1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I have that pesky FBI haux even after following a solved link

Discussion in 'Virus & Other Malware Removal' started by Pbman, Dec 25, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Pbman

    Pbman Thread Starter

    Joined:
    Sep 5, 2001
    Messages:
    575
    I have that pain in the blank FBI haux and i tried this solved link- with no success
    http://forums.techguy.org/virus-other-malware-removal/1069849-fbi-malware.html

    Here are my required logs- and please advise what I should do next-

    Happy Holidays & Thanks

    Trend Micro HijackThis v2.0.4
    Scan saved at 11:22:09 AM, on 12/25/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v8.00 (8.00.7601.17514)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.*.*;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 5079 bytes


    DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
    Internet Explorer: 8.0.7601.17514
    Run by Rich Gulden at 11:18:41 on 2012-12-25
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.6820 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uProxyOverride = 192.168.*.*;*.local
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{4B9BB0A7-FD8C-4DCD-9090-00A4E9753D83} : DHCPNameServer = 192.168.1.1
    SSODL: WebCheck - <orphaned>
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/31/2012 9:43:05 PM
    System Uptime: 12/25/2012 9:31:39 AM (2 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA785GM-US2H
    Processor: AMD Phenom(tm) II X4 965 Processor | Socket M2 | 3415/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 74 GiB total, 27.444 GiB free.
    D: is FIXED (NTFS) - 233 GiB total, 232.495 GiB free.
    E: is FIXED (NTFS) - 233 GiB total, 227.216 GiB free.
    G: is CDROM ()
    H: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player 11.6
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    BlackArmor Discovery
    Bonjour
    CCleaner
    CleanUp!
    Dropbox
    Google Toolbar for Internet Explorer
    Google Update Helper
    GrabIt 1.7.2 Beta 6 (build 1008)
    HiJackThis
    Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
    Intel(R) Update Manager
    Intel® SSD Toolbox
    Internet Explorer (Enable DEP)
    iTunes
     
  2. Pbman

    Pbman Thread Starter

    Joined:
    Sep 5, 2001
    Messages:
    575
    Forgot my sys info-

    Tech Support Guy System Info Utility version 1.0.0.1
    OS Version: Microsoft Windows 7 Home Premium , Service Pack 1, 64 bit
    Processor: AMD Phenom(tm) II X4 965 Processor, AMD64 Family 16 Model 4 Stepping 3
    Processor Count: 4
    RAM: 8189 Mb
    Graphics Card: ATI Radeon HD 4300/4500 Series , 512 Mb
    Hard Drives: C: Total - 76216 MB, Free - 28102 MB; D: Total - 238368 MB, Free - 238074 MB; E: Total - 238467 MB, Free - 232669 MB;
    Motherboard: Gigabyte Technology Co., Ltd., GA-MA785GM-US2H, x.x,
    Antivirus: Microsoft Security Essentials, Disabled
     
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Download Farbar Recovery Scan Tool on a clean PC (if possible) and save to a flash drive (memory stick). Use which ever of the folllowing is applicable to your system. (32 or 64 bit)

    Download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ <--- 64 bit version Save to USB flash drive

    Download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ <--- 32 bit version Save to USB Flash drive

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options I give two methods, use whichever is convenient for you.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select Your Country as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select Your Country as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Kevin....:)
     
  4. Pbman

    Pbman Thread Starter

    Joined:
    Sep 5, 2001
    Messages:
    575
    Kevin , thanks for taking time during your holiday-

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2012 01
    Ran by SYSTEM at 25-12-2012 19:28:24
    Running from I:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKU\Rich Gulden\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-08-31] (Google Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    ==================== Services (Whitelisted) ===================

    4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [116632 2012-07-17] ()
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
    4 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [275752 2008-01-22] (Nero AG)
    4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola)

