1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

help with log file

Discussion in 'Virus & Other Malware Removal' started by Mack V, Sep 29, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Mack V

    Mack V Thread Starter

    Joined:
    May 5, 2002
    Messages:
    111
    Any help is greatly appreciated. My aunts computer is running very slow with pop ups and programs not responding.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:02:42 PM, on 9/29/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v10.0 (10.00.9200.16686)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\AVG\AVG2014\avgui.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\SysWOW64\DllHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - - (no file)
    R3 - URLSearchHook: (no name) - {5fdb0cd8-5760-44d1-8d13-a78bf558c3c7} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll
    O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Search Assistant BHO - {9359da42-06fb-46f2-9e4a-05c05b98a5ef} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll
    O2 - BHO: Toolbar BHO - {d5a1d22b-9e17-454f-8ecd-83c578fb3983} - C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: (no name) - {e86e69ac-a2ce-415a-967e-70ded47d72e2} - (no file)
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: (no name) - {10834e9a-d475-4a24-ad01-f3f24f71b28e} - (no file)
    O3 - Toolbar: InboxAce - {3775afd7-5921-4571-968f-85a631203d1c} - C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
    O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT"&"inst=NzctNzA5NTU4NzA1LVFJWDErNC1GMTBNMTBEKzItWDIwMTArMi1MSUMrMjItU1AxKzEtU1AxVEIrMS1TVUQrMS1TMUkrMS1TVTMrMS1GTDEwKzEtVFVHKzMtRERUKzk4NzgtREQxMEYrMQ"&"prod=55"&"ver=10.0.1392
    O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InboxAceService (InboxAce_1gService) - COMPANYVERS_NAME - C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 10150 bytes
     
  2. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,806
    Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and double click on this icon on your desktop:

    [​IMG]

    You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.


    [​IMG]
     
  3. Mack V

    Mack V Thread Starter

    Joined:
    May 5, 2002
    Messages:
    111
    Thank you so much for any help.


    # AdwCleaner v3.005 - Report created 30/09/2013 at 12:32:09
    # Updated 22/09/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Gerri - GERRI-PC
    # Running from : C:\Users\Gerri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LLEXD995\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\BitGuard
    Folder Deleted : C:\ProgramData\DSearchLink
    Folder Deleted : C:\Program Files (x86)\openit
    Folder Deleted : C:\Users\Gerri\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Gerri\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh
    Folder Deleted : C:\Users\Gerri\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj
    File Deleted : C:\Users\Gerri\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Key Deleted : HKCU\Software\5a28f8be66ee512
    Key Deleted : HKLM\SOFTWARE\5a28f8be66ee512
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\BabSolution

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16686


    -\\ Mozilla Firefox v24.0 (en-US)

    [ File : C:\Users\Gerri\AppData\Roaming\Mozilla\Firefox\Profiles\hjglqkxp.default\prefs.js ]


    -\\ Google Chrome v29.0.1547.76

    [ File : C:\Users\Gerri\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [8501 octets] - [29/09/2013 19:12:36]
    AdwCleaner[R1].txt - [2246 octets] - [30/09/2013 12:31:27]
    AdwCleaner[S0].txt - [7581 octets] - [29/09/2013 19:13:28]
    AdwCleaner[S1].txt - [1965 octets] - [30/09/2013 12:32:09]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2025 octets] ##########
     
  4. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,806
    run adwcleaner again please in clean mode then after it reboots then please

