Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor access to my computer


  • This topic is locked This topic is locked
18 replies to this topic

#1 spohnj

spohnj

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Simi Valley, CA.
  • Local time:04:30 PM

Posted 20 November 2016 - 08:59 PM

It started awhile back and wasn't sure what was happening.  When I use my AOL desktop version I see a sudden flash of a small black screen which is about 4" x 6".  It immediately goes away. This happens very frequently.  Last night I could hear voices and other noises coming through my speakers.  I had no browsers going or any videos playing. I have also noticed that my Ram & CPU have gone much higher since this has happened. 

 

I have run many types of scans, virus, malaware bytes, etc and nothing shows up.  I ran the Farber Recovery Scan Tool. I have attached both of the files.  Please let me know what else you would like me to do.  

 

Thanks so much for your help.

 

Regards,

 

John

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 PM

Posted 22 November 2016 - 10:15 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this old version of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Winsock: Catalog9 01 C:\Windows\system32\EasyRedirect.dll No File
Winsock: Catalog9 02 C:\Windows\system32\EasyRedirect.dll No File
Winsock: Catalog9 03 C:\Windows\system32\EasyRedirect.dll No File
Winsock: Catalog9 04 C:\Windows\system32\EasyRedirect.dll No File
Winsock: Catalog9 15 C:\Windows\system32\EasyRedirect.dll No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2591857491-924154602-4103234800-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=ST1500DL003-9VT16L_5YD6A30V&ts=1438677260&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2591857491-924154602-4103234800-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=ST1500DL003-9VT16L_5YD6A30V&ts=1438677260&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2591857491-924154602-4103234800-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={308110DF-B224-409F-8A13-18B684CE5E7A}&mid=78e7dd786c9b47cc88f80196dc3a66d5-c8864303404982eb636eb74463f4d8bbdeca7e16&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516pi&pr=fr&d=2016-06-24 21:05:31&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2591857491-924154602-4103234800-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-2591857491-924154602-4103234800-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> No File
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> No File
Toolbar: HKU\S-1-5-21-2591857491-924154602-4103234800-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF user.js: detected! => C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\080y1lbv.default\user.js [2015-11-27]
FF Extension: (shoppi) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\080y1lbv.default\Extensions\pbetndvof_yrsrjkyqi@qceqqbwfyfekwu_rflh.net [2015-08-21] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found
FF HKU\S-1-5-21-2591857491-924154602-4103234800-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
CHR Extension: (PriceBlink Coupons and Price Comparison) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh [2016-11-02]
CHR Extension: (Avast SafePrice) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-14]
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2016-11-12]
CHR Extension: (Avast Online Security) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-27]
CHR Extension: (Coupons at Checkout) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\kegphgaihkjoophpabchkmpaknehfamb [2016-09-12]
CHR Extension: (SearchLock) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-15]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-05]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S3 SMUpdd; no ImagePath
Task: {00547D09-1B7A-46F8-9298-9EA5D32655BE} - \HDNINSTSCHD -> No File <==== ATTENTION
Task: {0892834F-50D7-4BAF-8CC8-07A9DB50FCDB} - \UPDTEXE4_WDR -> No File <==== ATTENTION
Task: {1C52E57D-264F-41B1-8F22-39B373761E3D} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {4B795D8F-E50D-4B9E-B13D-AA4D27E70410} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {630AEE92-A901-4739-84AB-7AEBA957C0FF} - \SMWUpd -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FF501896-7B2E-4343-B0C2-73C375C3ADF7} - \IE_ERR4WDR -> No File <==== ATTENTION
AlternateDataStreams: C:\Windows\system32\Drivers\vluqzprd.sys:changelist [1342]
AlternateDataStreams: C:\Users\HP_Administrator\Documents\Dolly.jpg:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\HP_Administrator\Documents\Hawaii.jpg:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\John\Documents\Dolly.jpg:Roxio EMC Stream [38]
MSCONFIG\startupreg: vProt =>
cmd: netsh winsock reset catalog

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.
===

Please let me know what problem persists with this computer.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 PM

Posted 28 November 2016 - 10:14 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,410 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:10:30 AM

Posted 29 November 2016 - 03:06 PM

Topic re opened at OP's request.



#5 spohnj

spohnj
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Simi Valley, CA.
  • Local time:04:30 PM

Posted 29 November 2016 - 10:17 PM

Thanks for all your help so far.  I have a couple of questions moving forward. You stated "Save the file as fixlist.txt in the same folder where the Farbar tool is running from."

 

I didn't quite understand the second part "The location is listed in the 3rd line of the Farbar log you have submitted."  Am I to do something with the location.  If you could explain with a bit more detail it would be greatly appreciated.

 

Lastly when I reset Google Chrome will I lose my bookmarks?

 

Thanks,

John



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 PM

Posted 30 November 2016 - 09:52 AM

The FRST log shows that the tool is on your Desktop.

Running from C:\Users\John\Desktop

Place the Fixlist.txt on it also.

#7 spohnj

spohnj
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Simi Valley, CA.
  • Local time:04:30 PM