    ==================== Drivers (Whitelisted) =====================

    0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
    2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
    3 catchme; \??\C:\cwshredder\catchme.sys [x]
    3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-12-25 09:34 - 2012-12-25 09:34 - 00000000 ____D C:\Users\Rich Gulden\Documents\NeroVision
    2012-12-25 09:33 - 2012-12-25 09:40 - 00000000 ____D C:\Users\Rich Gulden\AppData\Local\Ahead
    2012-12-25 08:32 - 2012-12-25 08:32 - 00000000 ____D C:\Users\Rich Gulden\AppData\Local\Adobe
    2012-12-25 08:19 - 2012-12-25 08:19 - 00009598 ____A C:\Users\Rich Gulden\Desktop\attach.txt
    2012-12-25 08:19 - 2012-12-25 08:18 - 00011758 ____A C:\Users\Rich Gulden\Desktop\dds.txt
    2012-12-25 07:27 - 2012-12-25 07:27 - 00022300 ____A C:\ComboFix.txt
    2012-12-25 06:31 - 2012-12-25 06:31 - 00000758 ____A C:\AdwCleaner[S2].txt
    2012-12-25 06:20 - 2012-12-25 06:20 - 00004789 ____A C:\AdwCleaner[S1].txt
    2012-12-25 06:19 - 2012-12-25 06:19 - 00002120 ____A C:\scu.dat
    2012-12-25 05:26 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2012-12-25 05:26 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2012-12-25 05:26 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-12-25 05:26 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-12-25 05:26 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-12-25 05:26 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2012-12-25 05:26 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2012-12-25 05:26 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2012-12-25 05:25 - 2012-12-25 07:27 - 00000000 ____D C:\Qoobox
    2012-12-25 05:25 - 2012-12-25 05:30 - 00000000 ____D C:\Windows\erdnt
    2012-12-25 03:57 - 2012-12-25 03:57 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-12-25 03:57 - 2012-12-25 03:57 - 00000000 ____D C:\Program Files\iTunes
    2012-12-25 03:57 - 2012-12-25 03:57 - 00000000 ____D C:\Program Files\iPod
    2012-12-25 03:57 - 2012-12-25 03:57 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-12-21 15:37 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
    2012-12-21 15:37 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
    2012-12-21 15:37 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2012-12-21 15:37 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2012-12-15 12:47 - 2012-11-21 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-12-15 12:47 - 2012-11-12 06:20 - 09055744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-12-15 12:47 - 2012-11-12 05:24 - 06028800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-12-15 12:47 - 2012-11-12 04:28 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-12-15 12:47 - 2012-11-12 03:52 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-12-15 12:47 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-12-15 12:47 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-12-15 12:47 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
    2012-12-15 12:47 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
    2012-12-15 12:47 - 2012-10-26 22:26 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-12-15 12:47 - 2012-10-26 22:26 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-12-15 12:47 - 2012-10-26 22:26 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-12-15 12:47 - 2012-10-26 22:24 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-12-15 12:47 - 2012-10-26 22:24 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-12-15 12:47 - 2012-10-26 22:23 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-12-15 12:47 - 2012-10-26 22:23 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-12-15 12:47 - 2012-10-26 22:23 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-12-15 12:47 - 2012-10-26 22:23 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-12-15 12:47 - 2012-10-26 21:51 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-12-15 12:47 - 2012-10-26 21:51 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-12-15 12:47 - 2012-10-26 21:51 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-12-15 12:47 - 2012-10-26 21:49 - 12295680 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-12-15 12:47 - 2012-10-26 21:49 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-12-15 12:47 - 2012-10-26 21:49 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-12-15 12:47 - 2012-10-26 21:49 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-12-15 12:47 - 2012-10-26 21:49 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-12-15 12:47 - 2012-10-26 21:49 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-12-15 12:47 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-12-15 12:47 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-12-15 12:47 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-12-15 12:47 - 2012-10-04 09:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-12-15 12:47 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-12-15 12:47 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-12-15 12:47 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-12-15 12:47 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-12-15 12:47 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-12-15 12:47 - 2012-10-04 08:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-12-15 12:47 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-12-15 12:47 - 2012-10-04 06:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-12-15 12:47 - 2012-10-04 06:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-12-15 12:47 - 2012-10-04 06:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-12-15 12:47 - 2012-10-04 06:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-12-15 12:47 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-12-15 12:47 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-12-15 04:32 - 2012-12-25 16:11 - 00645682 ____A C:\Windows\WindowsUpdate.log
    2012-12-15 04:22 - 2012-12-25 08:28 - 00008148 ____A C:\Windows\PFRO.log
    2012-12-15 04:22 - 2012-12-25 08:28 - 00006194 ____A C:\Windows\setupact.log
    2012-12-15 04:22 - 2012-12-15 04:22 - 00000000 ____A C:\Windows\setuperr.log
    2012-12-09 05:38 - 2012-12-09 05:38 - 00000000 ____D C:\Users\All Users\Nero
    2012-12-08 08:12 - 2012-12-08 08:12 - 00000000 ____D C:\Users\Public\Documents\CrashDump
    2012-12-08 06:33 - 2012-12-22 14:59 - 00001905 ____A C:\Users\Rich Gulden\Desktop\Kies Air Discovery Service.lnk
    2012-12-06 20:18 - 2012-09-19 20:35 - 00203104 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
    2012-12-06 20:18 - 2012-09-19 20:35 - 00102368 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
    2012-12-06 17:32 - 2012-12-06 17:32 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
    2012-12-06 17:29 - 2012-12-06 17:29 - 00000000 ____D C:\Program Files (x86)\MarkAny
    2012-12-06 17:19 - 2012-12-06 17:29 - 00000000 ____D C:\Users\Rich Gulden\AppData\Roaming\Samsung
    2012-12-06 17:19 - 2012-12-06 17:19 - 00000000 ____D C:\Users\Rich Gulden\Documents\samsung
    2012-12-06 17:19 - 2012-12-06 17:19 - 00000000 ____D C:\Users\Rich Gulden\AppData\Local\Samsung
    2012-12-06 17:19 - 2012-12-06 17:19 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
    2012-12-06 17:18 - 2012-10-29 09:10 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
    2012-12-06 17:18 - 2012-10-29 09:09 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
    2012-12-06 17:17 - 2012-12-06 17:19 - 00000000 ____D C:\Program Files (x86)\Samsung
    2012-12-05 17:33 - 2012-12-16 07:14 - 00035328 __ASH C:\Users\Rich Gulden\AppData\Roaming\Thumbs.db
    2012-12-05 17:28 - 2012-12-05 17:28 - 00751078 ____A C:\Users\Rich Gulden\AppData\Roaming\1.bmp
    2012-12-01 12:29 - 2012-12-01 12:29 - 00000000 ____D C:\Program Files\Common Files\Apple
    2012-12-01 12:29 - 2012-12-01 12:29 - 00000000 ____D C:\Program Files\Bonjour
    2012-12-01 12:29 - 2012-12-01 12:29 - 00000000 ____D C:\Program Files (x86)\Bonjour
    2012-12-01 12:29 - 2012-12-01 12:29 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2012-12-01 12:29 - 2012-08-21 10:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
    2012-12-01 07:02 - 2012-12-01 07:02 - 00000000 ____D C:\Users\Rich Gulden\AppData\Roaming\SendSpace
    2012-12-01 05:45 - 2012-12-16 07:23 - 00000000 ___AD C:\Odin307
    2012-11-25 07:17 - 2012-11-25 07:20 - 00000000 ____D C:\Program Files (x86)\TornTV.com
    2012-11-25 07:17 - 2012-11-25 07:17 - 00000000 ____D C:\Users\Rich Gulden\AppData\Roaming\Mozilla
    2012-11-25 07:07 - 2012-11-25 07:07 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
    2012-11-25 06:59 - 2012-11-25 06:59 - 00000000 ____D C:\Program Files\SAMSUNG
    2012-11-25 06:57 - 2012-12-06 17:18 - 00000000 ____D C:\Users\All Users\Samsung


