2F6-8C76A452CC54}
  -> {HKLM…CLSID} = SmartDefragExtension Class
                 \InProcServer32\(Default) = C:\Windows\system32\IObitSmartDefragExtension.dll [IObit]

{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = SUPERAntiSpyware Context Menu
  -> {HKLM…CLSID} = SASContextMenu Class
                 \InProcServer32\(Default) = C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL [SUPERAntiSpyware.com]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM…Wow…CLSID} = 7-Zip Shell Extension
                     \InProcServer32\(Default) = C:\Program Files (x86)\7-Zip\7-zip.dll [Igor Pavlov]

EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780}
  -> {HKLM…CLSID} = (no title provided)
                 \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\shellext.dll [MS]

{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = SUPERAntiSpyware Context Menu
  -> {HKLM…CLSID} = SASContextMenu Class
                 \InProcServer32\(Default) = C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL [SUPERAntiSpyware.com]

HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\

Monitor\(Default) = {7842554E-6BED-11D2-8CDB-B05550C10000}
  -> {HKLM…CLSID} = Monitor Class
                 \InProcServer32\(Default) = C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll [Broadcom Corporation.]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM…Wow…CLSID} = 7-Zip Shell Extension
                     \InProcServer32\(Default) = C:\Program Files (x86)\7-Zip\7-zip.dll [Igor Pavlov]

ZipGenius\(Default) = {FE8D01BF-610A-4261-9C6E-32D65A42C907}
  -> {HKLM…Wow…CLSID} = ZipGenius DnD Extract handler
                     \InProcServer32\(Default) = C:\PROGRA~2\ZIPGEN~1\ZGDRAG~1.DLL [M.Dev Software]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}
  -> {HKLM…CLSID} = NVIDIA CPL Context Menu Extension
                 \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

SmartDefragExtension\(Default) = {189F1E63-33A7-404B-B2F6-8C76A452CC54}
  -> {HKLM…CLSID} = SmartDefragExtension Class
                 \InProcServer32\(Default) = C:\Windows\system32\IObitSmartDefragExtension.dll [IObit]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

ZipGenius\(Default) = {FE8D01BF-610A-4261-9C6E-32D65A42C907}
  -> {HKLM…Wow…CLSID} = ZipGenius DnD Extract handler
                     \InProcServer32\(Default) = C:\PROGRA~2\ZIPGEN~1\ZGDRAG~1.DLL [M.Dev Software]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

DisableRegistryTools = (REG_DWORD) dword:0x00000000
{unrecognized setting}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\Lee\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
SCRNSAVE.EXE = C:\Windows\system32\scrnsave.scr [MS]

Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]

MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]

WIA_{5B3EB0F1-2A42-48C1-B01C-8B3D54646B60}\
Provider = WinZip
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\PROGRA~2\WINZIP\WINZIP32.EXE /wia;
  -> {HKLM…CLSID} = WPDShextAutoplay
                 \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

Startup items in "Lee" & "All Users" startup folders:
-----------------------------------------------------

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup {++}
Bluetooth -> shortcut to: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [Broadcom Corporation.]

Windows Sidebar Gadgets: {++}
------------------------

C:\Users\Lee\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CShared%20Gadgets%5CWinZip.Gadget"