Posted 01 December 2016 - 08:03 PM

Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Winsock: Catalog9 01 C:\Windows\system32\EasyRedirect.dll No File
Winsock: Catalog9 02 C:\Windows\system32\EasyRedirect.dll No File
Winsock: Catalog9 03 C:\Windows\system32\EasyRedirect.dll No File
Winsock: Catalog9 04 C:\Windows\system32\EasyRedirect.dll No File
Winsock: Catalog9 15 C:\Windows\system32\EasyRedirect.dll No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2591857491-924154602-4103234800-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=ST1500DL003-9VT16L_5YD6A30V&ts=1438677260&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2591857491-924154602-4103234800-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=ST1500DL003-9VT16L_5YD6A30V&ts=1438677260&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2591857491-924154602-4103234800-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={308110DF-B224-409F-8A13-18B684CE5E7A}&mid=78e7dd786c9b47cc88f80196dc3a66d5-c8864303404982eb636eb74463f4d8bbdeca7e16&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516pi&pr=fr&d=2016-06-24 21:05:31&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2591857491-924154602-4103234800-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-2591857491-924154602-4103234800-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> No File
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> No File
Toolbar: HKU\S-1-5-21-2591857491-924154602-4103234800-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF user.js: detected! => C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\080y1lbv.default\user.js [2015-11-27]
FF Extension: (shoppi) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\080y1lbv.default\Extensions\pbetndvof_yrsrjkyqi@qceqqbwfyfekwu_rflh.net [2015-08-21] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found
FF HKU\S-1-5-21-2591857491-924154602-4103234800-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
CHR Extension: (PriceBlink Coupons and Price Comparison) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh [2016-11-02]
CHR Extension: (Avast SafePrice) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-14]
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2016-11-12]
CHR Extension: (Avast Online Security) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-27]
CHR Extension: (Coupons at Checkout) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\kegphgaihkjoophpabchkmpaknehfamb [2016-09-12]
CHR Extension: (SearchLock) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-15]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-05]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S3 SMUpdd; no ImagePath
Task: {00547D09-1B7A-46F8-9298-9EA5D32655BE} - \HDNINSTSCHD -> No File <==== ATTENTION
Task: {0892834F-50D7-4BAF-8CC8-07A9DB50FCDB} - \UPDTEXE4_WDR -> No File <==== ATTENTION
Task: {1C52E57D-264F-41B1-8F22-39B373761E3D} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {4B795D8F-E50D-4B9E-B13D-AA4D27E70410} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {630AEE92-A901-4739-84AB-7AEBA957C0FF} - \SMWUpd -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FF501896-7B2E-4343-B0C2-73C375C3ADF7} - \IE_ERR4WDR -> No File <==== ATTENTION
AlternateDataStreams: C:\Windows\system32\Drivers\vluqzprd.sys:changelist [1342]
AlternateDataStreams: C:\Users\HP_Administrator\Documents\Dolly.jpg:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\HP_Administrator\Documents\Hawaii.jpg:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\John\Documents\Dolly.jpg:Roxio EMC Stream [38]
MSCONFIG\startupreg: vProt =>
cmd: netsh winsock reset catalog
 
End


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 PM

Posted 02 December 2016 - 09:59 AM

How is the computer now?

#9 spohnj

spohnj
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Simi Valley, CA.
  • Local time:04:30 PM

Posted 03 December 2016 - 02:47 AM

So far it looks to be OK.  Please leave this open for a couple more days so I can make sure.  Thanks so much for your help up to this point!



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 PM

Posted 03 December 2016 - 09:27 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

The topic will be closed in 5 days.

#11 spohnj

spohnj
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Simi Valley, CA.
  • Local time:04:30 PM

Posted 03 December 2016 - 09:43 PM

I only see the flash of a black box when I'm on AOL Desktop version. It happens from time to time when I'm checking my mail.  If I was to delete AOL completely and reinstalled AOL would this cure what is wrong?



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 PM

Posted 04 December 2016 - 09:37 AM

I would check for if a new video driver is available.

http://www.idganswers.com/question/23810/how-do-i-get-rid-of-a-black-box-that-keeps-flashing-every-few-seconds-on-my-newly-installed-windows-

===

You can also use this tool to find out which drivers needs to be updated on your computer.

How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector (PSI)
Follow the instructions on this page.


http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/

Let me know if you need additional help.

#13 spohnj

spohnj
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Simi Valley, CA.
  • Local time:04:30 PM

Posted 05 December 2016 - 02:21 AM

Thanks as I was able to update my video driver.  I also downloaded Secunia Personal Software Inspector (PSI) which found 3 programs which I updated. I ran ComboFix and here are the results.  I'm not sure how to read this to see if I had a problem......Thanks!

 