    ==================== One Month Modified Files and Folders =======

    2012-12-25 16:11 - 2012-12-15 04:32 - 00645682 ____A C:\Windows\WindowsUpdate.log
    2012-12-25 15:21 - 2012-08-31 18:06 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-12-25 09:41 - 2012-08-31 18:06 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-12-25 09:40 - 2012-12-25 09:33 - 00000000 ____D C:\Users\Rich Gulden\AppData\Local\Ahead
    2012-12-25 09:38 - 2009-07-13 21:13 - 00730384 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-12-25 09:34 - 2012-12-25 09:34 - 00000000 ____D C:\Users\Rich Gulden\Documents\NeroVision
    2012-12-25 09:29 - 2012-08-31 18:11 - 00000000 ____D C:\Users\Rich Gulden\AppData\Roaming\GrabIt
    2012-12-25 08:35 - 2009-07-13 20:45 - 00013760 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-12-25 08:35 - 2009-07-13 20:45 - 00013760 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-12-25 08:32 - 2012-12-25 08:32 - 00000000 ____D C:\Users\Rich Gulden\AppData\Local\Adobe
    2012-12-25 08:28 - 2012-12-15 04:22 - 00008148 ____A C:\Windows\PFRO.log
    2012-12-25 08:28 - 2012-12-15 04:22 - 00006194 ____A C:\Windows\setupact.log
    2012-12-25 08:28 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-12-25 08:19 - 2012-12-25 08:19 - 00009598 ____A C:\Users\Rich Gulden\Desktop\attach.txt
    2012-12-25 08:18 - 2012-12-25 08:19 - 00011758 ____A C:\Users\Rich Gulden\Desktop\dds.txt
    2012-12-25 07:27 - 2012-12-25 07:27 - 00022300 ____A C:\ComboFix.txt
    2012-12-25 07:27 - 2012-12-25 05:25 - 00000000 ____D C:\Qoobox
    2012-12-25 07:27 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
    2012-12-25 06:31 - 2012-12-25 06:31 - 00000758 ____A C:\AdwCleaner[S2].txt
    2012-12-25 06:25 - 2009-07-13 21:08 - 00032592 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-12-25 06:20 - 2012-12-25 06:20 - 00004789 ____A C:\AdwCleaner[S1].txt
    2012-12-25 06:19 - 2012-12-25 06:19 - 00002120 ____A C:\scu.dat
    2012-12-25 05:31 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
    2012-12-25 05:30 - 2012-12-25 05:25 - 00000000 ____D C:\Windows\erdnt
    2012-12-25 05:29 - 2009-07-13 18:34 - 59244544 ____A C:\Windows\System32\config\SOFTWARE.bak
    2012-12-25 05:29 - 2009-07-13 18:34 - 20185088 ____A C:\Windows\System32\config\SYSTEM.bak
    2012-12-25 05:29 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
    2012-12-25 05:29 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak
    2012-12-25 05:29 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\DEFAULT.bak
    2012-12-25 05:21 - 2012-09-01 05:16 - 00000000 ____D C:\Program Files\CCleaner
    2012-12-25 04:27 - 2012-08-31 17:59 - 00000000 ____D C:\Users\Rich Gulden\AppData\Roaming\vlc
    2012-12-25 03:57 - 2012-12-25 03:57 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-12-25 03:57 - 2012-12-25 03:57 - 00000000 ____D C:\Program Files\iTunes
    2012-12-25 03:57 - 2012-12-25 03:57 - 00000000 ____D C:\Program Files\iPod
    2012-12-25 03:57 - 2012-12-25 03:57 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-12-22 14:59 - 2012-12-08 06:33 - 00001905 ____A C:\Users\Rich Gulden\Desktop\Kies Air Discovery Service.lnk
    2012-12-22 06:31 - 2012-09-01 16:25 - 00000000 ____D C:\Users\Rich Gulden\AppData\Roaming\dvdcss
    2012-12-21 17:13 - 2009-07-13 20:45 - 00351536 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-12-16 09:11 - 2012-12-21 15:37 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
    2012-12-16 07:23 - 2012-12-01 05:45 - 00000000 ___AD C:\Odin307
    2012-12-16 07:14 - 2012-12-05 17:33 - 00035328 __ASH C:\Users\Rich Gulden\AppData\Roaming\Thumbs.db
    2012-12-16 06:45 - 2012-12-21 15:37 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
    2012-12-16 06:13 - 2012-12-21 15:37 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2012-12-16 06:13 - 2012-12-21 15:37 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2012-12-15 16:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2012-12-15 12:48 - 2012-09-01 04:59 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-12-15 12:48 - 2012-08-31 17:56 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-12-15 04:22 - 2012-12-15 04:22 - 00000000 ____A C:\Windows\setuperr.log
    2012-12-13 03:16 - 2012-08-31 17:43 - 00000000 ____D C:\users\Rich Gulden
    2012-12-09 05:38 - 2012-12-09 05:38 - 00000000 ____D C:\Users\All Users\Nero
    2012-12-08 08:12 - 2012-12-08 08:12 - 00000000 ____D C:\Users\Public\Documents\CrashDump
    2012-12-06 17:32 - 2012-12-06 17:32 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
    2012-12-06 17:29 - 2012-12-06 17:29 - 00000000 ____D C:\Program Files (x86)\MarkAny
    2012-12-06 17:29 - 2012-12-06 17:19 - 00000000 ____D C:\Users\Rich Gulden\AppData\Roaming\Samsung
    2012-12-06 17:19 - 2012-12-06 17:19 - 00000000 ____D C:\Users\Rich Gulden\Documents\samsung
    2012-12-06 17:19 - 2012-12-06 17:19 - 00000000 ____D C:\Users\Rich Gulden\AppData\Local\Samsung
    2012-12-06 17:19 - 2012-12-06 17:19 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
    2012-12-06 17:19 - 2012-12-06 17:17 - 00000000 ____D C:\Program Files (x86)\Samsung
    2012-12-06 17:18 - 2012-11-25 06:57 - 00000000 ____D C:\Users\All Users\Samsung
    2012-12-06 17:18 - 2012-08-31 17:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-12-06 17:14 - 2012-08-31 17:47 - 00000000 ____D C:\Users\Rich Gulden\AppData\Local\Downloaded Installations
    2012-12-05 17:28 - 2012-12-05 17:28 - 00751078 ____A C:\Users\Rich Gulden\AppData\Roaming\1.bmp
    2012-12-01 12:29 - 2012-12-01 12:29 - 00000000 ____D C:\Program Files\Common Files\Apple
    2012-12-01 12:29 - 2012-12-01 12:29 - 00000000 ____D C:\Program Files\Bonjour
    2012-12-01 12:29 - 2012-12-01 12:29 - 00000000 ____D C:\Program Files (x86)\Bonjour
    2012-12-01 12:29 - 2012-12-01 12:29 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2012-12-01 07:02 - 2012-12-01 07:02 - 00000000 ____D C:\Users\Rich Gulden\AppData\Roaming\SendSpace
    2012-11-25 07:43 - 2012-09-01 05:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-25 07:20 - 2012-11-25 07:17 - 00000000 ____D C:\Program Files (x86)\TornTV.com
    2012-11-25 07:17 - 2012-11-25 07:17 - 00000000 ____D C:\Users\Rich Gulden\AppData\Roaming\Mozilla
    2012-11-25 07:07 - 2012-11-25 07:07 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
    2012-11-25 06:59 - 2012-11-25 06:59 - 00000000 ____D C:\Program Files\SAMSUNG


    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-12-16 15:09:38
    Restore point made on: 2012-12-20 16:42:52
    Restore point made on: 2012-12-21 15:37:48
    Restore point made on: 2012-12-21 17:17:41
    Restore point made on: 2012-12-24 17:24:32

    ==================== Memory info ===========================

    Percentage of memory in use: 9%
    Total physical RAM: 8189.55 MB
    Available physical RAM: 7383.02 MB
    Total Pagefile: 8187.7 MB
    Available Pagefile: 7385.59 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:74.43 GB) (Free:21.61 GB) NTFS
    2 Drive d: () (Fixed) (Total:232.78 GB) (Free:232.49 GB) NTFS
    3 Drive f: (Local Disk) (Fixed) (Total:232.88 GB) (Free:227.22 GB) NTFS
    6 Drive i: () (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT
    7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    8 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 74 GB 0 B
    Disk 1 Online 465 GB 101 MB
    Disk 2 Online 489 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 74 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 Y System Rese NTFS Partition 100 MB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C NTFS Partition 74 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 232 GB 101 MB
    Partition 2 Primary 232 GB 232 GB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 D NTFS Partition 232 GB Healthy

    =========================================================

    Disk: 1
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 F Local Disk NTFS Partition 232 GB Healthy

    =========================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 488 MB 16 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 06
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 I FAT Removable 488 MB Healthy

    =========================================================

    Last Boot: 2012-12-24 21:38

    ==================== End Of Log =============================
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    mmm, don`t see any obvious problems with the FRST log. I do see that you`ve already ran Combofix, can I see that log. It will be located at C:\Combofix.txt

    Also run the following from Normal mode if possible or Safe mode with Networking Working if not....

    download RogueKiller from here http://tigzy.geekstogo.com/Tools/RogueKiller.exe or here http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe and save Direct to your Desktop.

