Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

help with log file

(In Progress)
(!)

Mack V's Avatar
Mack V Mack V is offline
Member with 111 posts.
THREAD STARTER
 
Join Date: May 2002
29-Sep-2013, 08:05 PM #1
help with log file
Any help is greatly appreciated. My aunts computer is running very slow with pop ups and programs not responding.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:02:42 PM, on 9/29/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {5fdb0cd8-5760-44d1-8d13-a78bf558c3c7} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrec ordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Assistant BHO - {9359da42-06fb-46f2-9e4a-05c05b98a5ef} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll
O2 - BHO: Toolbar BHO - {d5a1d22b-9e17-454f-8ecd-83c578fb3983} - C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {e86e69ac-a2ce-415a-967e-70ded47d72e2} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {10834e9a-d475-4a24-ad01-f3f24f71b28e} - (no file)
O3 - Toolbar: InboxAce - {3775afd7-5921-4571-968f-85a631203d1c} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT"&"inst=Nzc tNzA5NTU4NzA1LVFJWDErNC1GMTBNMTBEKzItWDIwMTArMi1MSUMrMjItU1AxKzEtU1AxVEIrMS 1TVUQrMS1TMUkrMS1TVTMrMS1GTDEwKzEtVFVHKzMtRERUKzk4NzgtREQxMEYrMQ"&"prod=55" &"ver=10.0.1392
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InboxAceService (InboxAce_1gService) - COMPANYVERS_NAME - C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_af c3018f8cfedd20\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10150 bytes
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,623 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
30-Sep-2013, 12:10 PM #2
Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:



You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.


__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
Mack V's Avatar
Mack V Mack V is offline
Member with 111 posts.
THREAD STARTER
 
Join Date: May 2002
30-Sep-2013, 12:36 PM #3
Thank you so much for any help.


# AdwCleaner v3.005 - Report created 30/09/2013 at 12:32:09
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Gerri - GERRI-PC
# Running from : C:\Users\Gerri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LLEXD995\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BitGuard
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\Program Files (x86)\openit
Folder Deleted : C:\Users\Gerri\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Gerri\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh
Folder Deleted : C:\Users\Gerri\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj
File Deleted : C:\Users\Gerri\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKCU\Software\5a28f8be66ee512
Key Deleted : HKLM\SOFTWARE\5a28f8be66ee512
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\BabSolution

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Gerri\AppData\Roaming\Mozilla\Firefox\Profiles\hjglqkxp.default\pr efs.js ]


-\\ Google Chrome v29.0.1547.76

[ File : C:\Users\Gerri\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8501 octets] - [29/09/2013 19:12:36]
AdwCleaner[R1].txt - [2246 octets] - [30/09/2013 12:31:27]
AdwCleaner[S0].txt - [7581 octets] - [29/09/2013 19:13:28]
AdwCleaner[S1].txt - [1965 octets] - [30/09/2013 12:32:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2025 octets] ##########
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,623 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
30-Sep-2013, 01:49 PM #4
run adwcleaner again please in clean mode then after it reboots then please

Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Hereto your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on renamed combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...
Mack V's Avatar
Mack V Mack V is offline
Member with 111 posts.
THREAD STARTER
 