ComboFix 16-12-02.01 - John 12/04/2016  12:02:15.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7667.3284 [GMT -8:00]
Running from: c:\users\John\Downloads\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: IObit Malware Fighter *Disabled/Outdated* {4D381C57-3C7A-6F22-07EB-639F49E836D4}
FW: Avast Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Z@!-496902e0-9a8a-4fae-98fe-4536ac652855.tmp
c:\users\John\AppData\Local\assembly\tmp
c:\users\John\AppData\Local\Temp\_MEI47202\_ctypes.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\_elementtree.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\_hashlib.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\_multiprocessing.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\_psutil_windows.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\_socket.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\_ssl.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\_yappi.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\common.time34.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\hashobjs_ext.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\pyexpat.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\pysqlite2._sqlite.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\python27.dll
c:\users\John\AppData\Local\Temp\_MEI47202\pythoncom27.dll
c:\users\John\AppData\Local\Temp\_MEI47202\PyWinTypes27.dll
c:\users\John\AppData\Local\Temp\_MEI47202\select.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\thumbnails_ext.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\unicodedata.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\usb_ext.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\win32api.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\win32com.shell.shell.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\win32crypt.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\win32event.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\win32file.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\win32gui.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\win32inet.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\win32pdh.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\win32pipe.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\win32process.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\win32profile.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\win32security.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\win32ts.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\windows._lib_cacheinvalidation.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\wx._animate.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\wx._controls_.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\wx._core_.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\wx._gdi_.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\wx._html2.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\wx._misc_.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\wx._windows_.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\wx._wizard.pyd
c:\users\John\AppData\Local\Temp\_MEI47202\wxbase30u_net_vc90.dll
c:\users\John\AppData\Local\Temp\_MEI47202\wxbase30u_vc90.dll
c:\users\John\AppData\Local\Temp\_MEI47202\wxmsw30u_adv_vc90.dll
c:\users\John\AppData\Local\Temp\_MEI47202\wxmsw30u_core_vc90.dll
c:\users\John\AppData\Local\Temp\_MEI47202\wxmsw30u_html_vc90.dll
c:\users\John\AppData\Local\Temp\_MEI47202\wxmsw30u_webview_vc90.dll
c:\users\John\AppData\Local\Z@!-0c63a027-4d7c-4bc3-b20f-8f57dd7a5a53.tmp
c:\users\John\AppData\Local\Z@!-b0c99d74-f27c-45c8-8328-2db43fe5b408.tmp
c:\users\John\AppData\Local\Z@H!-1542813757113202105748-32.tmp
c:\users\John\AppData\Local\Z@H!-1542813757113202105748-64.tmp
c:\users\John\AppData\Local\Z@S!-192cb79a-7766-4ac9-9a37-3a5a16cb1872.tmp
c:\windows\SysWow64\DEBUG.log
.
.
(((((((((((((((((((((((((   Files Created from 2016-11-04 to 2016-12-04  )))))))))))))))))))))))))))))))
.
.
2016-12-04 21:48 . 2016-12-04 21:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-12-04 20:56 . 2016-12-04 20:56 -------- d-----w- c:\program files\iPod
2016-12-04 20:56 . 2016-12-04 20:57 -------- d-----w- c:\program files\iTunes
2016-12-04 19:47 . 2016-12-04 19:47 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
2016-12-04 19:47 . 2016-12-04 19:47 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2016-12-04 19:34 . 2016-12-04 19:34 -------- d-----w- c:\program files (x86)\Secunia
2016-12-03 07:06 . 2016-12-03 07:07 -------- d-----r- c:\users\John\Dropbox
2016-12-03 07:04 . 2016-12-03 07:04 -------- d-----w- c:\users\John\AppData\Roaming\Dropbox
2016-12-03 07:03 . 2016-12-03 07:05 -------- d-----w- c:\program files (x86)\Dropbox
2016-12-03 07:03 . 2016-12-03 07:06 -------- d-----w- c:\users\John\AppData\Local\Dropbox
2016-12-03 07:03 . 2016-12-03 07:03 -------- d-----w- c:\programdata\Dropbox
2016-11-28 14:05 . 2016-11-28 14:05 75888 ----a-w- c:\windows\system32\drivers\dbx-stable.sys
2016-11-28 14:05 . 2016-11-28 14:05 75888 ----a-w- c:\windows\system32\drivers\dbx-dev.sys
2016-11-28 14:05 . 2016-11-28 14:05 75888 ----a-w- c:\windows\system32\drivers\dbx-canary.sys
2016-11-28 14:05 . 2016-11-28 14:05 42096 ----a-w- c:\windows\system32\DbxSvc.exe
2016-11-21 01:37 . 2016-12-01 08:16 -------- d-----w- C:\FRST
2016-11-21 00:36 . 2016-11-21 00:36 -------- d-----w- c:\program files (x86)\Belarc
2016-11-18 05:44 . 2016-11-18 05:44 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-11-16 17:48 . 2016-11-16 17:28 82936 ----a-w- c:\windows\system32\drivers\aswHdsKe.sys
2016-11-16 17:30 . 2016-08-20 06:25 391496 ----a-w- c:\windows\system32\aswBoot.exe
2016-11-16 08:46 . 2016-11-16 08:46 -------- d-----w- c:\program files (x86)\NirSoft
2016-11-14 18:33 . 2016-10-13 10:43 293352 ----a-w- c:\windows\system32\drivers\aswFC02.tmp
2016-11-14 18:33 . 2016-08-20 06:25 163416 ----a-w- c:\windows\system32\drivers\aswFC41.tmp
2016-11-14 18:33 . 2016-09-22 17:33 513632 ----a-w- c:\windows\system32\drivers\aswFB94.tmp
2016-11-14 18:33 . 2016-09-13 18:25 969184 ----a-w- c:\windows\system32\drivers\aswFAB4.tmp
2016-11-14 18:33 . 2016-08-20 06:25 74544 ----a-w- c:\windows\system32\drivers\aswFB64.tmp
2016-11-14 18:33 . 2016-08-20 06:25 37656 ----a-w- c:\windows\system32\drivers\aswFB23.tmp
2016-11-14 18:33 . 2016-08-20 06:25 108816 ----a-w- c:\windows\system32\drivers\aswFB44.tmp
2016-11-14 18:33 . 2016-08-20 06:25 103064 ----a-w- c:\windows\system32\drivers\aswFAD4.tmp
2016-11-14 18:33 . 2016-08-20 06:24 37144 ----a-w- c:\windows\system32\drivers\aswFA65.tmp
2016-11-14 18:33 . 2016-08-20 06:24 453192 ----a-w- c:\windows\system32\drivers\aswFA07.tmp
2016-11-14 11:30 . 2016-10-13 10:43 293352 ----a-w- c:\windows\system32\drivers\asw5D5B.tmp
2016-11-14 11:30 . 2016-08-20 06:25 163416 ----a-w- c:\windows\system32\drivers\asw5E08.tmp