    • Quit all running programs
    • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
    • 1. Wait until Prescan has finished...
    • The following EULA will appear, please select accept

      [​IMG]
    • 2. Ensure MBR scan, Check faked and AntiRootkit are checked
    • 3. Select Scan

      [​IMG]
    • When the scan completes select Report, copy and paste that to your reply.

    [​IMG]

    Kevin....:)
     
  6. Pbman

    Pbman Thread Starter

    Joined:
    Sep 5, 2001
    Messages:
    575
    ComboFix 12-12-25.02 - Rich Gulden 12/25/2012 10:25:20.4.4 - x64 NETWORK
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.6982 [GMT -5:00]
    Running from: e:\rebuild\Homeoffice2\Desktop\Comp Tools\Cleaners\cwshredder.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-25 to 2012-12-25 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-25 15:26 . 2012-12-25 15:26 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-12-25 11:57 . 2012-12-25 11:57 -------- d-----w- c:\program files\iPod
    2012-12-25 11:57 . 2012-12-25 11:57 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-12-25 11:57 . 2012-12-25 11:57 -------- d-----w- c:\program files\iTunes
    2012-12-25 11:57 . 2012-12-25 11:57 -------- d-----w- c:\program files (x86)\iTunes
    2012-12-25 11:55 . 2012-12-25 11:55 -------- d-----w- c:\users\Rich Gulden\AppData\Local\Apple
    2012-12-25 11:55 . 2012-12-25 11:55 -------- d-----w- c:\users\Rich Gulden\AppData\Local\Apple Computer
    2012-12-25 01:24 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A7FE3243-814F-4D20-BCC9-8F35D32916A7}\mpengine.dll
    2012-12-23 17:41 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-12-23 13:31 . 2012-12-23 13:31 -------- d-----w- c:\users\Rich Gulden\AppData\Local\Ahead
    2012-12-21 23:37 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-21 23:37 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-21 23:37 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-21 23:37 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-09 13:38 . 2012-12-09 13:38 -------- d-----w- c:\program files (x86)\Common Files\Ahead
    2012-12-09 13:38 . 2012-12-09 13:38 -------- d-----w- c:\programdata\Nero
    2012-12-07 04:18 . 2012-09-20 04:35 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
    2012-12-07 04:18 . 2012-09-20 04:35 102368 ----a-w- c:\windows\system32\drivers\ssudbus.sys
    2012-12-07 01:32 . 2012-12-07 01:32 -------- d-----w- c:\program files (x86)\MyFree Codec
    2012-12-07 01:29 . 2012-12-07 01:29 -------- d-----w- c:\program files (x86)\MarkAny
    2012-12-07 01:19 . 2012-12-07 01:19 -------- d-----w- c:\users\Rich Gulden\AppData\Local\Samsung
    2012-12-07 01:19 . 2012-12-07 01:29 -------- d-----w- c:\users\Rich Gulden\AppData\Roaming\Samsung
    2012-12-07 01:18 . 2012-10-29 17:10 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
    2012-12-07 01:18 . 2012-10-29 17:09 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
    2012-12-07 01:17 . 2012-12-07 01:19 -------- d-----w- c:\program files (x86)\Samsung
    2012-12-01 20:29 . 2012-08-21 18:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-12-01 20:29 . 2012-12-01 20:29 -------- d-----w- c:\program files (x86)\Apple Software Update
    2012-12-01 20:29 . 2012-12-01 20:29 -------- d-----w- c:\program files\Common Files\Apple
    2012-12-01 20:29 . 2012-12-01 20:29 -------- d-----w- c:\program files\Bonjour
    2012-12-01 20:29 . 2012-12-01 20:29 -------- d-----w- c:\program files (x86)\Bonjour
    2012-12-01 20:29 . 2012-12-25 11:57 -------- d-----w- c:\program files (x86)\Common Files\Apple
    2012-12-01 15:02 . 2012-12-01 15:02 -------- d-----w- c:\users\Rich Gulden\AppData\Roaming\SendSpace
    2012-12-01 13:45 . 2012-12-16 15:23 -------- d---a-w- C:\Odin307
    2012-11-29 11:23 . 2012-11-29 11:23 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F319D2C6-0B9C-4703-9303-C47732869A53}\gapaengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-15 20:48 . 2012-09-01 01:56 67413224 ----a-w- c:\windows\system32\MRT.exe
    2012-10-29 17:09 . 2012-10-29 17:09 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
    2012-10-29 17:09 . 2012-10-29 17:09 90112 ----a-w- c:\windows\MAMCityDownload.ocx
    2012-10-29 17:09 . 2012-10-29 17:09 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
    2012-10-29 17:09 . 2012-10-29 17:09 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
    2012-10-29 17:09 . 2012-10-29 17:09 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
    2012-10-29 17:09 . 2012-10-29 17:09 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
    2012-10-29 17:09 . 2012-10-29 17:09 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
    2012-10-29 17:09 . 2012-10-29 17:09 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
    2012-10-29 17:09 . 2012-10-29 17:09 330240 ----a-w- c:\windows\MASetupCaller.dll
    2012-10-29 17:09 . 2012-10-29 17:09 30568 ----a-w- c:\windows\MusiccityDownload.exe
    2012-10-29 17:09 . 2012-10-29 17:09 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
    2012-10-29 17:09 . 2012-10-29 17:09 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
    2012-10-29 17:09 . 2012-10-29 17:09 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
    2012-10-29 17:09 . 2012-10-29 17:09 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
    2012-10-29 17:09 . 2012-10-29 17:09 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
    2012-10-29 17:09 . 2012-10-29 17:09 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
    2012-10-29 17:09 . 2012-10-29 17:09 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
    2012-10-29 17:09 . 2012-10-29 17:09 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
    2012-10-29 17:09 . 2012-10-29 17:09 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
    2012-10-29 17:09 . 2012-10-29 17:09 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
    2012-10-29 17:09 . 2012-10-29 17:09 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
    2012-10-29 17:09 . 2012-10-29 17:09 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
    2012-10-29 17:09 . 2012-10-29 17:09 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
    2012-10-29 17:09 . 2012-10-29 17:09 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
    2012-10-29 17:09 . 2012-10-29 17:09 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
    2012-10-29 17:09 . 2012-10-29 17:09 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
    2012-10-29 17:09 . 2012-10-29 17:09 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
    2012-10-29 17:09 . 2012-10-29 17:09 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
    2012-10-16 08:38 . 2012-12-01 14:23 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38 . 2012-12-01 14:23 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39 . 2012-12-01 14:23 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
    2012-10-13 13:18 . 2012-10-13 13:18 388096 ----a-r- c:\users\Rich Gulden\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-10-09 18:17 . 2012-11-18 13:53 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
    2012-10-09 18:17 . 2012-11-18 13:53 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
    2012-10-09 17:40 . 2012-11-18 13:53 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40 . 2012-11-18 13:53 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
    2012-10-04 16:40 . 2012-12-15 20:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-10-03 17:56 . 2012-11-18 13:53 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-10-03 17:44 . 2012-11-18 13:53 70656 ----a-w- c:\windows\system32\nlaapi.dll
    2012-10-03 17:44 . 2012-11-18 13:53 303104 ----a-w- c:\windows\system32\nlasvc.dll
    2012-10-03 17:44 . 2012-11-18 13:53 246272 ----a-w- c:\windows\system32\netcorehc.dll
    2012-10-03 17:44 . 2012-11-18 13:53 18944 ----a-w- c:\windows\system32\netevent.dll
    2012-10-03 17:44 . 2012-11-18 13:53 216576 ----a-w- c:\windows\system32\ncsi.dll
    2012-10-03 17:42 . 2012-11-18 13:53 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
    2012-10-03 16:42 . 2012-11-18 13:53 18944 ----a-w- c:\windows\SysWow64\netevent.dll
    2012-10-03 16:42 . 2012-11-18 13:53 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
    2012-10-03 16:42 . 2012-11-18 13:53 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
    2012-10-03 16:07 . 2012-11-18 13:53 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2012-09-30 00:54 . 2012-09-01 13:18 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-29 01:42 . 2012-09-29 01:42 2177704 ----a-w- c:\windows\system32\coin92.dll
    2012-09-28 15:32 . 2012-09-28 15:32 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll
    2012-09-28 15:32 . 2012-09-28 15:32 53760 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
    2012-09-27 23:42 . 2012-09-27 23:42 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-01 39408]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 281088]
    R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-06-10 15360]
    R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
    R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
    R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
    R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-06-08 27136]
    R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-01 1255736]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
    R4 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-07-17 116632]
    R4 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-10 52584]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-02-24 78336]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-02-24 181248]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-01 02:06]
    .
    2012-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-01 02:06]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = 192.168.*.*;*.local
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-12-25 10:27:55
    ComboFix-quarantined-files.txt 2012-12-25 15:27
    ComboFix2.txt 2012-12-25 14:30
    ComboFix3.txt 2012-12-25 13:41
    ComboFix4.txt 2012-12-25 13:31
    .
    Pre-Run: 29,139,869,696 bytes free
    Post-Run: 29,079,564,288 bytes free
    .
    - - End Of File - - C761DC02ECD24A3317B8C78E789DEC72
    RogueKiller V8.4.1 [Dec 24 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Rich Gulden [Admin rights]
    Mode : Scan -- Date : 12/26/2012 20:18:40