Non-disabled Scheduled Tasks: {++}
-----------------------------

C:\Windows\System32\Tasks
CCleanerSkipUAC ->  launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd]
{8F683B4A-BA5F-481D-B1BE-4AB86637FD8B} ->  launches: "C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/6.20.0.104/en/eula?source=lightinstaller [MS]
{BE31309D-89E3-4EB7-9D93-34C4B929AA02} ->  launches: "C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/6.20.0.104/en/abandoninstall?source=lightinstaller&page=tsMain [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) ->  launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
  -> {HKLM…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                 \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
  -> {HKLM…Wow…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                     \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent ->  launches: aitagent [MS]
Microsoft Compatibility Appraiser ->  launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy [MS]
ProgramDataUpdater ->  launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy ->  launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask ->  launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM…CLSID} = Certificate Services Client Task Handler
                 \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  -> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler
                     \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM…CLSID} = Certificate Services Client Task Handler
                 \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  -> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler
                     \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator ->  launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
  -> {HKLM…CLSID} = KernelCeipCustomHandler
                 \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
  -> {HKLM…CLSID} = UsbCeip
                 \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
  -> {HKLM…Wow…CLSID} = UsbCeip
                     \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag ->  launches: %windir%\system32\defrag.exe -c [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
  -> {HKLM…CLSID} = ScheduledDiagnosticCustomHandler
                 \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications ->  launches: %windir%\System32\LocationNotifications.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
DispatchRecoveryTasks ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
ehDRMInit ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
InstallPlayReady ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
mcupdate ->  launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
MediaCenterRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
ObjectStoreRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
OCURActivate ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
PBDADiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
PBDADiscoveryW1 ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
PBDADiscoveryW2 ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
PvrRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
PvrScheduleTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
StartRecording ->  launches: %SystemRoot%\ehome\ehrec /StartRecording [MS]
UpdateRecordPath ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
  -> {HKLM…CLSID} = MemoryDiagnosticCustomHandler
                 \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
  -> {HKLM…CLSID} = MemoryDiagnosticCustomHandler
                 \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart ->  launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
  -> {HKLM…CLSID} = HotStart User Agent
                 \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove ->  launches: %windir%\system32\lpremove.exe [MS]
Mcbuilder ->  launches: C:\Windows\System32\mcbuilder.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService ->  launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
  -> {HKLM…CLSID} = Microsoft PlaySoundService Class
                 \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
  -> {HKLM…Wow…CLSID} = Microsoft PlaySoundService Class
                     \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo ->  launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem ->  launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
  -> {HKLM…CLSID} = ReliabilityAnalysisCustomHandler
                 \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
  -> {HKLM…Wow…CLSID} = ReliabilityAnalysisCustomHandler
                     \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager ->  launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
  -> {HKLM…CLSID} = RasMobilityManager
                 \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
  -> {HKLM…CLSID} = RegistryIdleBackupHandler
                 \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager ->  launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
  -> {HKLM…CLSID} = GadgetsManager Class
                 \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR ->  launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
  -> {HKLM…CLSID} = RunTask
                 \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
  -> {HKLM…Wow…CLSID} = RunTask
                     \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 ->  launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 ->  launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
  -> {HKLM…CLSID} = MsCtfMonitor task handler
                 \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
  -> {HKLM…Wow…CLSID} = MsCtfMonitor task handler
                     \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime ->  launches: %windir%\system32\sc.exe start w32time task_started [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig ->  launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
  -> {HKLM…CLSID} = DiagnosticInfrastructureCustomHandler
                 \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
  -> {HKLM…Wow…CLSID} = DiagnosticInfrastructureCustomHandler
                     \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]
ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting ->  launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary ->  launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
ConfigNotification ->  launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
CacheTask ->  launches: {0358b920-0ac7-461f-98f4-58e32cd89148}
  -> {HKLM…CLSID} = Wininet Cache task object
                 \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]
  -> {HKLM…Wow…CLSID} = Wininet Cache task object
                     \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]

C:\Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-1090483360-2640142128-1329960136-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} = Canon Easy-WebPrint EX
  -> {HKLM…CLSID} = Canon Easy-WebPrint EX
                 \InProcServer32\(Default) = C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [CANON INC.]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} = Canon Easy-WebPrint EX
  -> {HKLM…Wow…CLSID} = Canon Easy-WebPrint EX
                     \InProcServer32\(Default) = C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [CANON INC.]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

{21347690-EC41-4F9A-8887-1F4AEE672439}\(Default) = (no title provided)
  -> {HKLM…CLSID} = Canon Easy-WebPrint EX
                 \InProcServer32\(Default) = C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [CANON INC.]

HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Research
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Send to OneNote
MenuText = S&end to OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
  -> {HKLM…Wow…CLSID} = Send to OneNote from Internet Explorer button
                     \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
ButtonText = Research
BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
  -> {HKLM…Wow…CLSID} = &Research
                     \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL [MS]

Miscellaneous IE Hijack Points
------------------------------

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> InPrivate = res://ieframe.dll/inprivate_win7.htm [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Foxit Cloud Safe Update Service, FoxitCloudUpdateService, C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [Foxit Software Inc.]
Intel® Rapid Storage Technology, IAStorDataMgrSvc, "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [null data]
Microsoft Antimalware Service, MsMpSvc, "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [MS]
Microsoft Network Inspection, NisSrv, "c:\Program Files\Microsoft Security Client\NisSrv.exe" [MS]
NVIDIA Display Driver Service, nvsvc, "C:\Windows\system32\nvvsvc.exe" [NVIDIA Corporation]
NVIDIA GeForce Experience Service, GfExperienceService, "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe" [NVIDIA Corporation]
NVIDIA Network Service, NvNetworkService, "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe" [NVIDIA Corporation]
NVIDIA Streamer Service, NvStreamSvc, "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" [NVIDIA Corporation]
Realtek9xp, Realtek9xp, C:\Program Files (x86)\REALTEK Wireless LAN Software\RtlService.exe [Realtek]
RosettaStoneDaemon, RosettaStoneDaemon, "C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe" [Rosetta Stone Ltd.]

Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> !SASCORE,
<<!>> MsMpSvc, Service

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> !SASCORE,
<<!>> MsMpSvc, Service

Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Canon BJ FAX Language Monitor MX470 series\Driver = CNCALC2.DLL [CANON INC.]
Canon BJ Language Monitor MX470 series\Driver = CNMLMC2.DLL [CANON INC.]
Canon BJNP Port\Driver = CNMN6PPM.DLL [CANON INC.]

---------- (launch time: 2015-02-16 12:06:11)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 204 seconds.
---------- (total run time: 273 seconds)

 

I do not really know where to get the other logs     the only superantispyware I could find was an .SDB file



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:05 PM

Posted 17 February 2015 - 04:40 AM

Wrong MBAM Log, but don't worry. :)
  • Start Malwarebytes
  • Go to the tab called History
  • Then click on Application Logs
tq7qi6z6.png
  • Then select the one log where it has found anything, do a double click on it
  • Then click on the Export
  • Button - select in the menu Text File (.txt)
p84ykoav.png
  • Save it on your Desktop and post the content of this text file into your next reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 caveanimal

caveanimal
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 17 February 2015 - 05:59 PM

here is the only log that had something in it    all other ones were updates and o infections but there was some in the quarantine folder     thanks

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Update, 12/20/2014 7:51:20 PM, SYSTEM, LEE-PC, Manual, Failed, Unable to access update server,
Update, 12/20/2014 7:51:23 PM, SYSTEM, LEE-PC, Manual, Failed, Unable to access update server,
Scan, 12/20/2014 7:58:33 PM, SYSTEM, LEE-PC, Manual, Start:12/20/2014 7:51:23 PM, Duration:6 min 50 sec, Threat Scan, Completed, 2 Malware Detections, 4 Non-Malware Detections,
Error, 12/20/2014 8:11:32 PM, SYSTEM, LEE-PC, Manual, 0,
Error, 12/20/2014 8:11:32 PM, SYSTEM, LEE-PC, Manual, 0,
Update, 12/20/2014 8:11:44 PM, SYSTEM, LEE-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,
Update, 12/20/2014 8:11:44 PM, SYSTEM, LEE-PC, Manual, Rootkit Database, 2014.9.18.1, 2014.12.14.1,
Update, 12/20/2014 8:11:54 PM, SYSTEM, LEE-PC, Manual, Malware Database, 2014.9.19.5, 2014.12.20.7,
Update, 12/20/2014 8:12:05 PM, SYSTEM, LEE-PC, Manual, program, 2.0.3.1025, 2.0.4.1028,
Update, 12/20/2014 8:13:19 PM, SYSTEM, LEE-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,
Update, 12/20/2014 8:13:20 PM, SYSTEM, LEE-PC, Manual, Rootkit Database, 2014.11.18.1, 2014.12.14.1,
Update, 12/20/2014 8:13:29 PM, SYSTEM, LEE-PC, Manual, Malware Database, 2014.11.20.6, 2014.12.20.7,
Scan, 12/20/2014 8:27:43 PM, SYSTEM, LEE-PC, Manual, Start:12/20/2014 8:13:35 PM, Duration:14 min 8 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

(end)



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:05 PM

Posted 18 February 2015 - 07:08 AM

I need the log with 0 threats. :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 caveanimal

caveanimal
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 18 February 2015 - 12:21 PM

this is the latest one

Malwarebytes Anti-Malware
www.malwarebytes.org

Update, 2/16/2015 9:14:58 AM, SYSTEM, LEE-PC, Manual, Malware Database, 2015.2.11.7, 2015.2.16.4,
Scan, 2/16/2015 9:32:39 AM, SYSTEM, LEE-PC, Manual, Start:2/16/2015 9:15:01 AM, Duration:17 min 38 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

(end)



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:05 PM

Posted 19 February 2015 - 04:33 AM

Wrong log. :P

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,420 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:05 PM

Posted 21 February 2015 - 09:25 AM

Greetings caveanimal,

Machiavelli will be unavailable to reply for a bit of time and since we don't want to delay addressing your concerns I will be coming in alongside to continue to address your issues.

Could you please provide me with an update regarding your computer performance and issues,

Edited by Oh My!, 05 March 2015 - 10:22 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,420 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:05 PM

Posted 23 February 2015 - 09:14 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,420 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:05 PM

Posted 25 February 2015 - 10:36 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users