2016-11-14 11:30 . 2016-09-22 17:33 513632 ----a-w- c:\windows\system32\drivers\asw5CBE.tmp
2016-11-14 11:30 . 2016-09-13 18:25 969184 ----a-w- c:\windows\system32\drivers\asw5B23.tmp
2016-11-14 11:30 . 2016-08-20 06:25 74544 ----a-w- c:\windows\system32\drivers\asw5C21.tmp
2016-11-14 11:30 . 2016-08-20 06:25 37656 ----a-w- c:\windows\system32\drivers\asw5BB2.tmp
2016-11-14 11:30 . 2016-08-20 06:25 108816 ----a-w- c:\windows\system32\drivers\asw5BD2.tmp
2016-11-14 11:30 . 2016-08-20 06:25 103064 ----a-w- c:\windows\system32\drivers\asw5B44.tmp
2016-11-14 11:30 . 2016-08-20 06:24 37144 ----a-w- c:\windows\system32\drivers\asw5AB5.tmp
2016-11-14 11:30 . 2016-08-20 06:24 453192 ----a-w- c:\windows\system32\drivers\asw5A09.tmp
2016-11-13 12:19 . 2016-10-13 10:43 293352 ----a-w- c:\windows\system32\drivers\asw3622.tmp
2016-11-13 12:19 . 2016-09-22 17:33 513632 ----a-w- c:\windows\system32\drivers\asw35F2.tmp
2016-11-13 12:19 . 2016-09-13 18:25 969184 ----a-w- c:\windows\system32\drivers\asw3523.tmp
2016-11-13 12:19 . 2016-08-20 06:25 163416 ----a-w- c:\windows\system32\drivers\asw3642.tmp
2016-11-13 12:19 . 2016-08-20 06:25 74544 ----a-w- c:\windows\system32\drivers\asw35C3.tmp
2016-11-13 12:19 . 2016-08-20 06:25 37656 ----a-w- c:\windows\system32\drivers\asw3582.tmp
2016-11-13 12:19 . 2016-08-20 06:25 108816 ----a-w- c:\windows\system32\drivers\asw35A2.tmp
2016-11-13 12:19 . 2016-08-20 06:25 103064 ----a-w- c:\windows\system32\drivers\asw3562.tmp
2016-11-13 12:19 . 2016-08-20 06:24 37144 ----a-w- c:\windows\system32\drivers\asw3502.tmp
2016-11-13 12:19 . 2016-08-20 06:24 453192 ----a-w- c:\windows\system32\drivers\asw34D3.tmp
2016-11-11 20:10 . 2016-10-13 10:43 293352 ----a-w- c:\windows\system32\drivers\aswE56D.tmp
2016-11-11 20:10 . 2016-09-22 17:33 513632 ----a-w- c:\windows\system32\drivers\aswE54D.tmp
2016-11-11 20:10 . 2016-09-13 18:25 969184 ----a-w- c:\windows\system32\drivers\aswE41F.tmp
2016-11-11 20:10 . 2016-08-20 06:25 163416 ----a-w- c:\windows\system32\drivers\aswE58D.tmp
2016-11-11 20:10 . 2016-08-20 06:25 74544 ----a-w- c:\windows\system32\drivers\aswE52D.tmp
2016-11-11 20:10 . 2016-08-20 06:25 37656 ----a-w- c:\windows\system32\drivers\aswE48F.tmp
2016-11-11 20:10 . 2016-08-20 06:25 108816 ----a-w- c:\windows\system32\drivers\aswE4AF.tmp
2016-11-11 20:10 . 2016-08-20 06:25 103064 ----a-w- c:\windows\system32\drivers\aswE44F.tmp
2016-11-11 20:10 . 2016-08-20 06:24 37144 ----a-w- c:\windows\system32\drivers\aswE3FF.tmp
2016-11-11 20:10 . 2016-08-20 06:24 453192 ----a-w- c:\windows\system32\drivers\aswE3CF.tmp
2016-11-05 03:37 . 2016-11-05 03:37 -------- d-----w- c:\program files (x86)\Common Files\Java
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-20 08:26 . 2015-06-29 05:34 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-11-20 08:25 . 2015-06-29 05:33 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-11-18 05:44 . 2016-11-18 05:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-11-17 04:06 . 2015-06-29 03:19 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-11-17 04:06 . 2011-12-26 19:52 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-11-10 11:05 . 2015-06-29 06:02 141011376 -c--a-w- c:\windows\system32\MRT.exe
2016-11-05 03:36 . 2015-06-29 03:24 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-10-29 07:31 . 2016-10-29 07:31 1035272 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2016-10-29 07:31 . 2016-10-29 07:31 82544 ----a-w- c:\windows\system32\RtNicProp64.dll
2016-10-29 07:31 . 2011-12-26 19:29 116304 ----a-w- c:\windows\system32\RTNUninst64.dll
2016-10-29 07:30 . 2016-10-29 07:30 90264 ----a-w- c:\windows\system32\drivers\AmUStor.sys
2016-10-29 07:30 . 2016-10-29 07:30 20632 ----a-w- c:\windows\system32\SET108A.tmp
2016-10-29 07:30 . 2016-10-29 07:30 124 ----a-w- c:\windows\system32\VendorCmd6485_SetSSC.bin
2016-10-27 00:29 . 2010-11-21 03:27 485032 ------w- c:\windows\system32\MpSigStub.exe
2016-10-23 01:07 . 2016-10-23 01:07 41984 ----a-w- c:\windows\system32\UtcResources.dll
2016-10-23 01:07 . 2016-10-23 01:07 2048 ----a-w- c:\windows\system32\tzres.dll
2016-10-23 01:07 . 2016-10-23 01:07 1386496 ----a-w- c:\windows\system32\diagtrack.dll
2016-10-23 01:07 . 2016-10-23 01:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2016-10-23 01:07 . 2016-10-23 01:07 756736 ----a-w- c:\windows\system32\win32spl.dll
2016-10-23 01:07 . 2016-10-23 01:07 497152 ----a-w- c:\windows\SysWow64\win32spl.dll
2016-10-19 19:14 . 2016-11-14 09:42 12033040 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0B0024D8-6D3A-4498-915B-4694CC8EA085}\mpengine.dll
2016-10-13 10:43 . 2016-07-23 22:35 293352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-10-08 22:55 . 2016-10-08 22:55 3283248 ----a-w- c:\windows\system32\SET5466.tmp
2016-10-08 22:55 . 2016-10-08 22:55 3133152 ----a-w- c:\windows\system32\SET23FD.tmp
2016-10-08 22:55 . 2016-10-08 22:55 23696 ----a-w- c:\windows\system32\SET8CF7.tmp
2016-10-08 22:55 . 2016-10-08 22:55 192984 ----a-w- c:\windows\system32\SET6769.tmp
2016-10-05 02:04 . 2016-01-24 07:46 72632 ----a-w- c:\windows\system32\drivers\networx.sys
2016-09-22 17:33 . 2016-07-23 22:35 513632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2016-09-22 08:19 . 2016-09-22 08:19 9728 ----a-w- c:\windows\system32\spwmp.dll
2016-09-22 08:19 . 2016-09-22 08:19 8192 ----a-w- c:\windows\SysWow64\spwmp.dll
2016-09-22 08:19 . 2016-09-22 08:19 5120 ----a-w- c:\windows\system32\msdxm.ocx
2016-09-22 08:19 . 2016-09-22 08:19 5120 ----a-w- c:\windows\system32\dxmasf.dll
2016-09-22 08:19 . 2016-09-22 08:19 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
2016-09-22 08:19 . 2016-09-22 08:19 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll
2016-09-22 08:19 . 2016-09-22 08:19 14632960 ----a-w- c:\windows\system32\wmp.dll
2016-09-22 08:19 . 2016-09-22 08:19 12574720 ----a-w- c:\windows\system32\wmploc.DLL
2016-09-22 08:19 . 2016-09-22 08:19 12574208 ----a-w- c:\windows\SysWow64\wmploc.DLL
2016-09-22 08:19 . 2016-09-22 08:19 988160 ----a-w- c:\windows\SysWow64\drmv2clt.dll
2016-09-22 08:19 . 2016-09-22 08:19 94440 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2016-09-22 08:19 . 2016-09-22 08:19 842240 ----a-w- c:\windows\system32\blackbox.dll
2016-09-22 08:19 . 2016-09-22 08:19 81920 ----a-w- c:\windows\system32\cryptsp.dll
2016-09-22 08:19 . 2016-09-22 08:19 782848 ----a-w- c:\windows\system32\wmdrmsdk.dll
2016-09-22 08:19 . 2016-09-22 08:19 744960 ----a-w- c:\windows\SysWow64\blackbox.dll
2016-09-22 08:19 . 2016-09-22 08:19 641024 ----a-w- c:\windows\system32\msscp.dll
2016-09-22 08:19 . 2016-09-22 08:19 617984 ----a-w- c:\windows\SysWow64\wmdrmsdk.dll
2016-09-22 08:19 . 2016-09-22 08:19 504320 ----a-w- c:\windows\SysWow64\msscp.dll
2016-09-22 08:19 . 2016-09-22 08:19 497664 ----a-w- c:\windows\system32\drmmgrtn.dll
2016-09-22 08:19 . 2016-09-22 08:19 461312 ----a-w- c:\windows\system32\scavengeui.dll
2016-09-22 08:19 . 2016-09-22 08:19 433152 ----a-w- c:\windows\system32\mfplat.dll