Join Date: May 2002
30-Sep-2013, 03:18 PM #5
ComboFix 13-09-30.02 - Gerri 09/30/2013 15:07:24.3.2 - x64
Running from: c:\users\Gerri\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\73A9.tmp
c:\programdata\Microsoft\Windows\DRM\75ED.tmp
c:\programdata\Microsoft\Windows\DRM\C572.tmp
c:\users\Gerri\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\users\Gerri\AppData\Local\TopArcadeHits
c:\users\Gerri\AppData\Local\TopArcadeHits\tah.config
c:\users\Gerri\AppData\Local\TopArcadeHits\Toparcadehits.dll
c:\users\Gerri\AppData\Local\TopArcadeHits\uninstaller.exe
c:\users\Gerri\AppData\Local\TopArcadeHits\updater.exe
c:\users\Gerri\Documents\~WRL0005.tmp
c:\users\Gerri\Documents\~WRL0656.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-08-28 to 2013-09-30 )))))))))))))))))))))))))))))))
.
.
2013-09-30 19:14 . 2013-09-30 19:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-09-30 19:14 . 2013-09-30 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-30 19:14 . 2013-09-30 19:14 -------- d-----w- c:\users\AppData\AppData\Local\temp
2013-09-30 19:14 . 2013-09-30 19:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-09-30 19:01 . 2013-09-30 19:02 -------- d-----w- C:\32788R22FWJFW
2013-09-30 16:28 . 2013-09-30 16:28 -------- d-----w- c:\program files (x86)\FileOpenerPro
2013-09-30 01:28 . 2013-09-30 18:47 -------- d-----w- c:\users\Gerri\AppData\Local\Deployment
2013-09-30 00:56 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-09-30 00:56 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-09-30 00:56 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-09-30 00:56 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-09-30 00:47 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-09-30 00:47 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-09-30 00:47 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-09-30 00:47 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-09-30 00:47 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-09-30 00:47 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-09-30 00:47 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-09-30 00:27 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
2013-09-30 00:26 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-09-30 00:25 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2013-09-30 00:20 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-09-30 00:20 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-09-30 00:19 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2013-09-30 00:19 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2013-09-29 23:55 . 2013-09-29 23:55 388096 ----a-r- c:\users\Gerri\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-09-29 23:55 . 2013-09-29 23:55 -------- d-----w- c:\program files (x86)\Trend Micro
2013-09-29 23:52 . 2013-09-29 23:52 -------- d-----w- c:\users\Gerri\AppData\Roaming\0D0S1L2Z1P1B
2013-09-29 23:31 . 2013-09-29 23:35 -------- d-----w- c:\program files (x86)\Browsersafeguard
2013-09-29 23:23 . 2013-09-29 23:52 -------- d-----w- c:\program files (x86)\Whilokii
2013-09-29 23:12 . 2013-09-30 18:43 -------- d-----w- C:\AdwCleaner
2013-09-20 23:56 . 2013-09-20 23:56 -------- d-----w- c:\users\Gerri\AppData\Roaming\AVG2014
2013-09-20 23:55 . 2013-09-20 23:55 -------- d-----w- c:\users\Gerri\AppData\Roaming\TuneUp Software
2013-09-20 23:55 . 2013-09-20 23:55 -------- d-----w- C:\$AVG
2013-09-20 23:55 . 2013-09-29 23:24 -------- d-----w- c:\programdata\AVG2014
2013-09-20 23:54 . 2013-09-21 01:10 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Avg2014
2013-09-20 23:39 . 2013-09-21 02:57 -------- d-----w- c:\users\Gerri\AppData\Local\Avg2014
2013-09-20 23:39 . 2013-09-20 23:39 -------- d-----w- c:\users\Gerri\AppData\Local\MFAData
2013-09-20 23:01 . 2013-09-20 23:01 -------- d-----w- c:\program files\CCleaner
2013-09-16 08:14 . 2013-07-04 07:11 829264 ----a-w- c:\windows\system32\msvcr100.dll
2013-09-16 08:14 . 2013-07-04 07:11 608080 ----a-w- c:\windows\system32\msvcp100.dll
2013-09-12 04:52 . 2013-08-10 03:17 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-12 04:52 . 2013-08-10 03:07 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-09-12 04:52 . 2013-08-10 05:20 526336 ----a-w- c:\windows\system32\ieui.dll
2013-09-12 04:52 . 2013-08-10 05:20 356864 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2013-09-12 04:52 . 2013-08-10 03:58 236032 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2013-09-12 04:52 . 2013-08-10 03:58 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-09-12 04:52 . 2013-08-10 05:21 278528 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-09-12 04:52 . 2013-08-10 05:20 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-09-12 04:52 . 2013-08-10 05:20 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-09-12 04:52 . 2013-08-10 03:58 217600 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-09-12 04:52 . 2013-08-10 03:58 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-09-10 23:50 . 2013-08-02 01:59 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-09-10 23:50 . 2013-08-02 01:59 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-09-10 23:50 . 2013-08-02 02:23 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-09-10 23:50 . 2013-08-02 02:15 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-09-09 02:11 . 2013-09-09 02:11 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll
2013-09-02 14:59 . 2013-09-02 14:59 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-09-02 14:29 . 2013-09-02 14:29 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-09-02 14:26 . 2013-09-02 14:26 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-09-02 14:26 . 2013-09-02 14:26 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 23:07 . 2013-03-31 17:32 234544 ----a-w- c:\windows\RegBootClean64.exe
2013-09-19 23:23 . 2012-03-29 00:51 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-19 23:23 . 2011-06-18 11:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-12 04:46 . 2010-01-28 09:42 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-21 02:53 . 2013-08-21 02:53 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-08-02 01:48 . 2013-09-10 23:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-01 20:07 . 2013-08-01 20:07 251192 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-08-01 20:06 . 2013-08-01 20:06 147768 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-07-31 23:30 . 2013-07-31 23:30 22064 ----a-w- c:\windows\DCEBoot64.exe
2013-07-25 09:25 . 2013-08-26 22:32 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-26 22:32 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-26 22:32 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-26 22:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-26 22:33 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-26 22:32 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-26 22:33 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-26 22:33 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-26 22:33 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-26 22:32 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-26 22:33 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-26 22:33 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-26 22:33 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-26 22:33 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-26 22:32 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-21 17:54 . 2013-02-21 17:54 4126720 ----a-w- c:\program files (x86)\GUT2971.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9359da42-06fb-46f2-9e4a-05c05b98a5ef}]