    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  5. Mack V

    Mack V Thread Starter

    Joined:
    May 5, 2002
    Messages:
    111
    ComboFix 13-09-30.02 - Gerri 09/30/2013 15:07:24.3.2 - x64
    Running from: c:\users\Gerri\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Microsoft\Windows\DRM\73A9.tmp
    c:\programdata\Microsoft\Windows\DRM\75ED.tmp
    c:\programdata\Microsoft\Windows\DRM\C572.tmp
    c:\users\Gerri\AppData\Local\Google\Chrome\User Data\Default\preferences
    c:\users\Gerri\AppData\Local\TopArcadeHits
    c:\users\Gerri\AppData\Local\TopArcadeHits\tah.config
    c:\users\Gerri\AppData\Local\TopArcadeHits\Toparcadehits.dll
    c:\users\Gerri\AppData\Local\TopArcadeHits\uninstaller.exe
    c:\users\Gerri\AppData\Local\TopArcadeHits\updater.exe
    c:\users\Gerri\Documents\~WRL0005.tmp
    c:\users\Gerri\Documents\~WRL0656.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-08-28 to 2013-09-30 )))))))))))))))))))))))))))))))
    .
    .
    2013-09-30 19:14 . 2013-09-30 19:14 -------- d-----w- c:\users\Public\AppData\Local\temp
    2013-09-30 19:14 . 2013-09-30 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-09-30 19:14 . 2013-09-30 19:14 -------- d-----w- c:\users\AppData\AppData\Local\temp
    2013-09-30 19:14 . 2013-09-30 19:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2013-09-30 19:01 . 2013-09-30 19:02 -------- d-----w- C:\32788R22FWJFW
    2013-09-30 16:28 . 2013-09-30 16:28 -------- d-----w- c:\program files (x86)\FileOpenerPro
    2013-09-30 01:28 . 2013-09-30 18:47 -------- d-----w- c:\users\Gerri\AppData\Local\Deployment
    2013-09-30 00:56 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2013-09-30 00:56 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2013-09-30 00:56 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2013-09-30 00:56 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2013-09-30 00:47 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
    2013-09-30 00:47 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2013-09-30 00:47 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2013-09-30 00:47 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2013-09-30 00:47 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
    2013-09-30 00:47 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
    2013-09-30 00:47 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2013-09-30 00:27 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
    2013-09-30 00:26 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
    2013-09-30 00:25 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
    2013-09-30 00:20 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
    2013-09-30 00:20 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
    2013-09-30 00:19 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
    2013-09-30 00:19 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
    2013-09-29 23:55 . 2013-09-29 23:55 388096 ----a-r- c:\users\Gerri\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2013-09-29 23:55 . 2013-09-29 23:55 -------- d-----w- c:\program files (x86)\Trend Micro
    2013-09-29 23:52 . 2013-09-29 23:52 -------- d-----w- c:\users\Gerri\AppData\Roaming\0D0S1L2Z1P1B
    2013-09-29 23:31 . 2013-09-29 23:35 -------- d-----w- c:\program files (x86)\Browsersafeguard
    2013-09-29 23:23 . 2013-09-29 23:52 -------- d-----w- c:\program files (x86)\Whilokii
    2013-09-29 23:12 . 2013-09-30 18:43 -------- d-----w- C:\AdwCleaner
    2013-09-20 23:56 . 2013-09-20 23:56 -------- d-----w- c:\users\Gerri\AppData\Roaming\AVG2014
    2013-09-20 23:55 . 2013-09-20 23:55 -------- d-----w- c:\users\Gerri\AppData\Roaming\TuneUp Software
    2013-09-20 23:55 . 2013-09-20 23:55 -------- d-----w- C:\$AVG
    2013-09-20 23:55 . 2013-09-29 23:24 -------- d-----w- c:\programdata\AVG2014
    2013-09-20 23:54 . 2013-09-21 01:10 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Avg2014
    2013-09-20 23:39 . 2013-09-21 02:57 -------- d-----w- c:\users\Gerri\AppData\Local\Avg2014
    2013-09-20 23:39 . 2013-09-20 23:39 -------- d-----w- c:\users\Gerri\AppData\Local\MFAData
    2013-09-20 23:01 . 2013-09-20 23:01 -------- d-----w- c:\program files\CCleaner
    2013-09-16 08:14 . 2013-07-04 07:11 829264 ----a-w- c:\windows\system32\msvcr100.dll
    2013-09-16 08:14 . 2013-07-04 07:11 608080 ----a-w- c:\windows\system32\msvcp100.dll
    2013-09-12 04:52 . 2013-08-10 03:17 2706432 ----a-w- c:\windows\system32\mshtml.tlb
    2013-09-12 04:52 . 2013-08-10 03:07 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2013-09-12 04:52 . 2013-08-10 05:20 526336 ----a-w- c:\windows\system32\ieui.dll
    2013-09-12 04:52 . 2013-08-10 05:20 356864 ----a-w- c:\program files\Internet Explorer\IEShims.dll
    2013-09-12 04:52 . 2013-08-10 03:58 236032 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
    2013-09-12 04:52 . 2013-08-10 03:58 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
    2013-09-12 04:52 . 2013-08-10 05:21 278528 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
    2013-09-12 04:52 . 2013-08-10 05:20 67072 ----a-w- c:\windows\system32\iesetup.dll
    2013-09-12 04:52 . 2013-08-10 05:20 39936 ----a-w- c:\windows\system32\iernonce.dll
    2013-09-12 04:52 . 2013-08-10 03:58 217600 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
    2013-09-12 04:52 . 2013-08-10 03:58 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
    2013-09-10 23:50 . 2013-08-02 01:59 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-09-10 23:50 . 2013-08-02 01:59 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-09-10 23:50 . 2013-08-02 02:23 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-09-10 23:50 . 2013-08-02 02:15 1732032 ----a-w- c:\windows\system32\ntdll.dll
    2013-09-09 02:11 . 2013-09-09 02:11 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
    2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll
    2013-09-02 14:59 . 2013-09-02 14:59 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
    2013-09-02 14:29 . 2013-09-02 14:29 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
    2013-09-02 14:26 . 2013-09-02 14:26 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys
    2013-09-02 14:26 . 2013-09-02 14:26 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-09-20 23:07 . 2013-03-31 17:32 234544 ----a-w- c:\windows\RegBootClean64.exe
    2013-09-19 23:23 . 2012-03-29 00:51 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-09-19 23:23 . 2011-06-18 11:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-09-12 04:46 . 2010-01-28 09:42 79143768 ----a-w- c:\windows\system32\MRT.exe
    2013-08-21 02:53 . 2013-08-21 02:53 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
    2013-08-02 01:48 . 2013-09-10 23:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2013-08-01 20:07 . 2013-08-01 20:07 251192 ----a-w- c:\windows\system32\drivers\avgtdia.sys
    2013-08-01 20:06 . 2013-08-01 20:06 147768 ----a-w- c:\windows\system32\drivers\avgdiska.sys
    2013-07-31 23:30 . 2013-07-31 23:30 22064 ----a-w- c:\windows\DCEBoot64.exe
    2013-07-25 09:25 . 2013-08-26 22:32 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2013-07-25 08:57 . 2013-08-26 22:32 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
    2013-07-19 01:58 . 2013-08-26 22:32 2048 ----a-w- c:\windows\system32\tzres.dll
    2013-07-19 01:41 . 2013-08-26 22:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2013-07-09 05:52 . 2013-08-26 22:33 224256 ----a-w- c:\windows\system32\wintrust.dll
    2013-07-09 05:51 . 2013-08-26 22:32 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
    2013-07-09 05:46 . 2013-08-26 22:33 1472512 ----a-w- c:\windows\system32\crypt32.dll
    2013-07-09 05:46 . 2013-08-26 22:33 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2013-07-09 05:46 . 2013-08-26 22:33 139776 ----a-w- c:\windows\system32\cryptnet.dll
    2013-07-09 04:52 . 2013-08-26 22:32 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
    2013-07-09 04:52 . 2013-08-26 22:33 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
    2013-07-09 04:46 . 2013-08-26 22:33 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2013-07-09 04:46 . 2013-08-26 22:33 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