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 8 ¤¤¤
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD5001AALS-00L3B2 ATA Device +++++
    --- User ---
    [MBR] 20539c6b699414d586e60d6a9004dcef
    [BSP] f7f0fc6c62266a1af977202a585764c3 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238369 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 488386560 | Size: 238468 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: INTEL SSDSA2CW080G3 ATA Device +++++
    --- User ---
    [MBR] ef82825429c1623df0f062b554e9ef2d
    [BSP] 4bcdfca207e3506987b535d922f39142 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76217 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_12262012_02d2018.txt >>
    RKreport[1]_S_12262012_02d2018.txt
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Still nothing obvious to indicate the FBI issue you mention. Combofix has been run several times, can you post the other logs for me to see. Post the following:

    C:\Qoobox\ComboFix2.txt
    C:\Qoobox\ComboFix3.txt
    C:\Qoobox\ComboFix4.txt
    C:\Qoobox\ComboFix-quarantined-files.txt


    Next,

    Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed:

    Download [​IMG] from one of the following links and save it to your desktop.:


    http://www.malwarebytes.org/mbam.php
    http://www.softpedia.com/get/Antivirus/Malwarebytes-Anti-Malware.shtml
    http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Post that log with the previous CF logs. Also do you still actually see the FBI alert?

    Kevin
     
  8. Pbman

    Pbman Thread Starter

    Joined:
    Sep 5, 2001
    Messages:
    575
    ComboFix 12-12-25.02 - Rich Gulden 12/25/2012 9:27.3.4 - x64 NETWORK
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.7409 [GMT -5:00]
    Running from: e:\rebuild\Homeoffice2\Desktop\Comp Tools\Cleaners\cwshredder.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-25 to 2012-12-25 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-25 14:29 . 2012-12-25 14:29 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-12-25 11:57 . 2012-12-25 11:57 -------- d-----w- c:\program files\iPod
    2012-12-25 11:57 . 2012-12-25 11:57 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-12-25 11:57 . 2012-12-25 11:57 -------- d-----w- c:\program files\iTunes
    2012-12-25 11:57 . 2012-12-25 11:57 -------- d-----w- c:\program files (x86)\iTunes
    2012-12-25 11:55 . 2012-12-25 11:55 -------- d-----w- c:\users\Rich Gulden\AppData\Local\Apple
    2012-12-25 11:55 . 2012-12-25 11:55 -------- d-----w- c:\users\Rich Gulden\AppData\Local\Apple Computer
    2012-12-25 01:24 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A7FE3243-814F-4D20-BCC9-8F35D32916A7}\mpengine.dll
    2012-12-23 17:41 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-12-23 13:31 . 2012-12-23 13:31 -------- d-----w- c:\users\Rich Gulden\AppData\Local\Ahead
    2012-12-21 23:37 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-21 23:37 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-21 23:37 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-21 23:37 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-09 13:38 . 2012-12-09 13:38 -------- d-----w- c:\program files (x86)\Common Files\Ahead
    2012-12-09 13:38 . 2012-12-09 13:38 -------- d-----w- c:\programdata\Nero
    2012-12-07 04:18 . 2012-09-20 04:35 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
    2012-12-07 04:18 . 2012-09-20 04:35 102368 ----a-w- c:\windows\system32\drivers\ssudbus.sys
    2012-12-07 01:32 . 2012-12-07 01:32 -------- d-----w- c:\program files (x86)\MyFree Codec
    2012-12-07 01:29 . 2012-12-07 01:29 -------- d-----w- c:\program files (x86)\MarkAny
    2012-12-07 01:19 . 2012-12-07 01:19 -------- d-----w- c:\users\Rich Gulden\AppData\Local\Samsung
    2012-12-07 01:19 . 2012-12-07 01:29 -------- d-----w- c:\users\Rich Gulden\AppData\Roaming\Samsung
    2012-12-07 01:18 . 2012-10-29 17:10 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
    2012-12-07 01:18 . 2012-10-29 17:09 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
    2012-12-07 01:17 . 2012-12-07 01:19 -------- d-----w- c:\program files (x86)\Samsung
    2012-12-01 20:29 . 2012-08-21 18:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-12-01 20:29 . 2012-12-01 20:29 -------- d-----w- c:\program files (x86)\Apple Software Update
    2012-12-01 20:29 . 2012-12-01 20:29 -------- d-----w- c:\program files\Common Files\Apple
    2012-12-01 20:29 . 2012-12-01 20:29 -------- d-----w- c:\program files\Bonjour
    2012-12-01 20:29 . 2012-12-01 20:29 -------- d-----w- c:\program files (x86)\Bonjour
    2012-12-01 20:29 . 2012-12-25 11:57 -------- d-----w- c:\program files (x86)\Common Files\Apple
    2012-12-01 15:02 . 2012-12-01 15:02 -------- d-----w- c:\users\Rich Gulden\AppData\Roaming\SendSpace
    2012-12-01 13:45 . 2012-12-16 15:23 -------- d---a-w- C:\Odin307
    2012-11-29 11:23 . 2012-11-29 11:23 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F319D2C6-0B9C-4703-9303-C47732869A53}\gapaengine.dll
    2012-11-25 15:17 . 2012-11-25 15:20 -------- d-----w- c:\program files (x86)\TornTV.com
    2012-11-25 14:59 . 2012-11-25 14:59 -------- d-----w- c:\program files\SAMSUNG
    2012-11-25 14:57 . 2012-12-07 01:18 -------- d-----w- c:\programdata\Samsung
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-15 20:48 . 2012-09-01 01:56 67413224 ----a-w- c:\windows\system32\MRT.exe
    2012-10-29 17:09 . 2012-10-29 17:09 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
    2012-10-29 17:09 . 2012-10-29 17:09 90112 ----a-w- c:\windows\MAMCityDownload.ocx
    2012-10-29 17:09 . 2012-10-29 17:09 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
    2012-10-29 17:09 . 2012-10-29 17:09 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
    2012-10-29 17:09 . 2012-10-29 17:09 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
    2012-10-29 17:09 . 2012-10-29 17:09 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
    2012-10-29 17:09 . 2012-10-29 17:09 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
    2012-10-29 17:09 . 2012-10-29 17:09 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
    2012-10-29 17:09 . 2012-10-29 17:09 330240 ----a-w- c:\windows\MASetupCaller.dll
    2012-10-29 17:09 . 2012-10-29 17:09 30568 ----a-w- c:\windows\MusiccityDownload.exe
    2012-10-29 17:09 . 2012-10-29 17:09 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
    2012-10-29 17:09 . 2012-10-29 17:09 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
    2012-10-29 17:09 . 2012-10-29 17:09 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