2013-07-20 17:15 62864 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{d5a1d22b-9e17-454f-8ecd-83c578fb3983}]
2013-07-20 17:15 712264 ----a-w- c:\progra~2\INBOXA~2\bar\1.bin\1gbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3775afd7-5921-4571-968f-85a631203d1c}"= "c:\program files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll" [2013-07-20 712264]
.
[HKEY_CLASSES_ROOT\clsid\{3775afd7-5921-4571-968f-85a631203d1c}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-06-16 295512]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-09-16 4851760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru nOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT&inst=NzctN zA5NTU4NzA1LVFJWDErNC1GMTBNMTBEKzItWDIwMTArMi1MSUMrMjItU1AxKzEtU1AxVEIrMS1T VUQrMS1TMUkrMS1TVTMrMS1GTDEwKzEtVFVHKzMtRERUKzk4NzgtREQxMEYrMQ&prod=55&ver= 10.0.1392" [?]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-26 559616]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe ;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIV E\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNA TIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\Wa tAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNA TIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS \avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVER S\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVER S\avgrkx64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys;c:\windows\SYSNATIVE\DRIVERS\Lb d.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNA TIVE\Drivers\PxHlpa64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVER S\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\ windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVER S\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS \avgtdia.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYS NATIVE\drivers\ElRawDsk.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 InboxAce_1gService;InboxAceService;c:\progra~2\INBOXA~2\bar\1.bin\1gbarsvc. exe;c:\progra~2\INBOXA~2\bar\1.bin\1gbarsvc.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVER S\CtClsFlt.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Driver s\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRI VERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-23 05:03 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 23:23]
.
2013-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 20:51]
.
2013-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 20:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"InboxAce Home Page Guard 64 bit"="c:\progra~2\INBOXA~2\bar\1.bin\AppIntegrator64.exe" [2013-07-20 548936]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://yahoo.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
mSearchAssistant = hxxp://www.google.com
mCustomizeSearch = hxxp://www.google.com
Trusted Zone: dell.com
TCP: DhcpNameServer = 216.12.78.10 216.12.78.20
FF - ProfilePath - c:\users\Gerri\AppData\Roaming\Mozilla\Firefox\Profiles\hjglqkxp.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - ExtSQL: 2013-09-26 16:44; firefox@whilokii.net; c:\users\Gerri\AppData\Roaming\Mozilla\Firefox\Profiles\hjglqkxp.default\ex tensions\firefox@whilokii.net.xpi
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - c:\users\Gerri\AppData\Local\TopArcadeHits\Toparcadehits.dll
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
ShellIconOverlayIdentifiers-{4d87b7a7-23f1-470c-aa45-96b25b9bd138} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{B81767E1-672D-4DA1-B5CC-D277185815A6} - (no file)
ShellIconOverlayIdentifiers-{4d87b7a7-23f1-470c-aa45-96b25b9bd138} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Define Ext - c:\users\Gerri\AppData\Local\DefineExt\uninst.exe
AddRemove-Zip Extractor Packages - c:\users\Gerri\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe
AddRemove-{C1C3E833-420E-4D78-9BA7-86AEBB272384} - c:\users\Gerri\AppData\Local\TopArcadeHits\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{44520B54-9E1A-420B-AAC8-B53721CBD53F}"=hex:51,66,7a,6c,4c,1d,38,12,3a,08,41,
40,28,d0,65,07,d5,de,f6,77,24,95,91,2b
"{B81767E1-672D-4DA1-B5CC-D277185815A6}"=hex:51,66,7a,6c,4c,1d,38,12,8f,64,04,
bc,1f,29,cf,08,ca,da,91,37,1d,06,51,b2
"{3042DF7A-E900-4389-9B94-923DF0DAA57E}"=hex:51,66,7a,6c,4c,1d,38,12,14,dc,51,
34,32,a7,e7,06,e4,82,d1,7d,f5,84,e1,6a
"{A0154E07-2B48-475C-A82A-80EFD84EA33E}"=hex:51,66,7a,6c,4c,1d,38,12,69,4d,06,
a4,7a,65,32,02,d7,3c,c3,af,dd,10,e7,2a
"{C98D5B61-B0EA-4D48-9839-1079D352D880}"=hex:51,66,7a,6c,4c,1d,38,12,0f,58,9e,
cd,d8,fe,26,08,e7,2f,53,39,d6,0c,9c,94
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{78BA36C9-6036-482B-B48D-ECCA6F964B84}"=hex:51,66,7a,6c,4c,1d,38,12,a7,35,a9,
7c,04,2e,45,0d,cb,9b,af,8a,6a,c8,0f,90
"{B36151D1-7770-4480-87E4-F89FB54E173D}"=hex:51,66,7a,6c,4c,1d,38,12,bf,52,72,
b7,42,39,ee,01,f8,f2,bb,df,b0,10,53,29
"{CF51DE5B-EB36-4114-BB69-84DF63FBADB4}"=hex:51,66,7a,6c,4c,1d,38,12,35,dd,42,
cb,04,a5,7a,04,c4,7f,c7,9f,66,a5,e9,a0
"{06E3475C-5521-4DE8-BB12-50720F21631C}"=hex:51,66,7a,6c,4c,1d,38,12,32,44,f0,
02,13,1b,86,08,c4,04,13,32,0a,7f,27,08
"{11111111-1111-1111-1111-110211181102}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,
15,23,5f,7f,54,6e,07,52,42,14,46,55,16
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2D948797-8FE3-4508-9B6F-4BF349A9EA34}"=hex:51,66,7a,6c,4c,1d,38,12,f9,84,87,
29,d1,c1,66,00,e4,79,08,b3,4c,f7,ae,20
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{48909954-14FB-4971-A7B3-47E7AF10B38A}"=hex:51,66,7a,6c,4c,1d,38,12,3a,9a,83,
4c,c9,5a,1f,0c,d8,a5,04,a7,aa,4e,f7,9e
"{58376892-60E7-4F63-ACA0-0F686AF554D6}"=hex:51,66,7a,6c,4c,1d,38,12,fc,6b,24,
5c,d5,2e,0d,0a,d3,b6,4c,28,6f,ab,10,c2
"{5848763C-2668-44CA-ADBE-2999A6EE2858}"=hex:51,66,7a,6c,4c,1d,38,12,52,75,5b,
5c,5a,68,a4,01,d2,a8,6a,d9,a3,b0,6c,4c
"{5D79F641-C168-40DF-A32F-BACEA7509E75}"=hex:51,66,7a,6c,4c,1d,38,12,2f,f5,6a,
59,5a,8f,b1,05,dc,39,f9,8e,a2,0e,da,61
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{6EB534FB-2001-45C4-B860-BC904865A379}"=hex:51,66,7a,6c,4c,1d,38,12,95,37,a6,
6a,33,6e,aa,00,c7,76,ff,d0,4d,3b,e7,6d
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}"=hex:51,66,7a,6c,4c,1d,38,12,33,9a,b5,
a3,d3,20,bf,0a,dd,4e,0a,79,58,05,bd,88
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870}"=hex:51,66,7a,6c,4c,1d,38,12,b0,dc,45,
af,26,42,dd,00,e2,e0,38,4e,bf,3f,3c,64
"{B7ACDF9C-C4F9-4D5D-998E-B147866B4D4C}"=hex:51,66,7a,6c,4c,1d,38,12,f2,dc,bf,
b3,cb,8a,33,08,e6,98,f2,07,83,35,09,58
"{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}"=hex:51,66,7a,6c,4c,1d,38,12,fb,ff,52,
cf,81,bf,f9,02,f4,a0,53,52,fa,3c,ef,ae
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{DD9475F4-A228-4E22-8D37-4B52C2054C31}"=hex:51,66,7a,6c,4c,1d,38,12,9a,76,87,
d9,1a,ec,4c,0b,f2,21,08,12,c7,5b,08,25
"{DF22384F-CF68-4D19-969F-10423715528B}"=hex:51,66,7a,6c,4c,1d,38,12,21,3b,31,
db,5a,81,77,08,e9,89,53,02,32,4b,16,9f
"{F149B372-5830-4D88-B8F6-2853D12C1AF5}"=hex:51,66,7a,6c,4c,1d,38,12,1c,b0,5a,
f5,02,16,e6,08,c7,e0,6b,13,d4,72,5e,e1
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:1a,d7,99,d4,7a,2b,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_ 8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-30 15:17:11
ComboFix-quarantined-files.txt 2013-09-30 19:17
ComboFix2.txt 2013-04-04 18:05
.
- - End Of File - - 8B7C7220537BC8906D5ADC586807CEC2
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,623 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
30-Sep-2013, 05:34 PM #6
Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)
Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished
Close any open browsers
Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.