    2013-07-09 04:46 . 2013-08-26 22:33 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2013-07-06 06:03 . 2013-08-26 22:32 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-02-21 17:54 . 2013-02-21 17:54 4126720 ----a-w- c:\program files (x86)\GUT2971.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9359da42-06fb-46f2-9e4a-05c05b98a5ef}]
    2013-07-20 17:15 62864 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{d5a1d22b-9e17-454f-8ecd-83c578fb3983}]
    2013-07-20 17:15 712264 ----a-w- c:\progra~2\INBOXA~2\bar\1.bin\1gbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{3775afd7-5921-4571-968f-85a631203d1c}"= "c:\program files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll" [2013-07-20 712264]
    .
    [HKEY_CLASSES_ROOT\clsid\{3775afd7-5921-4571-968f-85a631203d1c}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK]
    @="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
    [HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
    2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-06-16 295512]
    "AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-09-16 4851760]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT&inst=NzctNzA5NTU4NzA1LVFJWDErNC1GMTBNMTBEKzItWDIwMTArMi1MSUMrMjItU1AxKzEtU1AxVEIrMS1TVUQrMS1TMUkrMS1TVTMrMS1GTDEwKzEtVFVHKzMtRERUKzk4NzgtREQxMEYrMQ&prod=55&ver=10.0.1392" [?]
    "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-26 559616]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
    S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
    S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys;c:\windows\SYSNATIVE\DRIVERS\Lbd.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
    S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
    S2 InboxAce_1gService;InboxAceService;c:\progra~2\INBOXA~2\bar\1.bin\1gbarsvc.exe;c:\progra~2\INBOXA~2\bar\1.bin\1gbarsvc.exe [x]
    S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-09-23 05:03 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 23:23]
    .
    2013-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 20:51]
    .
    2013-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 20:51]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK]
    @="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
    [HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
    2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
    "InboxAce Home Page Guard 64 bit"="c:\progra~2\INBOXA~2\bar\1.bin\AppIntegrator64.exe" [2013-07-20 548936]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://yahoo.com/
    mLocal Page = c:\windows\system32\blank.htm
    uInternet Settings,ProxyOverride = <-loopback>
    mSearchAssistant = hxxp://www.google.com
    mCustomizeSearch = hxxp://www.google.com
    Trusted Zone: dell.com
    TCP: DhcpNameServer = 216.12.78.10 216.12.78.20
    FF - ProfilePath - c:\users\Gerri\AppData\Roaming\Mozilla\Firefox\Profiles\hjglqkxp.default\
    FF - prefs.js: browser.startup.homepage - yahoo.com
    FF - ExtSQL: 2013-09-26 16:44; [email protected]; c:\users\Gerri\AppData\Roaming\Mozilla\Firefox\Profiles\hjglqkxp.default\extensions\[email protected]
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - c:\users\Gerri\AppData\Local\TopArcadeHits\Toparcadehits.dll
    Toolbar-Locked - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    ShellIconOverlayIdentifiers-{4d87b7a7-23f1-470c-aa45-96b25b9bd138} - (no file)
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    WebBrowser-{B81767E1-672D-4DA1-B5CC-D277185815A6} - (no file)
    ShellIconOverlayIdentifiers-{4d87b7a7-23f1-470c-aa45-96b25b9bd138} - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-Define Ext - c:\users\Gerri\AppData\Local\DefineExt\uninst.exe
    AddRemove-Zip Extractor Packages - c:\users\Gerri\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe
    AddRemove-{C1C3E833-420E-4D78-9BA7-86AEBB272384} - c:\users\Gerri\AppData\Local\TopArcadeHits\uninstaller.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
    7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
    "{44520B54-9E1A-420B-AAC8-B53721CBD53F}"=hex:51,66,7a,6c,4c,1d,38,12,3a,08,41,
    40,28,d0,65,07,d5,de,f6,77,24,95,91,2b
    "{B81767E1-672D-4DA1-B5CC-D277185815A6}"=hex:51,66,7a,6c,4c,1d,38,12,8f,64,04,
    bc,1f,29,cf,08,ca,da,91,37,1d,06,51,b2
    "{3042DF7A-E900-4389-9B94-923DF0DAA57E}"=hex:51,66,7a,6c,4c,1d,38,12,14,dc,51,
    34,32,a7,e7,06,e4,82,d1,7d,f5,84,e1,6a
    "{A0154E07-2B48-475C-A82A-80EFD84EA33E}"=hex:51,66,7a,6c,4c,1d,38,12,69,4d,06,
    a4,7a,65,32,02,d7,3c,c3,af,dd,10,e7,2a
    "{C98D5B61-B0EA-4D48-9839-1079D352D880}"=hex:51,66,7a,6c,4c,1d,38,12,0f,58,9e,
    cd,d8,fe,26,08,e7,2f,53,39,d6,0c,9c,94
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
    27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
    "{78BA36C9-6036-482B-B48D-ECCA6F964B84}"=hex:51,66,7a,6c,4c,1d,38,12,a7,35,a9,
    7c,04,2e,45,0d,cb,9b,af,8a,6a,c8,0f,90
    "{B36151D1-7770-4480-87E4-F89FB54E173D}"=hex:51,66,7a,6c,4c,1d,38,12,bf,52,72,
    b7,42,39,ee,01,f8,f2,bb,df,b0,10,53,29
    "{CF51DE5B-EB36-4114-BB69-84DF63FBADB4}"=hex:51,66,7a,6c,4c,1d,38,12,35,dd,42,
    cb,04,a5,7a,04,c4,7f,c7,9f,66,a5,e9,a0
    "{06E3475C-5521-4DE8-BB12-50720F21631C}"=hex:51,66,7a,6c,4c,1d,38,12,32,44,f0,
    02,13,1b,86,08,c4,04,13,32,0a,7f,27,08
    "{11111111-1111-1111-1111-110211181102}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,
    15,23,5f,7f,54,6e,07,52,42,14,46,55,16
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{2D948797-8FE3-4508-9B6F-4BF349A9EA34}"=hex:51,66,7a,6c,4c,1d,38,12,f9,84,87,
    29,d1,c1,66,00,e4,79,08,b3,4c,f7,ae,20
    "{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
    34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
    "{48909954-14FB-4971-A7B3-47E7AF10B38A}"=hex:51,66,7a,6c,4c,1d,38,12,3a,9a,83,
    4c,c9,5a,1f,0c,d8,a5,04,a7,aa,4e,f7,9e
    "{58376892-60E7-4F63-ACA0-0F686AF554D6}"=hex:51,66,7a,6c,4c,1d,38,12,fc,6b,24,
    5c,d5,2e,0d,0a,d3,b6,4c,28,6f,ab,10,c2
    "{5848763C-2668-44CA-ADBE-2999A6EE2858}"=hex:51,66,7a,6c,4c,1d,38,12,52,75,5b,
    5c,5a,68,a4,01,d2,a8,6a,d9,a3,b0,6c,4c
    "{5D79F641-C168-40DF-A32F-BACEA7509E75}"=hex:51,66,7a,6c,4c,1d,38,12,2f,f5,6a,
    59,5a,8f,b1,05,dc,39,f9,8e,a2,0e,da,61
    "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
    64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
    "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
    69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
    "{6EB534FB-2001-45C4-B860-BC904865A379}"=hex:51,66,7a,6c,4c,1d,38,12,95,37,a6,
    6a,33,6e,aa,00,c7,76,ff,d0,4d,3b,e7,6d
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}"=hex:51,66,7a,6c,4c,1d,38,12,33,9a,b5,
    a3,d3,20,bf,0a,dd,4e,0a,79,58,05,bd,88
    "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
    ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
    "{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870}"=hex:51,66,7a,6c,4c,1d,38,12,b0,dc,45,
    af,26,42,dd,00,e2,e0,38,4e,bf,3f,3c,64
    "{B7ACDF9C-C4F9-4D5D-998E-B147866B4D4C}"=hex:51,66,7a,6c,4c,1d,38,12,f2,dc,bf,
    b3,cb,8a,33,08,e6,98,f2,07,83,35,09,58
    "{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}"=hex:51,66,7a,6c,4c,1d,38,12,fb,ff,52,
    cf,81,bf,f9,02,f4,a0,53,52,fa,3c,ef,ae
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{DD9475F4-A228-4E22-8D37-4B52C2054C31}"=hex:51,66,7a,6c,4c,1d,38,12,9a,76,87,
    d9,1a,ec,4c,0b,f2,21,08,12,c7,5b,08,25
    "{DF22384F-CF68-4D19-969F-10423715528B}"=hex:51,66,7a,6c,4c,1d,38,12,21,3b,31,
    db,5a,81,77,08,e9,89,53,02,32,4b,16,9f
    "{F149B372-5830-4D88-B8F6-2853D12C1AF5}"=hex:51,66,7a,6c,4c,1d,38,12,1c,b0,5a,
    f5,02,16,e6,08,c7,e0,6b,13,d4,72,5e,e1
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:1a,d7,99,d4,7a,2b,ce,01
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
    @="131473"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-09-30 15:17:11
    ComboFix-quarantined-files.txt 2013-09-30 19:17
    ComboFix2.txt 2013-04-04 18:05
    .
    - - End Of File - - 8B7C7220537BC8906D5ADC586807CEC2
     