2016-09-22 08:19 . 2016-09-22 08:19 406016 ----a-w- c:\windows\SysWow64\drmmgrtn.dll
2016-09-22 08:19 . 2016-09-22 08:19 354816 ----a-w- c:\windows\SysWow64\mfplat.dll
2016-09-22 08:19 . 2016-09-22 08:19 347136 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2016-09-22 08:19 . 2016-09-22 08:19 325632 ----a-w- c:\windows\system32\msnetobj.dll
2016-09-22 08:19 . 2016-09-22 08:19 266752 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2016-09-22 08:19 . 2016-09-22 08:19 265216 ----a-w- c:\windows\SysWow64\msnetobj.dll
2016-09-22 08:19 . 2016-09-22 08:19 2023424 ----a-w- c:\windows\system32\WsmSvc.dll
2016-09-22 08:19 . 2016-09-22 08:19 182272 ----a-w- c:\windows\system32\WsmAuto.dll
2016-09-22 08:19 . 2016-09-22 08:19 13824 ----a-w- c:\windows\system32\wsmprovhost.exe
2016-09-22 08:19 . 2016-09-22 08:19 12800 ----a-w- c:\windows\system32\wsmplpxy.dll
2016-09-22 08:19 . 2016-09-22 08:19 1202176 ----a-w- c:\windows\system32\drmv2clt.dll
2016-09-22 08:19 . 2016-09-22 08:19 11264 ----a-w- c:\windows\system32\msmmsp.dll
2016-09-22 08:19 . 2016-09-22 08:19 1068544 ----a-w- c:\windows\system32\cryptui.dll
2016-09-22 08:19 . 2016-09-22 08:19 54272 ----a-w- c:\windows\SysWow64\WsmRes.dll
2016-09-22 08:19 . 2016-09-22 08:19 54272 ----a-w- c:\windows\system32\WsmRes.dll
2016-09-22 08:19 . 2016-09-22 08:19 310784 ----a-w- c:\windows\system32\WsmWmiPl.dll
2016-09-22 08:19 . 2016-09-22 08:19 249344 ----a-w- c:\windows\SysWow64\WSManMigrationPlugin.dll
2016-09-22 08:19 . 2016-09-22 08:19 214016 ----a-w- c:\windows\SysWow64\WsmWmiPl.dll
2016-09-22 08:19 . 2016-09-22 08:19 199168 ----a-w- c:\windows\SysWow64\WSManHTTPConfig.exe
2016-09-22 08:19 . 2016-09-22 08:19 146944 ----a-w- c:\windows\SysWow64\WsmAuto.dll
2016-09-22 08:19 . 2016-09-22 08:19 12288 ----a-w- c:\windows\SysWow64\wsmprovhost.exe
2016-09-22 08:19 . 2016-09-22 08:19 1178112 ----a-w- c:\windows\SysWow64\WsmSvc.dll
2016-09-22 08:19 . 2016-09-22 08:19 10240 ----a-w- c:\windows\SysWow64\wsmplpxy.dll
2016-09-22 08:19 . 2016-09-22 08:19 680448 ----a-w- c:\windows\system32\audiosrv.dll
2016-09-22 08:19 . 2016-09-22 08:19 663552 ----a-w- c:\windows\system32\drivers\PEAuth.sys
2016-09-22 08:19 . 2016-09-22 08:19 499712 ----a-w- c:\windows\system32\AUDIOKSE.dll
2016-09-22 08:19 . 2016-09-22 08:19 442368 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2016-09-22 08:19 . 2016-09-22 08:19 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
2016-09-22 08:19 . 2016-09-22 08:19 295936 ----a-w- c:\windows\system32\AudioSes.dll
2016-09-22 08:19 . 2016-09-22 08:19 284672 ----a-w- c:\windows\system32\EncDump.dll
2016-09-22 08:19 . 2016-09-22 08:19 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2016-09-22 08:19 . 2016-09-22 08:19 195072 ----a-w- c:\windows\SysWow64\AudioSes.dll
2016-09-22 08:19 . 2016-09-22 08:19 440320 ----a-w- c:\windows\system32\AudioEng.dll
2016-09-22 08:19 . 2016-09-22 08:19 1573888 ----a-w- c:\windows\system32\quartz.dll
2016-09-22 08:19 . 2016-09-22 08:19 1329664 ----a-w- c:\windows\SysWow64\quartz.dll
2016-09-22 08:19 . 2016-09-22 08:19 125952 ----a-w- c:\windows\system32\audiodg.exe
2016-09-22 08:19 . 2016-09-22 08:19 9728 ----a-w- c:\windows\system32\pcalua.exe
2016-09-22 08:19 . 2016-09-22 08:19 8704 ----a-w- c:\windows\system32\pcaevts.dll
2016-09-22 08:19 . 2016-09-22 08:19 80896 ----a-w- c:\windows\SysWow64\cryptsp.dll
2016-09-22 08:19 . 2016-09-22 08:19 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2016-09-22 08:19 . 2016-09-22 08:19 37376 ----a-w- c:\windows\system32\pcadm.dll
2016-09-22 08:19 . 2016-09-22 08:19 371712 ----a-w- c:\windows\system32\qdvd.dll
2016-09-22 08:19 . 2016-09-22 08:19 11264 ----a-w- c:\windows\system32\pcawrk.exe
2016-09-22 08:19 . 2016-09-22 08:19 1005056 ----a-w- c:\windows\SysWow64\cryptui.dll
2016-09-22 08:19 . 2016-09-22 08:19 632320 ----a-w- c:\windows\system32\evr.dll
2016-09-22 08:19 . 2016-09-22 08:19 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2016-09-22 08:19 . 2016-09-22 08:19 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2016-09-22 08:19 . 2016-09-22 08:19 489984 ----a-w- c:\windows\SysWow64\evr.dll
2016-09-22 08:19 . 2016-09-22 08:19 4121600 ----a-w- c:\windows\system32\mf.dll
2016-09-22 08:19 . 2016-09-22 08:19 3209216 ----a-w- c:\windows\SysWow64\mf.dll
2016-09-22 08:19 . 2016-09-22 08:19 24576 ----a-w- c:\windows\system32\mfpmp.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2016-08-04 23:49 1044480 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2016-08-04 23:49 1044480 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2016-08-04 23:49 1044480 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-28 14:09 223552 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt10]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-28 14:09 223552 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-28 14:09 223552 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-28 14:09 223552 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-28 14:09 223552 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-28 14:09 223552 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-28 14:09 223552 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-28 14:09 223552 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-28 14:09 223552 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt9]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-28 14:09 223552 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.3.0.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WizMouse"="c:\program files (x86)\WizMouse\WizMouse.exe" [2013-09-22 119000]
"CyberGhost"="c:\program files\CyberGhost 6\CyberGhost.exe" [2016-11-28 1193008]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2016-11-11 23819048]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2016-11-09 110376]
"Advanced SystemCare 10"="c:\program files (x86)\IObit\Advanced SystemCare\ASCTray.exe" [2016-10-31 3076896]
"AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.8.2a\AOL.EXE" [2016-05-24 80816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-11-15 9080768]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2016-08-04 1154560]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-09-23 587288]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2016-11-01 6006560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2016-2-2 605400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 dbupdate;Dropbox Update Service (dbupdate);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R2 IObitUnSvr;IObit Uninstaller Service;c:\program files (x86)\IObit\IObit Uninstaller\IUService.exe;c:\program files (x86)\IObit\IObit Uninstaller\IUService.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 sbupdate;AOL Update Service (sbupdate);c:\program files (x86)\SentryBay\Update\SentryBayUpdate.exe;c:\program files (x86)\SentryBay\Update\SentryBayUpdate.exe [x]