This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply


Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum

This will create a zip file inside C:\QooBox\quarantine named something like [38]-Submit_2008-01-17@17.50.zip

at the end it will pop up an alert & open your browser and ask you to send the zip file

please follow those instructions. We need to see the zip file before we can carry on with the fix

If there is no pop up alert or open browser then

please go to http://www.bleepingcomputer.com/subm...php?channel=38

Files to submit:
the zip file inside C:\QooBox\quarantine created by combofix named something like [38]-Submit_2008-01-17@17.50.zip
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Mack V's Avatar
Mack V Mack V is offline
Member with 111 posts.
THREAD STARTER
 
Join Date: May 2002
30-Sep-2013, 07:33 PM #7
ComboFix 13-09-30.02 - Gerri 09/30/2013 18:55:14.4.2 - x64
Running from: c:\users\Gerri\Desktop\ComboFix.exe
Command switches used :: c:\users\Gerri\Desktop\CFScript.txt
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_InboxAce_1gService
.
.
((((((((((((((((((((((((( Files Created from 2013-08-28 to 2013-09-30 )))))))))))))))))))))))))))))))
.
.
2013-09-30 23:03 . 2013-09-30 23:03 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-09-30 23:03 . 2013-09-30 23:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-09-30 23:03 . 2013-09-30 23:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-30 23:03 . 2013-09-30 23:03 -------- d-----w- c:\users\AppData\AppData\Local\temp
2013-09-30 16:28 . 2013-09-30 16:28 -------- d-----w- c:\program files (x86)\FileOpenerPro
2013-09-30 01:28 . 2013-09-30 18:47 -------- d-----w- c:\users\Gerri\AppData\Local\Deployment
2013-09-30 00:56 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-09-30 00:56 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-09-30 00:56 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-09-30 00:56 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-09-30 00:47 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-09-30 00:47 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-09-30 00:47 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-09-30 00:47 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-09-30 00:47 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-09-30 00:47 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-09-30 00:47 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-09-30 00:27 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
2013-09-30 00:26 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-09-30 00:25 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2013-09-30 00:20 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-09-30 00:20 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-09-30 00:19 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2013-09-30 00:19 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2013-09-29 23:55 . 2013-09-29 23:55 388096 ----a-r- c:\users\Gerri\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-09-29 23:55 . 2013-09-29 23:55 -------- d-----w- c:\program files (x86)\Trend Micro
2013-09-29 23:52 . 2013-09-29 23:52 -------- d-----w- c:\users\Gerri\AppData\Roaming\0D0S1L2Z1P1B
2013-09-29 23:31 . 2013-09-29 23:35 -------- d-----w- c:\program files (x86)\Browsersafeguard
2013-09-29 23:23 . 2013-09-29 23:52 -------- d-----w- c:\program files (x86)\Whilokii
2013-09-29 23:12 . 2013-09-30 18:43 -------- d-----w- C:\AdwCleaner
2013-09-20 23:56 . 2013-09-20 23:56 -------- d-----w- c:\users\Gerri\AppData\Roaming\AVG2014
2013-09-20 23:55 . 2013-09-20 23:55 -------- d-----w- c:\users\Gerri\AppData\Roaming\TuneUp Software
2013-09-20 23:55 . 2013-09-20 23:55 -------- d-----w- C:\$AVG
2013-09-20 23:55 . 2013-09-29 23:24 -------- d-----w- c:\programdata\AVG2014
2013-09-20 23:54 . 2013-09-21 01:10 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Avg2014
2013-09-20 23:39 . 2013-09-21 02:57 -------- d-----w- c:\users\Gerri\AppData\Local\Avg2014
2013-09-20 23:39 . 2013-09-20 23:39 -------- d-----w- c:\users\Gerri\AppData\Local\MFAData
2013-09-20 23:01 . 2013-09-20 23:01 -------- d-----w- c:\program files\CCleaner
2013-09-16 08:14 . 2013-07-04 07:11 829264 ----a-w- c:\windows\system32\msvcr100.dll
2013-09-16 08:14 . 2013-07-04 07:11 608080 ----a-w- c:\windows\system32\msvcp100.dll
2013-09-12 04:52 . 2013-08-10 03:17 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-12 04:52 . 2013-08-10 03:07 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-09-12 04:52 . 2013-08-10 05:20 526336 ----a-w- c:\windows\system32\ieui.dll
2013-09-12 04:52 . 2013-08-10 05:20 356864 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2013-09-12 04:52 . 2013-08-10 03:58 236032 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2013-09-12 04:52 . 2013-08-10 03:58 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-09-12 04:52 . 2013-08-10 05:21 278528 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-09-12 04:52 . 2013-08-10 05:20 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-09-12 04:52 . 2013-08-10 05:20 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-09-12 04:52 . 2013-08-10 03:58 217600 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-09-12 04:52 . 2013-08-10 03:58 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-09-10 23:50 . 2013-08-02 01:59 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-09-10 23:50 . 2013-08-02 01:59 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-09-10 23:50 . 2013-08-02 02:23 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-09-10 23:50 . 2013-08-02 02:15 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-09-09 02:11 . 2013-09-09 02:11 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll
2013-09-02 14:59 . 2013-09-02 14:59 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-09-02 14:29 . 2013-09-02 14:29 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-09-02 14:26 . 2013-09-02 14:26 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-09-02 14:26 . 2013-09-02 14:26 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 23:07 . 2013-03-31 17:32 234544 ----a-w- c:\windows\RegBootClean64.exe
2013-09-19 23:23 . 2012-03-29 00:51 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-19 23:23 . 2011-06-18 11:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-12 04:46 . 2010-01-28 09:42 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-21 02:53 . 2013-08-21 02:53 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-08-02 01:48 . 2013-09-10 23:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-01 20:07 . 2013-08-01 20:07 251192 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-08-01 20:06 . 2013-08-01 20:06 147768 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-07-31 23:30 . 2013-07-31 23:30 22064 ----a-w- c:\windows\DCEBoot64.exe