  6. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,806
    Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)
    Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished
    Close any open browsers
    Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.



    [​IMG]



    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply


    Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum

    This will create a zip file inside C:\QooBox\quarantine named something like [38][email protected]

    at the end it will pop up an alert & open your browser and ask you to send the zip file

    please follow those instructions. We need to see the zip file before we can carry on with the fix

    If there is no pop up alert or open browser then

    please go to http://www.bleepingcomputer.com/submit-malware.php?channel=38

    Files to submit:
    the zip file inside C:\QooBox\quarantine created by combofix named something like [38][email protected]
     

    Attached Files:

  7. Mack V

    Mack V Thread Starter

    Joined:
    May 5, 2002
    Messages:
    111
    ComboFix 13-09-30.02 - Gerri 09/30/2013 18:55:14.4.2 - x64
    Running from: c:\users\Gerri\Desktop\ComboFix.exe
    Command switches used :: c:\users\Gerri\Desktop\CFScript.txt
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_InboxAce_1gService
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-08-28 to 2013-09-30 )))))))))))))))))))))))))))))))
    .
    .
    2013-09-30 23:03 . 2013-09-30 23:03 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2013-09-30 23:03 . 2013-09-30 23:03 -------- d-----w- c:\users\Public\AppData\Local\temp
    2013-09-30 23:03 . 2013-09-30 23:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-09-30 23:03 . 2013-09-30 23:03 -------- d-----w- c:\users\AppData\AppData\Local\temp
    2013-09-30 16:28 . 2013-09-30 16:28 -------- d-----w- c:\program files (x86)\FileOpenerPro
    2013-09-30 01:28 . 2013-09-30 18:47 -------- d-----w- c:\users\Gerri\AppData\Local\Deployment
    2013-09-30 00:56 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2013-09-30 00:56 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2013-09-30 00:56 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2013-09-30 00:56 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2013-09-30 00:47 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
    2013-09-30 00:47 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2013-09-30 00:47 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2013-09-30 00:47 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2013-09-30 00:47 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
    2013-09-30 00:47 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
    2013-09-30 00:47 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2013-09-30 00:27 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
    2013-09-30 00:26 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
    2013-09-30 00:25 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
    2013-09-30 00:20 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
    2013-09-30 00:20 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
    2013-09-30 00:19 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
    2013-09-30 00:19 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
    2013-09-29 23:55 . 2013-09-29 23:55 388096 ----a-r- c:\users\Gerri\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2013-09-29 23:55 . 2013-09-29 23:55 -------- d-----w- c:\program files (x86)\Trend Micro
    2013-09-29 23:52 . 2013-09-29 23:52 -------- d-----w- c:\users\Gerri\AppData\Roaming\0D0S1L2Z1P1B
    2013-09-29 23:31 . 2013-09-29 23:35 -------- d-----w- c:\program files (x86)\Browsersafeguard
    2013-09-29 23:23 . 2013-09-29 23:52 -------- d-----w- c:\program files (x86)\Whilokii
    2013-09-29 23:12 . 2013-09-30 18:43 -------- d-----w- C:\AdwCleaner
    2013-09-20 23:56 . 2013-09-20 23:56 -------- d-----w- c:\users\Gerri\AppData\Roaming\AVG2014
    2013-09-20 23:55 . 2013-09-20 23:55 -------- d-----w- c:\users\Gerri\AppData\Roaming\TuneUp Software
    2013-09-20 23:55 . 2013-09-20 23:55 -------- d-----w- C:\$AVG
    2013-09-20 23:55 . 2013-09-29 23:24 -------- d-----w- c:\programdata\AVG2014
    2013-09-20 23:54 . 2013-09-21 01:10 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Avg2014
    2013-09-20 23:39 . 2013-09-21 02:57 -------- d-----w- c:\users\Gerri\AppData\Local\Avg2014
    2013-09-20 23:39 . 2013-09-20 23:39 -------- d-----w- c:\users\Gerri\AppData\Local\MFAData
    2013-09-20 23:01 . 2013-09-20 23:01 -------- d-----w- c:\program files\CCleaner
    2013-09-16 08:14 . 2013-07-04 07:11 829264 ----a-w- c:\windows\system32\msvcr100.dll
    2013-09-16 08:14 . 2013-07-04 07:11 608080 ----a-w- c:\windows\system32\msvcp100.dll
    2013-09-12 04:52 . 2013-08-10 03:17 2706432 ----a-w- c:\windows\system32\mshtml.tlb
    2013-09-12 04:52 . 2013-08-10 03:07 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2013-09-12 04:52 . 2013-08-10 05:20 526336 ----a-w- c:\windows\system32\ieui.dll
    2013-09-12 04:52 . 2013-08-10 05:20 356864 ----a-w- c:\program files\Internet Explorer\IEShims.dll
    2013-09-12 04:52 . 2013-08-10 03:58 236032 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
    2013-09-12 04:52 . 2013-08-10 03:58 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
    2013-09-12 04:52 . 2013-08-10 05:21 278528 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
    2013-09-12 04:52 . 2013-08-10 05:20 67072 ----a-w- c:\windows\system32\iesetup.dll
    2013-09-12 04:52 . 2013-08-10 05:20 39936 ----a-w- c:\windows\system32\iernonce.dll
    2013-09-12 04:52 . 2013-08-10 03:58 217600 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
    2013-09-12 04:52 . 2013-08-10 03:58 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
    2013-09-10 23:50 . 2013-08-02 01:59 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-09-10 23:50 . 2013-08-02 01:59 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-09-10 23:50 . 2013-08-02 02:23 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-09-10 23:50 . 2013-08-02 02:15 1732032 ----a-w- c:\windows\system32\ntdll.dll
    2013-09-09 02:11 . 2013-09-09 02:11 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
    2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll
    2013-09-02 14:59 . 2013-09-02 14:59 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
    2013-09-02 14:29 . 2013-09-02 14:29 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
    2013-09-02 14:26 . 2013-09-02 14:26 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys
    2013-09-02 14:26 . 2013-09-02 14:26 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-09-20 23:07 . 2013-03-31 17:32 234544 ----a-w- c:\windows\RegBootClean64.exe
    2013-09-19 23:23 . 2012-03-29 00:51 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-09-19 23:23 . 2011-06-18 11:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-09-12 04:46 . 2010-01-28 09:42 79143768 ----a-w- c:\windows\system32\MRT.exe
    2013-08-21 02:53 . 2013-08-21 02:53 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
    2013-08-02 01:48 . 2013-09-10 23:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2013-08-01 20:07 . 2013-08-01 20:07 251192 ----a-w- c:\windows\system32\drivers\avgtdia.sys
    2013-08-01 20:06 . 2013-08-01 20:06 147768 ----a-w- c:\windows\system32\drivers\avgdiska.sys
    2013-07-31 23:30 . 2013-07-31 23:30 22064 ----a-w- c:\windows\DCEBoot64.exe
    2013-07-25 09:25 . 2013-08-26 22:32 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2013-07-25 08:57 . 2013-08-26 22:32 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
    2013-07-19 01:58 . 2013-08-26 22:32 2048 ----a-w- c:\windows\system32\tzres.dll