    2012-10-29 17:09 . 2012-10-29 17:09 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
    2012-10-29 17:09 . 2012-10-29 17:09 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
    2012-10-29 17:09 . 2012-10-29 17:09 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
    2012-10-29 17:09 . 2012-10-29 17:09 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
    2012-10-29 17:09 . 2012-10-29 17:09 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
    2012-10-29 17:09 . 2012-10-29 17:09 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
    2012-10-29 17:09 . 2012-10-29 17:09 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
    2012-10-29 17:09 . 2012-10-29 17:09 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
    2012-10-29 17:09 . 2012-10-29 17:09 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
    2012-10-29 17:09 . 2012-10-29 17:09 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
    2012-10-29 17:09 . 2012-10-29 17:09 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
    2012-10-29 17:09 . 2012-10-29 17:09 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
    2012-10-29 17:09 . 2012-10-29 17:09 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
    2012-10-29 17:09 . 2012-10-29 17:09 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
    2012-10-29 17:09 . 2012-10-29 17:09 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
    2012-10-16 08:38 . 2012-12-01 14:23 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38 . 2012-12-01 14:23 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39 . 2012-12-01 14:23 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
    2012-10-13 13:18 . 2012-10-13 13:18 388096 ----a-r- c:\users\Rich Gulden\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-10-09 18:17 . 2012-11-18 13:53 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
    2012-10-09 18:17 . 2012-11-18 13:53 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
    2012-10-09 17:40 . 2012-11-18 13:53 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40 . 2012-11-18 13:53 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
    2012-10-04 16:40 . 2012-12-15 20:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-10-03 17:56 . 2012-11-18 13:53 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-10-03 17:44 . 2012-11-18 13:53 70656 ----a-w- c:\windows\system32\nlaapi.dll
    2012-10-03 17:44 . 2012-11-18 13:53 303104 ----a-w- c:\windows\system32\nlasvc.dll
    2012-10-03 17:44 . 2012-11-18 13:53 246272 ----a-w- c:\windows\system32\netcorehc.dll
    2012-10-03 17:44 . 2012-11-18 13:53 18944 ----a-w- c:\windows\system32\netevent.dll
    2012-10-03 17:44 . 2012-11-18 13:53 216576 ----a-w- c:\windows\system32\ncsi.dll
    2012-10-03 17:42 . 2012-11-18 13:53 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
    2012-10-03 16:42 . 2012-11-18 13:53 18944 ----a-w- c:\windows\SysWow64\netevent.dll
    2012-10-03 16:42 . 2012-11-18 13:53 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
    2012-10-03 16:42 . 2012-11-18 13:53 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
    2012-10-03 16:07 . 2012-11-18 13:53 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2012-09-30 00:54 . 2012-09-01 13:18 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-29 01:42 . 2012-09-29 01:42 2177704 ----a-w- c:\windows\system32\coin92.dll
    2012-09-28 15:32 . 2012-09-28 15:32 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll
    2012-09-28 15:32 . 2012-09-28 15:32 53760 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
    2012-09-27 23:42 . 2012-09-27 23:42 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-01 39408]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 281088]
    R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-06-10 15360]
    R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
    R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
    R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
    R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-06-08 27136]
    R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-01 1255736]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
    R4 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-07-17 116632]
    R4 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-10 52584]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-02-24 78336]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-02-24 181248]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-01 02:06]
    .
    2012-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-01 02:06]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = 192.168.*.*;*.local
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-12-25 09:30:21
    ComboFix-quarantined-files.txt 2012-12-25 14:30
    ComboFix2.txt 2012-12-25 13:41
    ComboFix3.txt 2012-12-25 13:31
    .
    Pre-Run: 29,252,591,616 bytes free
    Post-Run: 29,078,949,888 bytes free
    .
    - - End Of File - - 177FB44045F32FC0CE8D1270E176BF8D
    ComboFix 12-12-25.02 - Rich Gulden 12/25/2012 8:38.2.4 - x64 NETWORK
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.7409 [GMT -5:00]
    Running from: e:\rebuild\Homeoffice2\Desktop\Comp Tools\Cleaners\cwshredder.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-25 to 2012-12-25 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-25 13:40 . 2012-12-25 13:40 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-12-25 11:57 . 2012-12-25 11:57 -------- d-----w- c:\program files\iPod
    2012-12-25 11:57 . 2012-12-25 11:57 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-12-25 11:57 . 2012-12-25 11:57 -------- d-----w- c:\program files\iTunes
    2012-12-25 11:57 . 2012-12-25 11:57 -------- d-----w- c:\program files (x86)\iTunes
    2012-12-25 11:55 . 2012-12-25 11:55 -------- d-----w- c:\users\Rich Gulden\AppData\Local\Apple
    2012-12-25 11:55 . 2012-12-25 11:55 -------- d-----w- c:\users\Rich Gulden\AppData\Local\Apple Computer
    2012-12-25 01:24 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A7FE3243-814F-4D20-BCC9-8F35D32916A7}\mpengine.dll
    2012-12-23 17:41 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-12-23 13:31 . 2012-12-23 13:31 -------- d-----w- c:\users\Rich Gulden\AppData\Local\Ahead
    2012-12-21 23:37 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-21 23:37 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-21 23:37 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-21 23:37 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-09 13:38 . 2012-12-09 13:38 -------- d-----w- c:\program files (x86)\Common Files\Ahead
    2012-12-09 13:38 . 2012-12-09 13:38 -------- d-----w- c:\programdata\Nero