2013-07-25 09:25 . 2013-08-26 22:32 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-26 22:32 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-26 22:32 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-26 22:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-26 22:33 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-26 22:32 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-26 22:33 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-26 22:33 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-26 22:33 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-26 22:32 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-26 22:33 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-26 22:33 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-26 22:33 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-26 22:33 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-26 22:32 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-21 17:54 . 2013-02-21 17:54 4126720 ----a-w- c:\program files (x86)\GUT2971.tmp
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files (x86)\Browsersafeguard ----
.
2013-09-29 23:31 . 2013-09-29 23:35 547 ----a-w- c:\program files (x86)\Browsersafeguard\install.log
2013-09-29 23:31 . 2013-09-29 23:31 2375680 ----a-w- c:\program files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe
.
---- Directory of c:\program files (x86)\InboxAce_1g ----
.
2013-07-20 17:15 . 2013-07-20 17:15 34 ----a-w- c:\program files (x86)\InboxAce_1g\bar\Settings\s_pid.dat
2013-07-20 17:15 . 2013-07-20 17:15 446747 ----a-w- c:\program files (x86)\InboxAce_1g\bar\IE9Mesg\COMMON.T8S
2013-07-20 17:15 . 2013-07-20 17:15 1547 ----a-w- c:\program files (x86)\InboxAce_1g\bar\gen1\COMMON.T8S
2013-07-20 17:15 . 2013-07-20 17:15 89451 ----a-w- c:\program files (x86)\InboxAce_1g\bar\Message\COMMON.T8S
2013-07-20 17:15 . 2013-07-20 17:15 231 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\installKeys.js
2013-07-20 17:15 . 2013-07-20 17:15 548864 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\chrome\1gffxtbr.jar
2013-07-20 17:15 . 2013-07-20 17:15 66272 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\VERIFY.DLL
2013-07-20 17:15 . 2013-07-20 17:15 42384 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1guabtn.dll
2013-07-20 17:15 . 2013-07-20 17:15 179480 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gtpinst.dll
2013-07-20 17:15 . 2013-07-20 17:15 72848 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\T8TICKER.DLL
2013-07-20 17:15 . 2013-07-20 17:15 44784 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gSrchMn.exe
2013-07-20 17:15 . 2013-07-20 17:15 62864 ------w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll
2013-07-20 17:15 . 2013-07-20 17:15 30216 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gskplay.exe
2013-07-20 17:15 . 2013-07-20 17:15 303504 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gsknlcr.dll
2013-07-20 17:15 . 2013-07-20 17:15 128512 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gskin.dll
2013-07-20 17:15 . 2013-07-20 17:15 46480 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gscript.dll
2013-07-20 17:15 . 2013-07-20 17:15 194936 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\T8RES.DLL
2013-07-20 17:15 . 2013-07-20 17:15 42512 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gregiet.dll
2013-07-20 17:15 . 2013-07-20 17:15 48880 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1greghk.dll
2013-07-20 17:15 . 2013-07-20 17:15 42512 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gregfft.dll
2013-07-20 17:15 . 2013-07-20 17:15 124304 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gradio.dll
2013-07-20 17:15 . 2013-07-20 17:15 69192 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gPlugin.dll
2013-07-20 17:15 . 2013-07-20 17:15 161288 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gmsg.dll
2013-07-20 17:15 . 2013-07-20 17:15 46480 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gmlbtn.dll
2013-07-20 17:15 . 2013-07-20 17:15 22048 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gmedint.exe
2013-07-20 17:15 . 2013-07-20 17:15 32448 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gimpipe.exe
2013-07-20 17:15 . 2013-07-20 17:15 42384 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gieovr.dll
2013-07-20 17:15 . 2013-07-20 17:15 34192 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gidle.dll
2013-07-20 17:15 . 2013-07-20 17:15 83456 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1ghttpct.dll
2013-07-20 17:15 . 2013-07-20 17:15 163072 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1ghtmlmu.dll
2013-07-20 17:15 . 2013-07-20 17:15 101640 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\T8HTML.DLL
2013-07-20 17:15 . 2013-07-20 17:15 34344 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1ghkstub.dll
2013-07-20 17:15 . 2013-07-20 17:15 22048 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1ghighin.exe
2013-07-20 17:15 . 2013-07-20 17:15 91648 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gfeedmg.dll
2013-07-20 17:15 . 2013-07-20 17:15 80536 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\T8EXTPEX.DLL
2013-07-20 17:15 . 2013-07-20 17:15 74248 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\T8EXTEX.DLL
2013-07-20 17:15 . 2013-07-20 17:15 54672 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gdyn.dll
2013-07-20 17:15 . 2013-07-20 17:15 50728 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gdlghk.dll
2013-07-20 17:15 . 2013-07-20 17:15 99840 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gdatact.dll
2013-07-20 17:15 . 2013-07-20 17:15 34192 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gbrstub.dll
2013-07-20 17:15 . 2013-07-20 17:15 30096 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gbrmon.exe
2013-07-20 17:15 . 2013-07-20 17:15 153752 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gbprtct.dll
2013-07-20 17:15 . 2013-07-20 17:15 42504 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gbarsvc.exe
2013-07-20 17:15 . 2013-07-20 17:15 712264 ------w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll
2013-07-20 17:15 . 2013-07-20 17:15 30224 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gauxstb.dll
2013-07-20 17:15 . 2013-07-20 17:15 31096 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\NP1gStub.dll
2013-07-20 17:15 . 2013-07-20 17:15 10054 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\LOGO.BMP
2013-07-20 17:15 . 2013-07-20 17:15 2048 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\INSTALL.RDF
2013-07-20 17:15 . 2013-07-20 17:15 442952 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\Hpg64.dll
2013-07-20 17:15 . 2013-07-20 17:15 482888 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\EXEMANAGER.DLL
2013-07-20 17:15 . 2013-07-20 17:15 289864 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\DPNMNGR.DLL
2013-07-20 17:15 . 2013-07-20 17:15 1370184 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\CrExtP1g.exe
2013-07-20 17:15 . 2013-07-20 17:15 1241672 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\CREXT.DLL
2013-07-20 17:15 . 2013-07-20 17:15 1024 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\CHROME.MANIFEST
2013-07-20 17:15 . 2013-07-20 17:15 20480 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\BOOTSTRAP.JS
2013-07-20 17:15 . 2013-07-20 17:15 292424 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\AppIntegratorStub64.dll
2013-07-20 17:15 . 2013-07-20 17:15 548936 ------w- c:\program files (x86)\InboxAce_1g\bar\1.bin\AppIntegrator64.exe
.
---- Directory of c:\program files (x86)\Whilokii ----
.
2013-09-29 23:24 . 2013-09-29 23:52 5011 ----a-w- c:\program files (x86)\Whilokii\updateWhilokii.InstallState