R3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\DRIVERS\aswTap.sys;c:\windows\SYSNATIVE\DRIVERS\aswTap.sys [x]
R3 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [x]
R3 dbupdatem;Dropbox Update Service (dbupdatem);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R3 dbx;dbx;c:\windows\system32\DRIVERS\dbx.sys;c:\windows\SYSNATIVE\DRIVERS\dbx.sys [x]
R3 Everything;Everything;c:\program files (x86)\Everything\Everything.exe;c:\program files (x86)\Everything\Everything.exe [x]
R3 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]
R3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R3 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 TechSmith Uploader Service;TechSmith Uploader Service;c:\program files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe;c:\program files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 IMFFilter;IMFFilter;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswNetSec;aswNetSec;c:\windows\system32\drivers\aswNetSec.sys;c:\windows\SYSNATIVE\drivers\aswNetSec.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 networx;networx;c:\windows\system32\drivers\networx.sys;c:\windows\SYSNATIVE\drivers\networx.sys [x]
S2 AdvancedSystemCareService10;Advanced SystemCare Service 10;c:\program files (x86)\IObit\Advanced SystemCare\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare\ASCService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 avast! Firewall;Avast Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 CG6Service;CyberGhost 6 Service;c:\program files\CyberGhost 6\CyberGhost.Service.exe;c:\program files\CyberGhost 6\CyberGhost.Service.exe [x]
S2 DbxSvc;DbxSvc;c:\windows\system32\DbxSvc.exe;c:\windows\SYSNATIVE\DbxSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 EntryProtect;AOL Shield;c:\program files (x86)\AOL\AOL Shield\epservice.exe;c:\program files (x86)\AOL\AOL Shield\epservice.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 aswNetNd6;Avast Firewall NDIS6 Helper;c:\windows\system32\DRIVERS\aswNetNd6.sys;c:\windows\SYSNATIVE\DRIVERS\aswNetNd6.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 epfilter;epfilter;c:\windows\system32\drivers\epfilter.sys;c:\windows\SYSNATIVE\drivers\epfilter.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - epinject
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}]
2016-09-14 12:25 1230336 ----a-w- c:\program files (x86)\AOL\AOL Shield\Application\51.0.2708.0\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-12-04 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [2016-11-13 02:11]
.
2016-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-29 04:06]
.
2016-12-04 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job
- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-03 07:03]
.
2016-12-04 c:\windows\Tasks\DropboxUpdateTaskMachineUA.job
- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-03 07:03]
.
2016-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-29 03:01]
.
2016-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d1aafca8c828b9.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-29 03:01]
.
2016-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-29 03:01]
.
2016-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d1aafcab804e0a.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-29 03:01]
.
2016-06-08 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\users\John\AppData\Roaming\HP Photo Creations\Communicator.exe [2016-03-08 07:32]
.
2016-12-04 c:\windows\Tasks\SentryBayUpdateTaskMachineCore.job
- c:\program files (x86)\SentryBay\Update\SentryBayUpdate.exe [2016-08-22 06:19]
.
2016-12-04 c:\windows\Tasks\SentryBayUpdateTaskMachineUA.job
- c:\program files (x86)\SentryBay\Update\SentryBayUpdate.exe [2016-08-22 06:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2016-05-24 05:49 2478880 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2016-11-11 22:24 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2016-11-11 22:24 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2016-11-11 22:24 774104 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2016-08-04 23:27 1323520 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2016-08-04 23:27 1323520 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2016-08-04 23:27 1323520 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-28 14:09 270144 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt10]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-28 14:09 270144 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-28 14:09 270144 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-28 14:09 270144 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-28 14:09 270144 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-28 14:09 270144 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-28 14:09 270144 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-28 14:09 270144 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-28 14:09 270144 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt9]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2016-11-28 14:09 270144 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.3.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-08-20 06:25 1031520 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2016-10-08 8843784]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2016-11-04 7686472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2016-11-02 176440]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mDefault_Search_URL = www.google.com
mLocal Page = c:\windows\system32\blank.htm
mSearch Page = www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
TCP: DhcpNameServer = 209.18.47.62 209.18.47.61
TCP: Interfaces\{850704F4-A9D5-4D65-9491-5858F2065701}: NameServer = 77.234.40.79
TCP: Interfaces\{C7EE7144-E721-4964-B514-901EC065888F}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\080y1lbv.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?gws_rd=ssl
FF - prefs.js: keyword.URL - hxxps://www.google.com/?&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-Run-KSS - c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_207_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_207_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_207_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_207_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.23"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\AOL\AOL Shield\ep.exe
c:\program files (x86)\IObit\Advanced SystemCare\Monitor.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
.
**************************************************************************
.
Completion time: 2016-12-04  14:08:22 - machine was rebooted
ComboFix-quarantined-files.txt  2016-12-04 22:08
.
Pre-Run: 946,012,868,608 bytes free
Post-Run: 945,784,221,696 bytes free
.
- - End Of File - - 6F26C2F32E14B8110AC6D01BA7D9EAFA
A36C5E4F47E84449FF07ED3517B43A31