    2012-12-07 04:18 . 2012-09-20 04:35 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
    2012-12-07 04:18 . 2012-09-20 04:35 102368 ----a-w- c:\windows\system32\drivers\ssudbus.sys
    2012-12-07 01:32 . 2012-12-07 01:32 -------- d-----w- c:\program files (x86)\MyFree Codec
    2012-12-07 01:29 . 2012-12-07 01:29 -------- d-----w- c:\program files (x86)\MarkAny
    2012-12-07 01:19 . 2012-12-07 01:19 -------- d-----w- c:\users\Rich Gulden\AppData\Local\Samsung
    2012-12-07 01:19 . 2012-12-07 01:29 -------- d-----w- c:\users\Rich Gulden\AppData\Roaming\Samsung
    2012-12-07 01:18 . 2012-10-29 17:10 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
    2012-12-07 01:18 . 2012-10-29 17:09 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
    2012-12-07 01:17 . 2012-12-07 01:19 -------- d-----w- c:\program files (x86)\Samsung
    2012-12-01 20:29 . 2012-08-21 18:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-12-01 20:29 . 2012-12-01 20:29 -------- d-----w- c:\program files (x86)\Apple Software Update
    2012-12-01 20:29 . 2012-12-01 20:29 -------- d-----w- c:\program files\Common Files\Apple
    2012-12-01 20:29 . 2012-12-01 20:29 -------- d-----w- c:\program files\Bonjour
    2012-12-01 20:29 . 2012-12-01 20:29 -------- d-----w- c:\program files (x86)\Bonjour
    2012-12-01 20:29 . 2012-12-25 11:57 -------- d-----w- c:\program files (x86)\Common Files\Apple
    2012-12-01 15:03 . 2012-12-01 15:03 -------- d-----w- c:\programdata\Premium
    2012-12-01 15:02 . 2012-12-01 15:02 -------- d-----w- c:\users\Rich Gulden\AppData\Roaming\SendSpace
    2012-12-01 15:02 . 2012-12-01 15:03 -------- d-----w- c:\programdata\InstallMate
    2012-12-01 13:45 . 2012-12-16 15:23 -------- d---a-w- C:\Odin307
    2012-11-29 11:23 . 2012-11-29 11:23 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F319D2C6-0B9C-4703-9303-C47732869A53}\gapaengine.dll
    2012-11-25 15:17 . 2012-11-25 15:20 -------- d-----w- c:\program files (x86)\TornTV.com
    2012-11-25 14:59 . 2012-11-25 14:59 -------- d-----w- c:\program files\SAMSUNG
    2012-11-25 14:57 . 2012-12-07 01:18 -------- d-----w- c:\programdata\Samsung
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-15 20:48 . 2012-09-01 01:56 67413224 ----a-w- c:\windows\system32\MRT.exe
    2012-10-29 17:09 . 2012-10-29 17:09 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
    2012-10-29 17:09 . 2012-10-29 17:09 90112 ----a-w- c:\windows\MAMCityDownload.ocx
    2012-10-29 17:09 . 2012-10-29 17:09 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
    2012-10-29 17:09 . 2012-10-29 17:09 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
    2012-10-29 17:09 . 2012-10-29 17:09 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
    2012-10-29 17:09 . 2012-10-29 17:09 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
    2012-10-29 17:09 . 2012-10-29 17:09 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
    2012-10-29 17:09 . 2012-10-29 17:09 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
    2012-10-29 17:09 . 2012-10-29 17:09 330240 ----a-w- c:\windows\MASetupCaller.dll
    2012-10-29 17:09 . 2012-10-29 17:09 30568 ----a-w- c:\windows\MusiccityDownload.exe
    2012-10-29 17:09 . 2012-10-29 17:09 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
    2012-10-29 17:09 . 2012-10-29 17:09 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
    2012-10-29 17:09 . 2012-10-29 17:09 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
    2012-10-29 17:09 . 2012-10-29 17:09 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
    2012-10-29 17:09 . 2012-10-29 17:09 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
    2012-10-29 17:09 . 2012-10-29 17:09 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
    2012-10-29 17:09 . 2012-10-29 17:09 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
    2012-10-29 17:09 . 2012-10-29 17:09 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
    2012-10-29 17:09 . 2012-10-29 17:09 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
    2012-10-29 17:09 . 2012-10-29 17:09 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
    2012-10-29 17:09 . 2012-10-29 17:09 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
    2012-10-29 17:09 . 2012-10-29 17:09 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
    2012-10-29 17:09 . 2012-10-29 17:09 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
    2012-10-29 17:09 . 2012-10-29 17:09 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
    2012-10-29 17:09 . 2012-10-29 17:09 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
    2012-10-29 17:09 . 2012-10-29 17:09 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
    2012-10-29 17:09 . 2012-10-29 17:09 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
    2012-10-29 17:09 . 2012-10-29 17:09 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
    2012-10-16 08:38 . 2012-12-01 14:23 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38 . 2012-12-01 14:23 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39 . 2012-12-01 14:23 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
    2012-10-13 13:18 . 2012-10-13 13:18 388096 ----a-r- c:\users\Rich Gulden\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-10-09 18:17 . 2012-11-18 13:53 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
    2012-10-09 18:17 . 2012-11-18 13:53 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
    2012-10-09 17:40 . 2012-11-18 13:53 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40 . 2012-11-18 13:53 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
    2012-10-04 16:40 . 2012-12-15 20:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-10-03 17:56 . 2012-11-18 13:53 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-10-03 17:44 . 2012-11-18 13:53 70656 ----a-w- c:\windows\system32\nlaapi.dll
    2012-10-03 17:44 . 2012-11-18 13:53 303104 ----a-w- c:\windows\system32\nlasvc.dll
    2012-10-03 17:44 . 2012-11-18 13:53 246272 ----a-w- c:\windows\system32\netcorehc.dll
    2012-10-03 17:44 . 2012-11-18 13:53 18944 ----a-w- c:\windows\system32\netevent.dll
    2012-10-03 17:44 . 2012-11-18 13:53 216576 ----a-w- c:\windows\system32\ncsi.dll
    2012-10-03 17:42 . 2012-11-18 13:53 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
    2012-10-03 16:42 . 2012-11-18 13:53 18944 ----a-w- c:\windows\SysWow64\netevent.dll
    2012-10-03 16:42 . 2012-11-18 13:53 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
    2012-10-03 16:42 . 2012-11-18 13:53 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