2013-09-26 20:44 . 2013-09-26 20:44 3394 ----a-w- c:\program files (x86)\Whilokii\dlmdlmoekcipeicfbnohedgkglmbhcla.crx
2013-09-26 20:44 . 2013-09-26 20:44 1150 ----a-w- c:\program files (x86)\Whilokii\Whilokii.ico
.
---- Directory of c:\users\Gerri\AppData\Roaming\0D0S1L2Z1P1B ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9359da42-06fb-46f2-9e4a-05c05b98a5ef}]
2013-07-20 17:15 62864 ------w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}]
c:\users\Gerri\AppData\Local\TopArcadeHits\Toparcadehits.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{d5a1d22b-9e17-454f-8ecd-83c578fb3983}]
2013-07-20 17:15 712264 ------w- c:\progra~2\INBOXA~2\bar\1.bin\1gbar.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-06-16 295512]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-09-16 4851760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru nOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT&inst=NzctN zA5NTU4NzA1LVFJWDErNC1GMTBNMTBEKzItWDIwMTArMi1MSUMrMjItU1AxKzEtU1AxVEIrMS1T VUQrMS1TMUkrMS1TVTMrMS1GTDEwKzEtVFVHKzMtRERUKzk4NzgtREQxMEYrMQ&prod=55&ver= 10.0.1392" [?]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-26 559616]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIV E\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNA TIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\Wa tAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNA TIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS \avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVER S\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVER S\avgrkx64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys;c:\windows\SYSNATIVE\DRIVERS\Lb d.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNA TIVE\Drivers\PxHlpa64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVER S\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\ windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVER S\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS \avgtdia.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYS NATIVE\drivers\ElRawDsk.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe ;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVER S\CtClsFlt.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Driver s\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRI VERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-23 05:03 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 23:23]
.
2013-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 20:51]
.
2013-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 20:51]
.
2013-09-30 c:\windows\Tasks\User_Feed_Synchronization-{C8D32A8E-F5D9-4F28-9F53-A795D8F3D8D2}.job
- c:\windows\system32\msfeedssync.exe [2013-05-07 07:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://yahoo.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
mSearchAssistant = hxxp://www.google.com
mCustomizeSearch = hxxp://www.google.com
Trusted Zone: dell.com
TCP: DhcpNameServer = 216.12.78.10 216.12.78.20
FF - ProfilePath - c:\users\Gerri\AppData\Roaming\Mozilla\Firefox\Profiles\hjglqkxp.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - ExtSQL: 2013-09-26 16:44; firefox@whilokii.net; c:\users\Gerri\AppData\Roaming\Mozilla\Firefox\Profiles\hjglqkxp.default\ex tensions\firefox@whilokii.net.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{B81767E1-672D-4DA1-B5CC-D277185815A6} - (no file)
ShellIconOverlayIdentifiers-{4d87b7a7-23f1-470c-aa45-96b25b9bd138} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{44520B54-9E1A-420B-AAC8-B53721CBD53F}"=hex:51,66,7a,6c,4c,1d,38,12,3a,08,41,
40,28,d0,65,07,d5,de,f6,77,24,95,91,2b
"{B81767E1-672D-4DA1-B5CC-D277185815A6}"=hex:51,66,7a,6c,4c,1d,38,12,8f,64,04,
bc,1f,29,cf,08,ca,da,91,37,1d,06,51,b2
"{3042DF7A-E900-4389-9B94-923DF0DAA57E}"=hex:51,66,7a,6c,4c,1d,38,12,14,dc,51,
34,32,a7,e7,06,e4,82,d1,7d,f5,84,e1,6a
"{A0154E07-2B48-475C-A82A-80EFD84EA33E}"=hex:51,66,7a,6c,4c,1d,38,12,69,4d,06,
a4,7a,65,32,02,d7,3c,c3,af,dd,10,e7,2a
"{C98D5B61-B0EA-4D48-9839-1079D352D880}"=hex:51,66,7a,6c,4c,1d,38,12,0f,58,9e,
cd,d8,fe,26,08,e7,2f,53,39,d6,0c,9c,94
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{78BA36C9-6036-482B-B48D-ECCA6F964B84}"=hex:51,66,7a,6c,4c,1d,38,12,a7,35,a9,
7c,04,2e,45,0d,cb,9b,af,8a,6a,c8,0f,90
"{B36151D1-7770-4480-87E4-F89FB54E173D}"=hex:51,66,7a,6c,4c,1d,38,12,bf,52,72,
b7,42,39,ee,01,f8,f2,bb,df,b0,10,53,29
"{CF51DE5B-EB36-4114-BB69-84DF63FBADB4}"=hex:51,66,7a,6c,4c,1d,38,12,35,dd,42,
cb,04,a5,7a,04,c4,7f,c7,9f,66,a5,e9,a0
"{06E3475C-5521-4DE8-BB12-50720F21631C}"=hex:51,66,7a,6c,4c,1d,38,12,32,44,f0,
02,13,1b,86,08,c4,04,13,32,0a,7f,27,08
"{11111111-1111-1111-1111-110211181102}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,
15,23,5f,7f,54,6e,07,52,42,14,46,55,16
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2D948797-8FE3-4508-9B6F-4BF349A9EA34}"=hex:51,66,7a,6c,4c,1d,38,12,f9,84,87,
29,d1,c1,66,00,e4,79,08,b3,4c,f7,ae,20
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{48909954-14FB-4971-A7B3-47E7AF10B38A}"=hex:51,66,7a,6c,4c,1d,38,12,3a,9a,83,
4c,c9,5a,1f,0c,d8,a5,04,a7,aa,4e,f7,9e
"{58376892-60E7-4F63-ACA0-0F686AF554D6}"=hex:51,66,7a,6c,4c,1d,38,12,fc,6b,24,
5c,d5,2e,0d,0a,d3,b6,4c,28,6f,ab,10,c2
"{5848763C-2668-44CA-ADBE-2999A6EE2858}"=hex:51,66,7a,6c,4c,1d,38,12,52,75,5b,
5c,5a,68,a4,01,d2,a8,6a,d9,a3,b0,6c,4c
"{5D79F641-C168-40DF-A32F-BACEA7509E75}"=hex:51,66,7a,6c,4c,1d,38,12,2f,f5,6a,
59,5a,8f,b1,05,dc,39,f9,8e,a2,0e,da,61
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{6EB534FB-2001-45C4-B860-BC904865A379}"=hex:51,66,7a,6c,4c,1d,38,12,95,37,a6,
6a,33,6e,aa,00,c7,76,ff,d0,4d,3b,e7,6d
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}"=hex:51,66,7a,6c,4c,1d,38,12,33,9a,b5,
a3,d3,20,bf,0a,dd,4e,0a,79,58,05,bd,88
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870}"=hex:51,66,7a,6c,4c,1d,38,12,b0,dc,45,
af,26,42,dd,00,e2,e0,38,4e,bf,3f,3c,64
"{B7ACDF9C-C4F9-4D5D-998E-B147866B4D4C}"=hex:51,66,7a,6c,4c,1d,38,12,f2,dc,bf,
b3,cb,8a,33,08,e6,98,f2,07,83,35,09,58
"{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}"=hex:51,66,7a,6c,4c,1d,38,12,fb,ff,52,
cf,81,bf,f9,02,f4,a0,53,52,fa,3c,ef,ae
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{DD9475F4-A228-4E22-8D37-4B52C2054C31}"=hex:51,66,7a,6c,4c,1d,38,12,9a,76,87,
d9,1a,ec,4c,0b,f2,21,08,12,c7,5b,08,25
"{DF22384F-CF68-4D19-969F-10423715528B}"=hex:51,66,7a,6c,4c,1d,38,12,21,3b,31,
db,5a,81,77,08,e9,89,53,02,32,4b,16,9f
"{F149B372-5830-4D88-B8F6-2853D12C1AF5}"=hex:51,66,7a,6c,4c,1d,38,12,1c,b0,5a,
f5,02,16,e6,08,c7,e0,6b,13,d4,72,5e,e1
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:1a,d7,99,d4,7a,2b,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_ 8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2013-09-30 19:17:07 - machine was rebooted
ComboFix-quarantined-files.txt 2013-09-30 23:17
ComboFix2.txt 2013-09-30 19:17
ComboFix3.txt 2013-04-04 18:05
.
Pre-Run: 434,872,721,408 bytes free
Post-Run: 434,607,075,328 bytes free
.
- - End Of File - - 9B7EE95E4E7B35288A8A9E9EAD1AE4FA
Upload was successful
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,623 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
01-Oct-2013, 04:11 AM #8
OK a bit more to do
Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)

Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished

Close any open browsers
Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.







This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply .


Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Mack V's Avatar
Mack V Mack V is offline
Member with 111 posts.
THREAD STARTER
 
Join Date: May 2002
01-Oct-2013, 05:50 AM #9
ComboFix 13-09-30.02 - Gerri 10/01/2013 5:24.5.2 - x64
Running from: c:\users\Gerri\Desktop\ComboFix.exe
Command switches used :: c:\users\Gerri\Desktop\CFScript.txt
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Browsersafeguard
c:\program files (x86)\Browsersafeguard\install.log
c:\program files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe
c:\program files (x86)\InboxAce_1g
c:\program files (x86)\InboxAce_1g\bar\1.bin\1gauxstb.dll
c:\program files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll
c:\program files (x86)\InboxAce_1g\bar\1.bin\1gbarsvc.exe
c:\program files (x86)\InboxAce_1g\bar\1.bin\1gbprtct.dll
c:\program files (x86)\InboxAce_1g\bar\1.bin\1gbrmon.exe
c:\program files (x86)\InboxAce_1g\bar\1.bin\1gbrstub.dll
c:\program files (x86)\InboxAce_1g\bar\1.bin\1gdatact.dll
c:\program files (x86)\InboxAce_1g\bar\1.bin\1gdlghk.dll
c:\program files (x86)\InboxAce_1g\bar\1.bin\1gdyn.dll
c:\program files (x86)\InboxAce_1g\bar\1.bin\1gfeedmg.dll
c:\program files (x86)\InboxAce_1g\bar\1.bin\1ghighin.exe
c:\program files (x86)\InboxAce_1g\bar\1.bin\1ghkstub.dll
c:\program files (x86)\InboxAce_1g\bar\1.bin\1ghtmlmu.dll
c:\program files (x86)\InboxAce_1g\bar\1.bin\1ghttpct.dll
c:\program files (x86)\InboxAce_1g\bar\1.bin\1gidle.dll
c:\program files (x86)\InboxAce_1g\bar\1.bin\1gieovr.dll
c:\program files (x86)\InboxAce_1g\bar\1.bin\1gimpipe.exe
c:\program files (x86)\InboxAce_1g\bar\1.bin\1gmedint.exe
c:\program files (x86)\InboxAce_1g\bar\1.bin\1gmlbtn.dll
c:\program files (x86)\InboxAce_1g\bar\1.bin\1gmsg.dll
c:\program files (x86)\InboxAce_1g\bar\1.bin\1gPlugin.dll
c:\program files (x86)\InboxAce_1g\bar\1.bin\1gradio.dll
c:\program files (x86)\InboxAce_1g\bar\1.bin\1gregfft.dll
c:\program files (x86)\InboxAce_1g\bar\1.bin\1greghk.dll
c:\program files (x86)\InboxAce_1g\bar\1.bin\1gregiet.dll
c:\program files (x86)\InboxAce_1g\bar\1.bin\1gscript.dll
c:\program files (x86)\InboxAce_1g\bar\1.bin\1gskin.dll
c:\program files (x86)\InboxAce_1g\bar\1.bin\1gsknlcr.dll
c:\program files (x86)\InboxAce_1g\bar\1.bin\1gskplay.exe
c:\program files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll
c:\program files (x86)\InboxAce_1g\bar\1.bin\1gSrchMn.exe
c:\program files (x86)\InboxAce_1g\bar\1.bin\1gtpinst.dll
c:\program files (x86)\InboxAce_1g\bar\1.bin\1guabtn.dll
c:\program files (x86)\InboxAce_1g\bar\1.bin\AppIntegrator64.exe
c:\program files (x86)\InboxAce_1g\bar\1.bin\AppIntegratorStub64.dll
c:\program files (x86)\InboxAce_1g\bar\1.bin\BOOTSTRAP.JS
c:\program files (x86)\InboxAce_1g\bar\1.bin\CHROME.MANIFEST
c:\program files (x86)\InboxAce_1g\bar\1.bin\chrome\1gffxtbr.jar
c:\program files (x86)\InboxAce_1g\bar\1.bin\CREXT.DLL
c:\program files (x86)\InboxAce_1g\bar\1.bin\CrExtP1g.exe
c:\program files (x86)\InboxAce_1g\bar\1.bin\DPNMNGR.DLL
c:\program files (x86)\InboxAce_1g\bar\1.bin\EXEMANAGER.DLL
c:\program files (x86)\InboxAce_1g\bar\1.bin\Hpg64.dll
c:\program files (x86)\InboxAce_1g\bar\1.bin\INSTALL.RDF
c:\program files (x86)\InboxAce_1g\bar\1.bin\installKeys.js
c:\program files (x86)\InboxAce_1g\bar\1.bin\LOGO.BMP
c:\program files (x86)\InboxAce_1g\bar\1.bin\NP1gStub.dll
c:\program files (x86)\InboxAce_1g\bar\1.bin\T8EXTEX.DLL
c:\program files (x86)\InboxAce_1g\bar\1.bin\T8EXTPEX.DLL
c:\program files (x86)\InboxAce_1g\bar\1.bin\T8HTML.DLL
c:\program files (x86)\InboxAce_1g\bar\1.bin\T8RES.DLL
c:\program files (x86)\InboxAce_1g\bar\1.bin\T8TICKER.DLL
c:\program files (x86)\InboxAce_1g\bar\1.bin\VERIFY.DLL
c:\program files (x86)\InboxAce_1g\bar\gen1\COMMON.T8S
c:\program files (x86)\InboxAce_1g\bar\IE9Mesg\COMMON.T8S
c:\program files (x86)\InboxAce_1g\bar\Message\COMMON.T8S
c:\program files (x86)\InboxAce_1g\bar\Settings\s_pid.dat
c:\program files (x86)\Whilokii
c:\program files (x86)\Whilokii\dlmdlmoekcipeicfbnohedgkglmbhcla.crx
c:\program files (x86)\Whilokii\updateWhilokii.InstallState
c:\program files (x86)\Whilokii\Whilokii.ico
.
.
((((((((((((((((((((((((( Files Created from 2013-09-01 to 2013-10-01 )))))))))))))))))))))))))))))))
.
.
2013-10-01 09:31 . 2013-10-01 09:31 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-10-01 09:31 . 2013-10-01 09:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-10-01 09:31 . 2013-10-01 09:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-01 09:31 . 2013-10-01 09:31 -------- d-----w- c:\users\AppData\AppData\Local\temp
2013-09-30 16:28 . 2013-09-30 16:28 -------- d-----w- c:\program files (x86)\FileOpenerPro
2013-09-30 01:28 . 2013-09-30 18:47 -------- d-----w- c:\users\Gerri\AppData\Local\Deployment
2013-09-30 00:56 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-09-30 00:56 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-09-30 00:56 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-09-30 00:56 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-09-30 00:47 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-09-30 00:47 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-09-30 00:47 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-09-30 00:47 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-09-30 00:47 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-09-30 00:47 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-09-30 00:47 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-09-30 00:27 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
2013-09-30 00:26 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-09-30 00:25 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2013-09-30 00:20 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-09-30 00:20 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-09-30 00:19 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2013-09-30 00:19 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2013-09-29 23:55 . 2013-09-29 23:55 388096 ----a-r- c:\users\Gerri\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-09-29 23:55 . 2013-09-29 23:55 -------- d-----w- c:\program files (x86)\Trend Micro
2013-09-29 23:52 . 2013-09-29 23:52 -------- d-----w- c:\users\Gerri\AppData\Roaming\0D0S1L2Z1P1B
2013-09-29 23:12 . 2013-09-30 18:43 -------- d-----w- C:\AdwCleaner
2013-09-20 23:56 . 2013-09-20 23:56 -------- d-----w- c:\users\Gerri\AppData\Roaming\AVG2014
2013-09-20 23:55 . 2013-09-20 23:55 -------- d-----w- c:\users\Gerri\AppData\Roaming\TuneUp Software
2013-09-20 23:55 . 2013-09-20 23:55 -------- d-----w- C:\$AVG
2013-09-20 23:55 . 2013-09-29 23:24 -------- d-----w- c:\programdata\AVG2014
2013-09-20 23:54 . 2013-09-21 01:10 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Avg2014
2013-09-20 23:39 . 2013-09-21 02:57 -------- d-----w- c:\users\Gerri\AppData\Local\Avg2014
2013-09-20 23:39 . 2013-09-20 23:39 -------- d-----w- c:\users\Gerri\AppData\Local\MFAData
2013-09-20 23:01 . 2013-09-20 23:01 -------- d-----w- c:\program files\CCleaner
2013-09-16 08:14 . 2013-07-04 07:11 829264 ----a-w- c:\windows\system32\msvcr100.dll
2013-09-16 08:14 . 2013-07-04 07:11 608080 ----a-w- c:\windows\system32\msvcp100.dll
2013-09-12 04:52 . 2013-08-10 03:17 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-12 04:52 . 2013-08-10 03:07 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-09-12 04:52 . 2013-08-10 05:20 526336 ----a-w- c:\windows\system32\ieui.dll
2013-09-12 04:52 . 2013-08-10 05:20 356864 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2013-09-12 04:52 . 2013-08-10 03:58 236032 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2013-09-12 04:52 . 2013-08-10 03:58 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-09-12 04:52 . 2013-08-10 05:21 278528 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-09-12 04:52 . 2013-08-10 05:20 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-09-12 04:52 . 2013-08-10 05:20 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-09-12 04:52 . 2013-08-10 03:58 217600 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-09-12 04:52 . 2013-08-10 03:58 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-09-10 23:50 . 2013-08-02 01:59 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-09-10 23:50 . 2013-08-02 01:59 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-09-10 23:50 . 2013-08-02 02:23 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-09-10 23:50 . 2013-08-02 02:15 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-09-09 02:11 . 2013-09-09 02:11 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll
2013-09-02 14:59 . 2013-09-02 14:59 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-09-02 14:29 . 2013-09-02 14:29 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-09-02 14:26 . 2013-09-02 14:26 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-09-02 14:26 . 2013-09-02 14:26 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 23:07 . 2013-03-31 17:32 234544 ----a-w- c:\windows\RegBootClean64.exe