    2013-07-19 01:41 . 2013-08-26 22:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2013-07-09 05:52 . 2013-08-26 22:33 224256 ----a-w- c:\windows\system32\wintrust.dll
    2013-07-09 05:51 . 2013-08-26 22:32 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
    2013-07-09 05:46 . 2013-08-26 22:33 1472512 ----a-w- c:\windows\system32\crypt32.dll
    2013-07-09 05:46 . 2013-08-26 22:33 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2013-07-09 05:46 . 2013-08-26 22:33 139776 ----a-w- c:\windows\system32\cryptnet.dll
    2013-07-09 04:52 . 2013-08-26 22:32 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
    2013-07-09 04:52 . 2013-08-26 22:33 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
    2013-07-09 04:46 . 2013-08-26 22:33 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2013-07-09 04:46 . 2013-08-26 22:33 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
    2013-07-09 04:46 . 2013-08-26 22:33 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2013-07-06 06:03 . 2013-08-26 22:32 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-02-21 17:54 . 2013-02-21 17:54 4126720 ----a-w- c:\program files (x86)\GUT2971.tmp
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of c:\program files (x86)\Browsersafeguard ----
    .
    2013-09-29 23:31 . 2013-09-29 23:35 547 ----a-w- c:\program files (x86)\Browsersafeguard\install.log
    2013-09-29 23:31 . 2013-09-29 23:31 2375680 ----a-w- c:\program files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe
    .
    ---- Directory of c:\program files (x86)\InboxAce_1g ----
    .
    2013-07-20 17:15 . 2013-07-20 17:15 34 ----a-w- c:\program files (x86)\InboxAce_1g\bar\Settings\s_pid.dat
    2013-07-20 17:15 . 2013-07-20 17:15 446747 ----a-w- c:\program files (x86)\InboxAce_1g\bar\IE9Mesg\COMMON.T8S
    2013-07-20 17:15 . 2013-07-20 17:15 1547 ----a-w- c:\program files (x86)\InboxAce_1g\bar\gen1\COMMON.T8S
    2013-07-20 17:15 . 2013-07-20 17:15 89451 ----a-w- c:\program files (x86)\InboxAce_1g\bar\Message\COMMON.T8S
    2013-07-20 17:15 . 2013-07-20 17:15 231 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\installKeys.js
    2013-07-20 17:15 . 2013-07-20 17:15 548864 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\chrome\1gffxtbr.jar
    2013-07-20 17:15 . 2013-07-20 17:15 66272 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\VERIFY.DLL
    2013-07-20 17:15 . 2013-07-20 17:15 42384 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1guabtn.dll
    2013-07-20 17:15 . 2013-07-20 17:15 179480 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gtpinst.dll
    2013-07-20 17:15 . 2013-07-20 17:15 72848 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\T8TICKER.DLL
    2013-07-20 17:15 . 2013-07-20 17:15 44784 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gSrchMn.exe
    2013-07-20 17:15 . 2013-07-20 17:15 62864 ------w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll
    2013-07-20 17:15 . 2013-07-20 17:15 30216 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gskplay.exe
    2013-07-20 17:15 . 2013-07-20 17:15 303504 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gsknlcr.dll
    2013-07-20 17:15 . 2013-07-20 17:15 128512 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gskin.dll
    2013-07-20 17:15 . 2013-07-20 17:15 46480 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gscript.dll
    2013-07-20 17:15 . 2013-07-20 17:15 194936 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\T8RES.DLL
    2013-07-20 17:15 . 2013-07-20 17:15 42512 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gregiet.dll
    2013-07-20 17:15 . 2013-07-20 17:15 48880 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1greghk.dll
    2013-07-20 17:15 . 2013-07-20 17:15 42512 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gregfft.dll
    2013-07-20 17:15 . 2013-07-20 17:15 124304 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gradio.dll
    2013-07-20 17:15 . 2013-07-20 17:15 69192 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gPlugin.dll
    2013-07-20 17:15 . 2013-07-20 17:15 161288 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gmsg.dll
    2013-07-20 17:15 . 2013-07-20 17:15 46480 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gmlbtn.dll
    2013-07-20 17:15 . 2013-07-20 17:15 22048 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gmedint.exe
    2013-07-20 17:15 . 2013-07-20 17:15 32448 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gimpipe.exe
    2013-07-20 17:15 . 2013-07-20 17:15 42384 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gieovr.dll
    2013-07-20 17:15 . 2013-07-20 17:15 34192 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gidle.dll
    2013-07-20 17:15 . 2013-07-20 17:15 83456 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1ghttpct.dll
    2013-07-20 17:15 . 2013-07-20 17:15 163072 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1ghtmlmu.dll
    2013-07-20 17:15 . 2013-07-20 17:15 101640 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\T8HTML.DLL
    2013-07-20 17:15 . 2013-07-20 17:15 34344 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1ghkstub.dll
    2013-07-20 17:15 . 2013-07-20 17:15 22048 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1ghighin.exe
    2013-07-20 17:15 . 2013-07-20 17:15 91648 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gfeedmg.dll
    2013-07-20 17:15 . 2013-07-20 17:15 80536 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\T8EXTPEX.DLL
    2013-07-20 17:15 . 2013-07-20 17:15 74248 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\T8EXTEX.DLL
    2013-07-20 17:15 . 2013-07-20 17:15 54672 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gdyn.dll
    2013-07-20 17:15 . 2013-07-20 17:15 50728 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gdlghk.dll
    2013-07-20 17:15 . 2013-07-20 17:15 99840 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gdatact.dll
    2013-07-20 17:15 . 2013-07-20 17:15 34192 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gbrstub.dll
    2013-07-20 17:15 . 2013-07-20 17:15 30096 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gbrmon.exe
    2013-07-20 17:15 . 2013-07-20 17:15 153752 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gbprtct.dll
    2013-07-20 17:15 . 2013-07-20 17:15 42504 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gbarsvc.exe
    2013-07-20 17:15 . 2013-07-20 17:15 712264 ------w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll
    2013-07-20 17:15 . 2013-07-20 17:15 30224 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gauxstb.dll
    2013-07-20 17:15 . 2013-07-20 17:15 31096 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\NP1gStub.dll
    2013-07-20 17:15 . 2013-07-20 17:15 10054 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\LOGO.BMP
    2013-07-20 17:15 . 2013-07-20 17:15 2048 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\INSTALL.RDF
    2013-07-20 17:15 . 2013-07-20 17:15 442952 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\Hpg64.dll
    2013-07-20 17:15 . 2013-07-20 17:15 482888 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\EXEMANAGER.DLL
    2013-07-20 17:15 . 2013-07-20 17:15 289864 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\DPNMNGR.DLL
    2013-07-20 17:15 . 2013-07-20 17:15 1370184 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\CrExtP1g.exe
    2013-07-20 17:15 . 2013-07-20 17:15 1241672 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\CREXT.DLL
    2013-07-20 17:15 . 2013-07-20 17:15 1024 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\CHROME.MANIFEST
    2013-07-20 17:15 . 2013-07-20 17:15 20480 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\BOOTSTRAP.JS