#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 PM

Posted 05 December 2016 - 10:20 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

That was a good cleanup.

Now run this one to clean any other Temp files.

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#15 spohnj

spohnj
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Simi Valley, CA.
  • Local time:04:30 PM

Posted 05 December 2016 - 12:04 PM

Here is the log for the JRT.exe

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Home Premium x64 
Ran by John (Administrator) on Mon 12/05/2016 at  8:53:26.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 57 
 
Failed to delete: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\080y1lbv.default\15fh236j.default\extensions\wecarereminder@bryan (Folder) 
Successfully deleted: C:\ProgramData\28341ff220e0446c9fff27c4493d622e (Folder) 
Successfully deleted: C:\ProgramData\734c4b00000063bb (Folder) 
Successfully deleted: C:\ProgramData\bac4e78000002225 (Folder) 
Successfully deleted: C:\ProgramData\iobit\driver booster (Folder) 
Successfully deleted: C:\ProgramData\productdata (Folder) 
Successfully deleted: C:\ProgramData\Service1291 (Folder) 
Successfully deleted: C:\ProgramData\viewpoint (Folder) 
Successfully deleted: C:\Users\John\AppData\Local\{57EC18D1-FB9C-4619-970F-71E11ACB544B} (Empty Folder)
Successfully deleted: C:\Users\John\AppData\Local\{7F801D6E-74A1-4DF8-BFB3-EE82BDBF76CC} (Empty Folder)
Successfully deleted: C:\Users\John\AppData\Local\{ABF4D66B-9576-4EF8-8A07-BA22C8E672D8} (Empty Folder)
Successfully deleted: C:\Users\John\AppData\Local\{AC1CB0A8-EA61-4A18-8DDD-C60668E04931} (Empty Folder)
Successfully deleted: C:\Users\John\AppData\Local\{D370A30B-32B3-4DCD-A79C-0C3FA7223F45} (Empty Folder)
Successfully deleted: C:\Users\John\AppData\Local\{F71891CF-30E4-494F-84E8-4B0238BFCDCD} (Empty Folder)
Successfully deleted: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh (Folder) 
Successfully deleted: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aoiidodopnnhiflaflbfeblnojefhigh (Folder) 
Successfully deleted: C:\Users\John\AppData\Local\installer (Folder) 
Successfully deleted: C:\Users\John\AppData\Roaming\iobit\driver booster (Folder) 
Successfully deleted: C:\Users\John\AppData\Roaming\itibiti (Folder) 
Successfully deleted: C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\search.lnk (Shortcut) 
Successfully deleted: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\080y1lbv.default\15fh236j.default\extensions\info@priceblink.com.xpi (File) 
Successfully deleted: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\080y1lbv.default\15fh236j.default\extensions\staged (Folder) 
Successfully deleted: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\080y1lbv.default\15fh236j.default\searchplugins\aol-search.xml (File) 
Successfully deleted: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\080y1lbv.default\15fh236j.default\searchplugins\askcom.xml (File) 
Successfully deleted: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\080y1lbv.default\15fh236j.default\searchplugins\bing-zugo.xml (File) 
Successfully deleted: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\080y1lbv.default\15fh236j.default\searchplugins\FireSearch.xml (File) 
Successfully deleted: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\080y1lbv.default\15fh236j.default\searchplugins\Foxtab Web Search.xml (File) 
Successfully deleted: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\080y1lbv.default\15fh236j.default\searchplugins\MyStart Search.xml (File) 
Successfully deleted: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\080y1lbv.default\15fh236j.default\searchplugins\search.xml (File) 
Successfully deleted: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\080y1lbv.default\15fh236j.default\user.js (File) 
Successfully deleted: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\080y1lbv.default\qc5ni5a3.default\searchplugins\Foxtab Web Search.xml (File) 
Successfully deleted: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\080y1lbv.default\qc5ni5a3.default\user.js (File) 
Successfully deleted: C:\Users\John\AppData\Roaming\productdata (Folder) 
Successfully deleted: C:\Users\John\AppData\Roaming\store (Folder) 
Successfully deleted: C:\Users\John\AppData\Roaming\wtools (Folder) 
Successfully deleted: C:\Users\John\Documents\add-in express (Folder) 
Successfully deleted: C:\Windows\hgfs.sys (File) 
Successfully deleted: C:\Windows\prleth.sys (File) 
Successfully deleted: C:\Windows\reimage.ini (File) 
Successfully deleted: C:\Windows\system32\Tasks\Driver Booster Scheduler (Task)
Successfully deleted: C:\Windows\system32\Tasks\Driver Booster SkipUAC (John) (Task)
Successfully deleted: C:\Windows\system32\Tasks\SmartDefrag4_Startup (Task)
Successfully deleted: C:\Windows\system32\Tasks\Uninstaller_SkipUac_John (Task)
Successfully deleted: C:\Windows\SysWOW64\get.dat (File) 
Successfully deleted: C:\Windows\SysWOW64\x64.txt (File) 
Successfully deleted: C:\Program Files (x86)\iobit\driver booster (Folder) 
Successfully deleted: C:\Program Files (x86)\predm (Folder) 
Successfully deleted: C:\Program Files (x86)\viewpoint (Folder) 
Successfully deleted: C:\Program Files\pc optimizer pro (Folder) 
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4J4O5JX7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BG662W0F (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GUHZ4EN4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JNW2QBXG (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4J4O5JX7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BG662W0F (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GUHZ4EN4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JNW2QBXG (Temporary Internet Files Folder) 
 