2013-09-19 23:23 . 2012-03-29 00:51 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-19 23:23 . 2011-06-18 11:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-12 04:46 . 2010-01-28 09:42 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-21 02:53 . 2013-08-21 02:53 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-08-02 01:48 . 2013-09-10 23:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-01 20:07 . 2013-08-01 20:07 251192 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-08-01 20:06 . 2013-08-01 20:06 147768 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-07-31 23:30 . 2013-07-31 23:30 22064 ----a-w- c:\windows\DCEBoot64.exe
2013-07-25 09:25 . 2013-08-26 22:32 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-26 22:32 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-26 22:32 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-26 22:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-26 22:33 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-26 22:32 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-26 22:33 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-26 22:33 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-26 22:33 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-26 22:32 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-26 22:33 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-26 22:33 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-26 22:33 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-26 22:33 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-26 22:32 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-21 17:54 . 2013-02-21 17:54 4126720 ----a-w- c:\program files (x86)\GUT2971.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}]
c:\users\Gerri\AppData\Local\TopArcadeHits\Toparcadehits.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-06-16 295512]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-09-16 4851760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru nOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT&inst=NzctN zA5NTU4NzA1LVFJWDErNC1GMTBNMTBEKzItWDIwMTArMi1MSUMrMjItU1AxKzEtU1AxVEIrMS1T VUQrMS1TMUkrMS1TVTMrMS1GTDEwKzEtVFVHKzMtRERUKzk4NzgtREQxMEYrMQ&prod=55&ver= 10.0.1392" [?]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-26 559616]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe ;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIV E\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNA TIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\Wa tAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNA TIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS \avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVER S\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVER S\avgrkx64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys;c:\windows\SYSNATIVE\DRIVERS\Lb d.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNA TIVE\Drivers\PxHlpa64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVER S\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\ windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVER S\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS \avgtdia.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYS NATIVE\drivers\ElRawDsk.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVER S\CtClsFlt.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Driver s\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRI VERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-23 05:03 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 23:23]
.
2013-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 20:51]
.
2013-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 20:51]
.
2013-09-30 c:\windows\Tasks\User_Feed_Synchronization-{C8D32A8E-F5D9-4F28-9F53-A795D8F3D8D2}.job
- c:\windows\system32\msfeedssync.exe [2013-05-07 07:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://yahoo.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
mSearchAssistant = hxxp://www.google.com
mCustomizeSearch = hxxp://www.google.com
Trusted Zone: dell.com
TCP: DhcpNameServer = 216.12.78.10 216.12.78.20
FF - ProfilePath - c:\users\Gerri\AppData\Roaming\Mozilla\Firefox\Profiles\hjglqkxp.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - ExtSQL: 2013-09-26 16:44; firefox@whilokii.net; c:\users\Gerri\AppData\Roaming\Mozilla\Firefox\Profiles\hjglqkxp.default\ex tensions\firefox@whilokii.net.xpi
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{9359da42-06fb-46f2-9e4a-05c05b98a5ef} - c:\program files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll
BHO-{d5a1d22b-9e17-454f-8ecd-83c578fb3983} - c:\progra~2\INBOXA~2\bar\1.bin\1gbar.dll
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{B81767E1-672D-4DA1-B5CC-D277185815A6} - (no file)
ShellIconOverlayIdentifiers-{4d87b7a7-23f1-470c-aa45-96b25b9bd138} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{44520B54-9E1A-420B-AAC8-B53721CBD53F}"=hex:51,66,7a,6c,4c,1d,38,12,3a,08,41,
40,28,d0,65,07,d5,de,f6,77,24,95,91,2b
"{B81767E1-672D-4DA1-B5CC-D277185815A6}"=hex:51,66,7a,6c,4c,1d,38,12,8f,64,04,
bc,1f,29,cf,08,ca,da,91,37,1d,06,51,b2
"{3042DF7A-E900-4389-9B94-923DF0DAA57E}"=hex:51,66,7a,6c,4c,1d,38,12,14,dc,51,
34,32,a7,e7,06,e4,82,d1,7d,f5,84,e1,6a
"{A0154E07-2B48-475C-A82A-80EFD84EA33E}"=hex:51,66,7a,6c,4c,1d,38,12,69,4d,06,
a4,7a,65,32,02,d7,3c,c3,af,dd,10,e7,2a
"{C98D5B61-B0EA-4D48-9839-1079D352D880}"=hex:51,66,7a,6c,4c,1d,38,12,0f,58,9e,
cd,d8,fe,26,08,e7,2f,53,39,d6,0c,9c,94
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{78BA36C9-6036-482B-B48D-ECCA6F964B84}"=hex:51,66,7a,6c,4c,1d,38,12,a7,35,a9,
7c,04,2e,45,0d,cb,9b,af,8a,6a,c8,0f,90
"{B36151D1-7770-4480-87E4-F89FB54E173D}"=hex:51,66,7a,6c,4c,1d,38,12,bf,52,72,
b7,42,39,ee,01,f8,f2,bb,df,b0,10,53,29
"{CF51DE5B-EB36-4114-BB69-84DF63FBADB4}"=hex:51,66,7a,6c,4c,1d,38,12,35,dd,42,
cb,04,a5,7a,04,c4,7f,c7,9f,66,a5,e9,a0
"{06E3475C-5521-4DE8-BB12-50720F21631C}"=hex:51,66,7a,6c,4c,1d,38,12,32,44,f0,
02,13,1b,86,08,c4,04,13,32,0a,7f,27,08
"{11111111-1111-1111-1111-110211181102}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,
15,23,5f,7f,54,6e,07,52,42,14,46,55,16
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2D948797-8FE3-4508-9B6F-4BF349A9EA34}"=hex:51,66,7a,6c,4c,1d,38,12,f9,84,87,
29,d1,c1,66,00,e4,79,08,b3,4c,f7,ae,20
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{48909954-14FB-4971-A7B3-47E7AF10B38A}"=hex:51,66,7a,6c,4c,1d,38,12,3a,9a,83,
4c,c9,5a,1f,0c,d8,a5,04,a7,aa,4e,f7,9e
"{58376892-60E7-4F63-ACA0-0F686AF554D6}"=hex:51,66,7a,6c,4c,1d,38,12,fc,6b,24,
5c,d5,2e,0d,0a,d3,b6,4c,28,6f,ab,10,c2
"{5848763C-2668-44CA-ADBE-2999A6EE2858}"=hex:51,66,7a,6c,4c,1d,38,12,52,75,5b,
5c,5a,68,a4,01,d2,a8,6a,d9,a3,b0,6c,4c
"{5D79F641-C168-40DF-A32F-BACEA7509E75}"=hex:51,66,7a,6c,4c,1d,38,12,2f,f5,6a,
59,5a,8f,b1,05,dc,39,f9,8e,a2,0e,da,61
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{6EB534FB-2001-45C4-B860-BC904865A379}"=hex:51,66,7a,6c,4c,1d,38,12,95,37,a6,
6a,33,6e,aa,00,c7,76,ff,d0,4d,3b,e7,6d
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}"=hex:51,66,7a,6c,4c,1d,38,12,33,9a,b5,
a3,d3,20,bf,0a,dd,4e,0a,79,58,05,bd,88
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870}"=hex:51,66,7a,6c,4c,1d,38,12,b0,dc,45,
af,26,42,dd,00,e2,e0,38,4e,bf,3f,3c,64
"{B7ACDF9C-C4F9-4D5D-998E-B147866B4D4C}"=hex:51,66,7a,6c,4c,1d,38,12,f2,dc,bf,
b3,cb,8a,33,08,e6,98,f2,07,83,35,09,58
"{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}"=hex:51,66,7a,6c,4c,1d,38,12,fb,ff,52,
cf,81,bf,f9,02,f4,a0,53,52,fa,3c,ef,ae
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{DD9475F4-A228-4E22-8D37-4B52C2054C31}"=hex:51,66,7a,6c,4c,1d,38,12,9a,76,87,
d9,1a,ec,4c,0b,f2,21,08,12,c7,5b,08,25
"{DF22384F-CF68-4D19-969F-10423715528B}"=hex:51,66,7a,6c,4c,1d,38,12,21,3b,31,
db,5a,81,77,08,e9,89,53,02,32,4b,16,9f
"{F149B372-5830-4D88-B8F6-2853D12C1AF5}"=hex:51,66,7a,6c,4c,1d,38,12,1c,b0,5a,
f5,02,16,e6,08,c7,e0,6b,13,d4,72,5e,e1
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:1a,d7,99,d4,7a,2b,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_ 8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-01 05:33:25
ComboFix-quarantined-files.txt 2013-10-01 09:33
ComboFix2.txt 2013-09-30 23:26
ComboFix3.txt 2013-09-30 19:17
ComboFix4.txt 2013-04-04 18:05
.
Pre-Run: 434,667,298,816 bytes free
Post-Run: 434,601,914,368 bytes free
.
- - End Of File - - 08321B8C6779A60B3CAC064205CD9C9E
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,623 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
01-Oct-2013, 02:08 PM #10
how is it now
are you having any problems still
Mack V's Avatar
Mack V Mack V is offline
Member with 111 posts.
THREAD STARTER
 
Join Date: May 2002
01-Oct-2013, 08:00 PM #11
I just got back home. I will post back in a day or so. What was the issue?
Mack V's Avatar
Mack V Mack V is offline
Member with 111 posts.
THREAD STARTER
 
Join Date: May 2002
01-Oct-2013, 08:20 PM #12
I just got back home. Too early to tell. I will post back in a day or so. What was the issue?
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,623 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
02-Oct-2013, 04:27 AM #13
you had various adware components on the computer that cause pop up ads & insert ads into webpages you are viewing
they normally get stealthily installed along with some so-called "must have" program that was downloaded and you didn't read the EULA that said they would be installed
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