    2013-07-20 17:15 . 2013-07-20 17:15 292424 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\AppIntegratorStub64.dll
    2013-07-20 17:15 . 2013-07-20 17:15 548936 ------w- c:\program files (x86)\InboxAce_1g\bar\1.bin\AppIntegrator64.exe
    .
    ---- Directory of c:\program files (x86)\Whilokii ----
    .
    2013-09-29 23:24 . 2013-09-29 23:52 5011 ----a-w- c:\program files (x86)\Whilokii\updateWhilokii.InstallState
    2013-09-26 20:44 . 2013-09-26 20:44 3394 ----a-w- c:\program files (x86)\Whilokii\dlmdlmoekcipeicfbnohedgkglmbhcla.crx
    2013-09-26 20:44 . 2013-09-26 20:44 1150 ----a-w- c:\program files (x86)\Whilokii\Whilokii.ico
    .
    ---- Directory of c:\users\Gerri\AppData\Roaming\0D0S1L2Z1P1B ----
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9359da42-06fb-46f2-9e4a-05c05b98a5ef}]
    2013-07-20 17:15 62864 ------w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}]
    c:\users\Gerri\AppData\Local\TopArcadeHits\Toparcadehits.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{d5a1d22b-9e17-454f-8ecd-83c578fb3983}]
    2013-07-20 17:15 712264 ------w- c:\progra~2\INBOXA~2\bar\1.bin\1gbar.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK]
    @="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
    [HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
    2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-06-16 295512]
    "AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-09-16 4851760]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT&inst=NzctNzA5NTU4NzA1LVFJWDErNC1GMTBNMTBEKzItWDIwMTArMi1MSUMrMjItU1AxKzEtU1AxVEIrMS1TVUQrMS1TMUkrMS1TVTMrMS1GTDEwKzEtVFVHKzMtRERUKzk4NzgtREQxMEYrMQ&prod=55&ver=10.0.1392" [?]
    "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-26 559616]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
    S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
    S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys;c:\windows\SYSNATIVE\DRIVERS\Lbd.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
    S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
    S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-09-23 05:03 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 23:23]
    .
    2013-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 20:51]
    .
    2013-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 20:51]
    .
    2013-09-30 c:\windows\Tasks\User_Feed_Synchronization-{C8D32A8E-F5D9-4F28-9F53-A795D8F3D8D2}.job
    - c:\windows\system32\msfeedssync.exe [2013-05-07 07:16]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK]
    @="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
    [HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
    2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://yahoo.com/
    mLocal Page = c:\windows\system32\blank.htm
    uInternet Settings,ProxyOverride = <-loopback>
    mSearchAssistant = hxxp://www.google.com
    mCustomizeSearch = hxxp://www.google.com
    Trusted Zone: dell.com
    TCP: DhcpNameServer = 216.12.78.10 216.12.78.20
    FF - ProfilePath - c:\users\Gerri\AppData\Roaming\Mozilla\Firefox\Profiles\hjglqkxp.default\
    FF - prefs.js: browser.startup.homepage - yahoo.com
    FF - ExtSQL: 2013-09-26 16:44; [email protected]; c:\users\Gerri\AppData\Roaming\Mozilla\Firefox\Profiles\hjglqkxp.default\extensions\[email protected]
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{B81767E1-672D-4DA1-B5CC-D277185815A6} - (no file)
    ShellIconOverlayIdentifiers-{4d87b7a7-23f1-470c-aa45-96b25b9bd138} - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
    7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
    "{44520B54-9E1A-420B-AAC8-B53721CBD53F}"=hex:51,66,7a,6c,4c,1d,38,12,3a,08,41,
    40,28,d0,65,07,d5,de,f6,77,24,95,91,2b
    "{B81767E1-672D-4DA1-B5CC-D277185815A6}"=hex:51,66,7a,6c,4c,1d,38,12,8f,64,04,
    bc,1f,29,cf,08,ca,da,91,37,1d,06,51,b2
    "{3042DF7A-E900-4389-9B94-923DF0DAA57E}"=hex:51,66,7a,6c,4c,1d,38,12,14,dc,51,
    34,32,a7,e7,06,e4,82,d1,7d,f5,84,e1,6a
    "{A0154E07-2B48-475C-A82A-80EFD84EA33E}"=hex:51,66,7a,6c,4c,1d,38,12,69,4d,06,
    a4,7a,65,32,02,d7,3c,c3,af,dd,10,e7,2a
    "{C98D5B61-B0EA-4D48-9839-1079D352D880}"=hex:51,66,7a,6c,4c,1d,38,12,0f,58,9e,
    cd,d8,fe,26,08,e7,2f,53,39,d6,0c,9c,94
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
    27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
    "{78BA36C9-6036-482B-B48D-ECCA6F964B84}"=hex:51,66,7a,6c,4c,1d,38,12,a7,35,a9,
    7c,04,2e,45,0d,cb,9b,af,8a,6a,c8,0f,90
    "{B36151D1-7770-4480-87E4-F89FB54E173D}"=hex:51,66,7a,6c,4c,1d,38,12,bf,52,72,
    b7,42,39,ee,01,f8,f2,bb,df,b0,10,53,29
    "{CF51DE5B-EB36-4114-BB69-84DF63FBADB4}"=hex:51,66,7a,6c,4c,1d,38,12,35,dd,42,
    cb,04,a5,7a,04,c4,7f,c7,9f,66,a5,e9,a0
    "{06E3475C-5521-4DE8-BB12-50720F21631C}"=hex:51,66,7a,6c,4c,1d,38,12,32,44,f0,
    02,13,1b,86,08,c4,04,13,32,0a,7f,27,08
    "{11111111-1111-1111-1111-110211181102}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,
    15,23,5f,7f,54,6e,07,52,42,14,46,55,16
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{2D948797-8FE3-4508-9B6F-4BF349A9EA34}"=hex:51,66,7a,6c,4c,1d,38,12,f9,84,87,
    29,d1,c1,66,00,e4,79,08,b3,4c,f7,ae,20
    "{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
    34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
    "{48909954-14FB-4971-A7B3-47E7AF10B38A}"=hex:51,66,7a,6c,4c,1d,38,12,3a,9a,83,
    4c,c9,5a,1f,0c,d8,a5,04,a7,aa,4e,f7,9e
    "{58376892-60E7-4F63-ACA0-0F686AF554D6}"=hex:51,66,7a,6c,4c,1d,38,12,fc,6b,24,
    5c,d5,2e,0d,0a,d3,b6,4c,28,6f,ab,10,c2
    "{5848763C-2668-44CA-ADBE-2999A6EE2858}"=hex:51,66,7a,6c,4c,1d,38,12,52,75,5b,
    5c,5a,68,a4,01,d2,a8,6a,d9,a3,b0,6c,4c
    "{5D79F641-C168-40DF-A32F-BACEA7509E75}"=hex:51,66,7a,6c,4c,1d,38,12,2f,f5,6a,
    59,5a,8f,b1,05,dc,39,f9,8e,a2,0e,da,61
    "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
    64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
    "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
    69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
    "{6EB534FB-2001-45C4-B860-BC904865A379}"=hex:51,66,7a,6c,4c,1d,38,12,95,37,a6,
    6a,33,6e,aa,00,c7,76,ff,d0,4d,3b,e7,6d
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}"=hex:51,66,7a,6c,4c,1d,38,12,33,9a,b5,
    a3,d3,20,bf,0a,dd,4e,0a,79,58,05,bd,88
    "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
    ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
    "{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870}"=hex:51,66,7a,6c,4c,1d,38,12,b0,dc,45,
    af,26,42,dd,00,e2,e0,38,4e,bf,3f,3c,64
    "{B7ACDF9C-C4F9-4D5D-998E-B147866B4D4C}"=hex:51,66,7a,6c,4c,1d,38,12,f2,dc,bf,
    b3,cb,8a,33,08,e6,98,f2,07,83,35,09,58
    "{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}"=hex:51,66,7a,6c,4c,1d,38,12,fb,ff,52,
    cf,81,bf,f9,02,f4,a0,53,52,fa,3c,ef,ae
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{DD9475F4-A228-4E22-8D37-4B52C2054C31}"=hex:51,66,7a,6c,4c,1d,38,12,9a,76,87,
    d9,1a,ec,4c,0b,f2,21,08,12,c7,5b,08,25
    "{DF22384F-CF68-4D19-969F-10423715528B}"=hex:51,66,7a,6c,4c,1d,38,12,21,3b,31,
    db,5a,81,77,08,e9,89,53,02,32,4b,16,9f
    "{F149B372-5830-4D88-B8F6-2853D12C1AF5}"=hex:51,66,7a,6c,4c,1d,38,12,1c,b0,5a,
    f5,02,16,e6,08,c7,e0,6b,13,d4,72,5e,e1
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:1a,d7,99,d4,7a,2b,ce,01
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
    @="131473"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2013-09-30 19:17:07 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-09-30 23:17
    ComboFix2.txt 2013-09-30 19:17
    ComboFix3.txt 2013-04-04 18:05
    .
    Pre-Run: 434,872,721,408 bytes free
    Post-Run: 434,607,075,328 bytes free
    .
    - - End Of File - - 9B7EE95E4E7B35288A8A9E9EAD1AE4FA
    Upload was successful
     