user_pref(browser.startup.homepage, hxxp://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1QzutDtDtCtA0DyEtByD0BtByBtBtA0D0CtCyEtN0D0TzutBtDtCtCtCtCtByB&cr=1597046346);
user_pref(browser.search.selectedEngine, Foxtab Web Search);
user_pref(browser.search.defaultenginename, Foxtab Web Search);
user_pref(extensions.facemoods.tlbrSrchUrl,hxxp://start.facemoods.com/?a=kno&f=3); 
user_pref(extensions.facemoods.hmpgUrl, hxxp://start.facemoods.com/?a=kno); 
user_pref(extensions.facemoods.id, 3423dc140000000000000013d425b272); 
user_pref(extensions.facemoods.sid, a5295996bf90488480f2dfc0bcb728de); 
user_pref(extensions.facemoods.instlDay, 15275); 
user_pref(extensions.facemoods.vrsn, 1.4.17.11); 
user_pref(extensions.facemoods.prtnrId, facemoods.com); 
user_pref(extensions.facemoods.aflt, kno); 
user_pref(extensions.facemoods.DNSErrUrl,hxxp://start.facemoods.com/?a=kno&f=5); 
user_pref(extensions.facemoods.mntz,); 
user_pref(extensions.facemoods.hmpg, false); 
user_pref(extensions.facemoods.dfltSrch, false); 
user_pref(extensions.facemoods.searchProviderAdded, false); 
user_pref(extensions.facemoods.dnsErr, false); 
user_pref(extensions.facemoods.newTab, false); 
user_pref(extensions.facemoods.firstRun, true); 
user_pref(extensions.facemoods.tlbrSrchUrl,hxxp://start.facemoods.com/?a=kno&f=3); 
user_pref(extensions.facemoods.hmpgUrl, hxxp://start.facemoods.com/?a=kno); 
user_pref(extensions.facemoods.id, 3423dc140000000000000013d425b272); 
user_pref(extensions.facemoods.sid, c8b13b7b46e34e33aa70400085d9e55d); 
user_pref(extensions.facemoods.instlDay, 15275); 
user_pref(extensions.facemoods.vrsn, 1.4.17.11); 
user_pref(extensions.facemoods.prtnrId, facemoods.com); 
user_pref(extensions.facemoods.aflt, kno); 
user_pref(extensions.facemoods.DNSErrUrl,hxxp://start.facemoods.com/?a=kno&f=5); 
user_pref(extensions.facemoods.mntz,); 
user_pref(extensions.facemoods.hmpg, false); 
user_pref(extensions.facemoods.dfltSrch, false); 
user_pref(extensions.facemoods.searchProviderAdded, false); 
user_pref(extensions.facemoods.dnsErr, false); 
user_pref(extensions.facemoods.newTab, false); 
user_pref(extensions.facemoods.firstRun, true); 
user_pref(extensions.facemoods.tlbrSrchUrl,hxxp://start.facemoods.com/?a=kno&f=3); 
user_pref(extensions.facemoods.hmpgUrl, hxxp://start.facemoods.com/?a=kno); 
user_pref(extensions.facemoods.id, 3423dc140000000000000013d425b272); 
user_pref(extensions.facemoods.sid, dec670a75a684f13be1a519015274161); 
user_pref(extensions.facemoods.instlDay, 15275); 
user_pref(extensions.facemoods.vrsn, 1.4.17.11); 
user_pref(extensions.facemoods.prtnrId, facemoods.com); 
user_pref(extensions.facemoods.aflt, kno); 
user_pref(extensions.facemoods.DNSErrUrl,hxxp://start.facemoods.com/?a=kno&f=5); 
user_pref(extensions.facemoods.mntz,); 
user_pref(extensions.facemoods.hmpg, false); 
user_pref(extensions.facemoods.dfltSrch, false); 
user_pref(extensions.facemoods.searchProviderAdded, false); 
user_pref(extensions.facemoods.dnsErr, false); 
user_pref(extensions.facemoods.newTab, false); 
user_pref(extensions.facemoods.firstRun, true); 
user_pref(extensions.facemoods.tlbrSrchUrl,hxxp://start.facemoods.com/?a=kno&f=3); 
user_pref(extensions.facemoods.hmpgUrl, hxxp://start.facemoods.com/?a=kno); 
user_pref(extensions.facemoods.id, 3423dc140000000000000013d425b272); 
user_pref(extensions.facemoods.sid, 848fb1874d6a4af9ad64c3b0693fab3a); 
user_pref(extensions.facemoods.instlDay, 15275); 
user_pref(extensions.facemoods.vrsn, 1.4.17.11); 
user_pref(extensions.facemoods.prtnrId, facemoods.com); 
user_pref(extensions.facemoods.aflt, kno); 
user_pref(extensions.facemoods.DNSErrUrl,hxxp://start.facemoods.com/?a=kno&f=5); 
user_pref(extensions.facemoods.mntz,); 
user_pref(extensions.facemoods.hmpg, false); 
user_pref(extensions.facemoods.dfltSrch, false); 
user_pref(extensions.facemoods.searchProviderAdded, false); 
user_pref(extensions.facemoods.dnsErr, false); 
user_pref(extensions.facemoods.newTab, false); 
user_pref(extensions.facemoods.firstRun, true); 
user_pref(extensions.facemoods.tlbrSrchUrl,hxxp://start.facemoods.com/?a=kno&f=3); 
user_pref(extensions.facemoods.hmpgUrl, hxxp://start.facemoods.com/?a=kno); 
user_pref(extensions.facemoods.id, 3423dc140000000000000013d425b272); 
user_pref(extensions.facemoods.sid, 68ca533be4a8492e92555cc9ab548c4e); 
user_pref(extensions.facemoods.instlDay, 15334); 
user_pref(extensions.facemoods.vrsn, 1.4.17.11); 
user_pref(extensions.facemoods.prtnrId, facemoods.com); 
user_pref(extensions.facemoods.aflt, kno); 
user_pref(extensions.facemoods.DNSErrUrl,hxxp://start.facemoods.com/?a=kno&f=5); 
user_pref(extensions.facemoods.mntz,); 
user_pref(extensions.facemoods.hmpg, false); 
user_pref(extensions.facemoods.dfltSrch, false); 
user_pref(extensions.facemoods.searchProviderAdded, false); 
user_pref(extensions.facemoods.dnsErr, false); 
user_pref(extensions.facemoods.newTab, false); 
user_pref(extensions.facemoods.firstRun, true); 
 
 
 
Registry: 4 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/05/2016 at  8:59:48.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users