  8. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,806
    OK a bit more to do
    Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)

    Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished

    Close any open browsers
    Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.



    [​IMG]



    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply .


    Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum
     

    Attached Files:

  9. Mack V

    Mack V Thread Starter

    Joined:
    May 5, 2002
    Messages:
    111
    ComboFix 13-09-30.02 - Gerri 10/01/2013 5:24.5.2 - x64
    Running from: c:\users\Gerri\Desktop\ComboFix.exe
    Command switches used :: c:\users\Gerri\Desktop\CFScript.txt
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Browsersafeguard
    c:\program files (x86)\Browsersafeguard\install.log
    c:\program files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe
    c:\program files (x86)\InboxAce_1g
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1gauxstb.dll
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1gbarsvc.exe
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1gbprtct.dll
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1gbrmon.exe
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1gbrstub.dll
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1gdatact.dll
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1gdlghk.dll
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1gdyn.dll
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1gfeedmg.dll
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1ghighin.exe
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1ghkstub.dll
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1ghtmlmu.dll
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1ghttpct.dll
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1gidle.dll
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1gieovr.dll
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1gimpipe.exe
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1gmedint.exe
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1gmlbtn.dll
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1gmsg.dll
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1gPlugin.dll
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1gradio.dll
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1gregfft.dll
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1greghk.dll
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1gregiet.dll
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1gscript.dll
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1gskin.dll
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1gsknlcr.dll
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1gskplay.exe
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1gSrchMn.exe
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1gtpinst.dll
    c:\program files (x86)\InboxAce_1g\bar\1.bin\1guabtn.dll
    c:\program files (x86)\InboxAce_1g\bar\1.bin\AppIntegrator64.exe
    c:\program files (x86)\InboxAce_1g\bar\1.bin\AppIntegratorStub64.dll
    c:\program files (x86)\InboxAce_1g\bar\1.bin\BOOTSTRAP.JS
    c:\program files (x86)\InboxAce_1g\bar\1.bin\CHROME.MANIFEST
    c:\program files (x86)\InboxAce_1g\bar\1.bin\chrome\1gffxtbr.jar
    c:\program files (x86)\InboxAce_1g\bar\1.bin\CREXT.DLL
    c:\program files (x86)\InboxAce_1g\bar\1.bin\CrExtP1g.exe
    c:\program files (x86)\InboxAce_1g\bar\1.bin\DPNMNGR.DLL
    c:\program files (x86)\InboxAce_1g\bar\1.bin\EXEMANAGER.DLL
    c:\program files (x86)\InboxAce_1g\bar\1.bin\Hpg64.dll
    c:\program files (x86)\InboxAce_1g\bar\1.bin\INSTALL.RDF
    c:\program files (x86)\InboxAce_1g\bar\1.bin\installKeys.js
    c:\program files (x86)\InboxAce_1g\bar\1.bin\LOGO.BMP
    c:\program files (x86)\InboxAce_1g\bar\1.bin\NP1gStub.dll
    c:\program files (x86)\InboxAce_1g\bar\1.bin\T8EXTEX.DLL
    c:\program files (x86)\InboxAce_1g\bar\1.bin\T8EXTPEX.DLL
    c:\program files (x86)\InboxAce_1g\bar\1.bin\T8HTML.DLL
    c:\program files (x86)\InboxAce_1g\bar\1.bin\T8RES.DLL
    c:\program files (x86)\InboxAce_1g\bar\1.bin\T8TICKER.DLL
    c:\program files (x86)\InboxAce_1g\bar\1.bin\VERIFY.DLL
    c:\program files (x86)\InboxAce_1g\bar\gen1\COMMON.T8S
    c:\program files (x86)\InboxAce_1g\bar\IE9Mesg\COMMON.T8S
    c:\program files (x86)\InboxAce_1g\bar\Message\COMMON.T8S
    c:\program files (x86)\InboxAce_1g\bar\Settings\s_pid.dat
    c:\program files (x86)\Whilokii
    c:\program files (x86)\Whilokii\dlmdlmoekcipeicfbnohedgkglmbhcla.crx
    c:\program files (x86)\Whilokii\updateWhilokii.InstallState
    c:\program files (x86)\Whilokii\Whilokii.ico
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-09-01 to 2013-10-01 )))))))))))))))))))))))))))))))
    .
    .
    2013-10-01 09:31 . 2013-10-01 09:31 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2013-10-01 09:31 . 2013-10-01 09:31 -------- d-----w- c:\users\Public\AppData\Local\temp
    2013-10-01 09:31 . 2013-10-01 09:31 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-10-01 09:31 . 2013-10-01 09:31 -------- d-----w- c:\users\AppData\AppData\Local\temp
    2013-09-30 16:28 . 2013-09-30 16:28 -------- d-----w- c:\program files (x86)\FileOpenerPro
    2013-09-30 01:28 . 2013-09-30 18:47 -------- d-----w- c:\users\Gerri\AppData\Local\Deployment
    2013-09-30 00:56 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2013-09-30 00:56 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2013-09-30 00:56 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2013-09-30 00:56 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2013-09-30 00:47 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
    2013-09-30 00:47 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2013-09-30 00:47 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2013-09-30 00:47 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2013-09-30 00:47 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
    2013-09-30 00:47 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
    2013-09-30 00:47 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2013-09-30 00:27 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
    2013-09-30 00:26 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
    2013-09-30 00:25 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
    2013-09-30 00:20 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
    2013-09-30 00:20 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
    2013-09-30 00:19 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
    2013-09-30 00:19 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
    2013-09-29 23:55 . 2013-09-29 23:55 388096 ----a-r- c:\users\Gerri\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2013-09-29 23:55 . 2013-09-29 23:55 -------- d-----w- c:\program files (x86)\Trend Micro
    2013-09-29 23:52 . 2013-09-29 23:52 -------- d-----w- c:\users\Gerri\AppData\Roaming\0D0S1L2Z1P1B
    2013-09-29 23:12 . 2013-09-30 18:43 -------- d-----w- C:\AdwCleaner
    2013-09-20 23:56 . 2013-09-20 23:56 -------- d-----w- c:\users\Gerri\AppData\Roaming\AVG2014
    2013-09-20 23:55 . 2013-09-20 23:55 -------- d-----w- c:\users\Gerri\AppData\Roaming\TuneUp Software
    2013-09-20 23:55 . 2013-09-20 23:55 -------- d-----w- C:\$AVG
    2013-09-20 23:55 . 2013-09-29 23:24 -------- d-----w- c:\programdata\AVG2014
    2013-09-20 23:54 . 2013-09-21 01:10 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Avg2014
    2013-09-20 23:39 . 2013-09-21 02:57 -------- d-----w- c:\users\Gerri\AppData\Local\Avg2014
    2013-09-20 23:39 . 2013-09-20 23:39 -------- d-----w- c:\users\Gerri\AppData\Local\MFAData
    2013-09-20 23:01 . 2013-09-20 23:01 -------- d-----w- c:\program files\CCleaner
    2013-09-16 08:14 . 2013-07-04 07:11 829264 ----a-w- c:\windows\system32\msvcr100.dll
    2013-09-16 08:14 . 2013-07-04 07:11 608080 ----a-w- c:\windows\system32\msvcp100.dll
    2013-09-12 04:52 . 2013-08-10 03:17 2706432 ----a-w- c:\windows\system32\mshtml.tlb
    2013-09-12 04:52 . 2013-08-10 03:07 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2013-09-12 04:52 . 2013-08-10 05:20 526336 ----a-w- c:\windows\system32\ieui.dll
    2013-09-12 04:52 . 2013-08-10 05:20 356864 ----a-w- c:\program files\Internet Explorer\IEShims.dll
    2013-09-12 04:52 . 2013-08-10 03:58 236032 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
    2013-09-12 04:52 . 2013-08-10 03:58 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
    2013-09-12 04:52 . 2013-08-10 05:21 278528 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
    2013-09-12 04:52 . 2013-08-10 05:20 67072 ----a-w- c:\windows\system32\iesetup.dll
    2013-09-12 04:52 . 2013-08-10 05:20 39936 ----a-w- c:\windows\system32\iernonce.dll
    2013-09-12 04:52 . 2013-08-10 03:58 217600 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
    2013-09-12 04:52 . 2013-08-10 03:58 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
    2013-09-10 23:50 . 2013-08-02 01:59 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-09-10 23:50 . 2013-08-02 01:59 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-09-10 23:50 . 2013-08-02 02:23 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-09-10 23:50 . 2013-08-02 02:15 1732032 ----a-w- c:\windows\system32\ntdll.dll
    2013-09-09 02:11 . 2013-09-09 02:11 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
    2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll
    2013-09-02 14:59 . 2013-09-02 14:59 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
    2013-09-02 14:29 . 2013-09-02 14:29 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
    2013-09-02 14:26 . 2013-09-02 14:26 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys
    2013-09-02 14:26 . 2013-09-02 14:26 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-09-20 23:07 . 2013-03-31 17:32 234544 ----a-w- c:\windows\RegBootClean64.exe
    2013-09-19 23:23 . 2012-03-29 00:51 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-09-19 23:23 . 2011-06-18 11:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-09-12 04:46 . 2010-01-28 09:42 79143768 ----a-w- c:\windows\system32\MRT.exe
    2013-08-21 02:53 . 2013-08-21 02:53 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
    2013-08-02 01:48 . 2013-09-10 23:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2013-08-01 20:07 . 2013-08-01 20:07 251192 ----a-w- c:\windows\system32\drivers\avgtdia.sys
    2013-08-01 20:06 . 2013-08-01 20:06 147768 ----a-w- c:\windows\system32\drivers\avgdiska.sys
    2013-07-31 23:30 . 2013-07-31 23:30 22064 ----a-w- c:\windows\DCEBoot64.exe
    2013-07-25 09:25 . 2013-08-26 22:32 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2013-07-25 08:57 . 2013-08-26 22:32 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
    2013-07-19 01:58 . 2013-08-26 22:32 2048 ----a-w- c:\windows\system32\tzres.dll
    2013-07-19 01:41 . 2013-08-26 22:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2013-07-09 05:52 . 2013-08-26 22:33 224256 ----a-w- c:\windows\system32\wintrust.dll
    2013-07-09 05:51 . 2013-08-26 22:32 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
    2013-07-09 05:46 . 2013-08-26 22:33 1472512 ----a-w- c:\windows\system32\crypt32.dll
    2013-07-09 05:46 . 2013-08-26 22:33 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2013-07-09 05:46 . 2013-08-26 22:33 139776 ----a-w- c:\windows\system32\cryptnet.dll
    2013-07-09 04:52 . 2013-08-26 22:32 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
    2013-07-09 04:52 . 2013-08-26 22:33 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
    2013-07-09 04:46 . 2013-08-26 22:33 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2013-07-09 04:46 . 2013-08-26 22:33 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
    2013-07-09 04:46 . 2013-08-26 22:33 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2013-07-06 06:03 . 2013-08-26 22:32 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-02-21 17:54 . 2013-02-21 17:54 4126720 ----a-w- c:\program files (x86)\GUT2971.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}]
    c:\users\Gerri\AppData\Local\TopArcadeHits\Toparcadehits.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK]
    @="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
    [HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
    2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-06-16 295512]
    "AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-09-16 4851760]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT&inst=NzctNzA5NTU4NzA1LVFJWDErNC1GMTBNMTBEKzItWDIwMTArMi1MSUMrMjItU1AxKzEtU1AxVEIrMS1TVUQrMS1TMUkrMS1TVTMrMS1GTDEwKzEtVFVHKzMtRERUKzk4NzgtREQxMEYrMQ&prod=55&ver=10.0.1392" [?]
    "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-26 559616]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
    S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
    S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys;c:\windows\SYSNATIVE\DRIVERS\Lbd.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
    S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
    S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-09-23 05:03 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-10-01 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 23:23]
    .
    2013-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 20:51]
    .
    2013-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 20:51]
    .
    2013-09-30 c:\windows\Tasks\User_Feed_Synchronization-{C8D32A8E-F5D9-4F28-9F53-A795D8F3D8D2}.job
    - c:\windows\system32\msfeedssync.exe [2013-05-07 07:16]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK]
    @="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
    [HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
    2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://yahoo.com/
    mLocal Page = c:\windows\system32\blank.htm
    uInternet Settings,ProxyOverride = <-loopback>
    mSearchAssistant = hxxp://www.google.com
    mCustomizeSearch = hxxp://www.google.com
    Trusted Zone: dell.com
    TCP: DhcpNameServer = 216.12.78.10 216.12.78.20
    FF - ProfilePath - c:\users\Gerri\AppData\Roaming\Mozilla\Firefox\Profiles\hjglqkxp.default\
    FF - prefs.js: browser.startup.homepage - yahoo.com
    FF - ExtSQL: 2013-09-26 16:44; [email protected]; c:\users\Gerri\AppData\Roaming\Mozilla\Firefox\Profiles\hjglqkxp.default\extensions\[email protected]
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{9359da42-06fb-46f2-9e4a-05c05b98a5ef} - c:\program files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll
    BHO-{d5a1d22b-9e17-454f-8ecd-83c578fb3983} - c:\progra~2\INBOXA~2\bar\1.bin\1gbar.dll
    Toolbar-Locked - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{B81767E1-672D-4DA1-B5CC-D277185815A6} - (no file)
    ShellIconOverlayIdentifiers-{4d87b7a7-23f1-470c-aa45-96b25b9bd138} - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
    7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
    "{44520B54-9E1A-420B-AAC8-B53721CBD53F}"=hex:51,66,7a,6c,4c,1d,38,12,3a,08,41,
    40,28,d0,65,07,d5,de,f6,77,24,95,91,2b
    "{B81767E1-672D-4DA1-B5CC-D277185815A6}"=hex:51,66,7a,6c,4c,1d,38,12,8f,64,04,
    bc,1f,29,cf,08,ca,da,91,37,1d,06,51,b2
    "{3042DF7A-E900-4389-9B94-923DF0DAA57E}"=hex:51,66,7a,6c,4c,1d,38,12,14,dc,51,
    34,32,a7,e7,06,e4,82,d1,7d,f5,84,e1,6a
    "{A0154E07-2B48-475C-A82A-80EFD84EA33E}"=hex:51,66,7a,6c,4c,1d,38,12,69,4d,06,
    a4,7a,65,32,02,d7,3c,c3,af,dd,10,e7,2a
    "{C98D5B61-B0EA-4D48-9839-1079D352D880}"=hex:51,66,7a,6c,4c,1d,38,12,0f,58,9e,
    cd,d8,fe,26,08,e7,2f,53,39,d6,0c,9c,94
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
    27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
    "{78BA36C9-6036-482B-B48D-ECCA6F964B84}"=hex:51,66,7a,6c,4c,1d,38,12,a7,35,a9,
    7c,04,2e,45,0d,cb,9b,af,8a,6a,c8,0f,90
    "{B36151D1-7770-4480-87E4-F89FB54E173D}"=hex:51,66,7a,6c,4c,1d,38,12,bf,52,72,
    b7,42,39,ee,01,f8,f2,bb,df,b0,10,53,29
    "{CF51DE5B-EB36-4114-BB69-84DF63FBADB4}"=hex:51,66,7a,6c,4c,1d,38,12,35,dd,42,
    cb,04,a5,7a,04,c4,7f,c7,9f,66,a5,e9,a0
    "{06E3475C-5521-4DE8-BB12-50720F21631C}"=hex:51,66,7a,6c,4c,1d,38,12,32,44,f0,
    02,13,1b,86,08,c4,04,13,32,0a,7f,27,08
    "{11111111-1111-1111-1111-110211181102}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,
    15,23,5f,7f,54,6e,07,52,42,14,46,55,16
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{2D948797-8FE3-4508-9B6F-4BF349A9EA34}"=hex:51,66,7a,6c,4c,1d,38,12,f9,84,87,
    29,d1,c1,66,00,e4,79,08,b3,4c,f7,ae,20
    "{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
    34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
    "{48909954-14FB-4971-A7B3-47E7AF10B38A}"=hex:51,66,7a,6c,4c,1d,38,12,3a,9a,83,
    4c,c9,5a,1f,0c,d8,a5,04,a7,aa,4e,f7,9e
    "{58376892-60E7-4F63-ACA0-0F686AF554D6}"=hex:51,66,7a,6c,4c,1d,38,12,fc,6b,24,
    5c,d5,2e,0d,0a,d3,b6,4c,28,6f,ab,10,c2
    "{5848763C-2668-44CA-ADBE-2999A6EE2858}"=hex:51,66,7a,6c,4c,1d,38,12,52,75,5b,
    5c,5a,68,a4,01,d2,a8,6a,d9,a3,b0,6c,4c
    "{5D79F641-C168-40DF-A32F-BACEA7509E75}"=hex:51,66,7a,6c,4c,1d,38,12,2f,f5,6a,
    59,5a,8f,b1,05,dc,39,f9,8e,a2,0e,da,61
    "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
    64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
    "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
    69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
    "{6EB534FB-2001-45C4-B860-BC904865A379}"=hex:51,66,7a,6c,4c,1d,38,12,95,37,a6,
    6a,33,6e,aa,00,c7,76,ff,d0,4d,3b,e7,6d
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}"=hex:51,66,7a,6c,4c,1d,38,12,33,9a,b5,
    a3,d3,20,bf,0a,dd,4e,0a,79,58,05,bd,88
    "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
    ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
    "{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870}"=hex:51,66,7a,6c,4c,1d,38,12,b0,dc,45,
    af,26,42,dd,00,e2,e0,38,4e,bf,3f,3c,64
    "{B7ACDF9C-C4F9-4D5D-998E-B147866B4D4C}"=hex:51,66,7a,6c,4c,1d,38,12,f2,dc,bf,
    b3,cb,8a,33,08,e6,98,f2,07,83,35,09,58
    "{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}"=hex:51,66,7a,6c,4c,1d,38,12,fb,ff,52,
    cf,81,bf,f9,02,f4,a0,53,52,fa,3c,ef,ae
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{DD9475F4-A228-4E22-8D37-4B52C2054C31}"=hex:51,66,7a,6c,4c,1d,38,12,9a,76,87,
    d9,1a,ec,4c,0b,f2,21,08,12,c7,5b,08,25
    "{DF22384F-CF68-4D19-969F-10423715528B}"=hex:51,66,7a,6c,4c,1d,38,12,21,3b,31,
    db,5a,81,77,08,e9,89,53,02,32,4b,16,9f
    "{F149B372-5830-4D88-B8F6-2853D12C1AF5}"=hex:51,66,7a,6c,4c,1d,38,12,1c,b0,5a,
    f5,02,16,e6,08,c7,e0,6b,13,d4,72,5e,e1
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:1a,d7,99,d4,7a,2b,ce,01
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
    @="131473"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-10-01 05:33:25
    ComboFix-quarantined-files.txt 2013-10-01 09:33
    ComboFix2.txt 2013-09-30 23:26
    ComboFix3.txt 2013-09-30 19:17
    ComboFix4.txt 2013-04-04 18:05
    .
    Pre-Run: 434,667,298,816 bytes free
    Post-Run: 434,601,914,368 bytes free
    .
    - - End Of File - - 08321B8C6779A60B3CAC064205CD9C9E
     
  10. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,806
    how is it now
    are you having any problems still
     
  11. Mack V

    Mack V Thread Starter

    Joined:
    May 5, 2002
    Messages:
    111
    I just got back home. I will post back in a day or so. What was the issue? :)
     
  12. Mack V

    Mack V Thread Starter

    Joined:
    May 5, 2002
    Messages:
    111
    I just got back home. Too early to tell. I will post back in a day or so. What was the issue? :)
     
  13. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,806
    you had various adware components on the computer that cause pop up ads & insert ads into webpages you are viewing
    they normally get stealthily installed along with some so-called "must have" program that was downloaded and you didn't read the EULA that said they would be installed
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1109550