    2012-10-03 16:07 . 2012-11-18 13:53 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2012-09-30 00:54 . 2012-09-01 13:18 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-29 01:42 . 2012-09-29 01:42 2177704 ----a-w- c:\windows\system32\coin92.dll
    2012-09-28 15:32 . 2012-09-28 15:32 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll
    2012-09-28 15:32 . 2012-09-28 15:32 53760 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
    2012-09-27 23:42 . 2012-09-27 23:42 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-01 39408]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 281088]
    R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-06-10 15360]
    R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
    R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
    R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
    R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-06-08 27136]
    R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-01 1255736]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
    R4 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-07-17 116632]
    R4 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-10 52584]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-02-24 78336]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-02-24 181248]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-01 02:06]
    .
    2012-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-01 02:06]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = 192.168.*.*;*.local
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    AddRemove-DefaultTab - c:\users\Rich Gulden\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-12-25 08:41:31
    ComboFix-quarantined-files.txt 2012-12-25 13:41
    ComboFix2.txt 2012-12-25 13:31
    .
    Pre-Run: 29,246,066,688 bytes free
    Post-Run: 29,074,276,352 bytes free
    .
    - - End Of File - - 27F7F38363BB36C48E27239A0848765B
    ComboFix 12-12-25.02 - Rich Gulden 12/25/2012 8:27.1.4 - x64 NETWORK
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.7394 [GMT -5:00]
    Running from: e:\rebuild\Homeoffice2\Desktop\Comp Tools\Cleaners\cwshredder.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\dsgsdgdsgdsgw.pad
    c:\users\Rich Gulden\AppData\Roaming\DefaultTab\DefaultTab
    c:\users\Rich Gulden\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
    c:\users\Rich Gulden\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
    c:\users\Rich Gulden\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    c:\users\Rich Gulden\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
    c:\users\Rich Gulden\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
    c:\users\Rich Gulden\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
    c:\users\Rich Gulden\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    c:\users\Rich Gulden\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
    c:\users\Rich Gulden\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
    c:\users\Rich Gulden\AppData\Roaming\Iqaqa
    c:\users\Rich Gulden\AppData\Roaming\Iqaqa\diogz.ivo
    c:\windows\SysWow64\muzapp.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_DefaultTabSearch
    -------\Service_DefaultTabUpdate
    -------\Service_DefaultTabUpdate
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-25 to 2012-12-25 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-25 11:57 . 2012-12-25 11:57 -------- d-----w- c:\program files\iPod
    2012-12-25 11:57 . 2012-12-25 11:57 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-12-25 11:57 . 2012-12-25 11:57 -------- d-----w- c:\program files\iTunes
    2012-12-25 11:57 . 2012-12-25 11:57 -------- d-----w- c:\program files (x86)\iTunes
    2012-12-25 11:55 . 2012-12-25 11:55 -------- d-----w- c:\users\Rich Gulden\AppData\Local\Apple
    2012-12-25 11:55 . 2012-12-25 11:55 -------- d-----w- c:\users\Rich Gulden\AppData\Local\Apple Computer
    2012-12-25 01:24 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A7FE3243-814F-4D20-BCC9-8F35D32916A7}\mpengine.dll
    2012-12-23 17:41 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-12-23 13:31 . 2012-12-23 13:31 -------- d-----w- c:\users\Rich Gulden\AppData\Local\Ahead
    2012-12-21 23:37 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-21 23:37 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-21 23:37 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-21 23:37 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-09 13:38 . 2012-12-09 13:38 -------- d-----w- c:\program files (x86)\Common Files\Ahead
    2012-12-09 13:38 . 2012-12-09 13:38 -------- d-----w- c:\programdata\Nero
    2012-12-07 04:18 . 2012-09-20 04:35 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
    2012-12-07 04:18 . 2012-09-20 04:35 102368 ----a-w- c:\windows\system32\drivers\ssudbus.sys
    2012-12-07 01:32 . 2012-12-07 01:32 -------- d-----w- c:\program files (x86)\MyFree Codec
    2012-12-07 01:29 . 2012-12-07 01:29 -------- d-----w- c:\program files (x86)\MarkAny
    2012-12-07 01:19 . 2012-12-07 01:19 -------- d-----w- c:\users\Rich Gulden\AppData\Local\Samsung
    2012-12-07 01:19 . 2012-12-07 01:29 -------- d-----w- c:\users\Rich Gulden\AppData\Roaming\Samsung
    2012-12-07 01:18 . 2012-10-29 17:10 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
    2012-12-07 01:18 . 2012-10-29 17:09 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
    2012-12-07 01:17 . 2012-12-07 01:19 -------- d-----w- c:\program files (x86)\Samsung
    2012-12-01 20:29 . 2012-08-21 18:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-12-01 20:29 . 2012-12-01 20:29 -------- d-----w- c:\program files (x86)\Apple Software Update
    2012-12-01 20:29 . 2012-12-01 20:29 -------- d-----w- c:\program files\Common Files\Apple
    2012-12-01 20:29 . 2012-12-01 20:29 -------- d-----w- c:\program files\Bonjour
    2012-12-01 20:29 . 2012-12-01 20:29 -------- d-----w- c:\program files (x86)\Bonjour
    2012-12-01 20:29 . 2012-12-25 11:57 -------- d-----w- c:\program files (x86)\Common Files\Apple
    2012-12-01 15:03 . 2012-12-01 15:03 -------- d-----w- c:\programdata\Premium
    2012-12-01 15:02 . 2012-12-01 15:02 -------- d-----w- c:\users\Rich Gulden\AppData\Roaming\SendSpace
    2012-12-01 15:02 . 2012-12-01 15:03 -------- d-----w- c:\programdata\InstallMate
    2012-12-01 13:45 . 2012-12-16 15:23 -------- d---a-w- C:\Odin307
    2012-11-29 11:23 . 2012-11-29 11:23 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F319D2C6-0B9C-4703-9303-C47732869A53}\gapaengine.dll
    2012-11-25 15:17 . 2012-11-25 15:20 -------- d-----w- c:\program files (x86)\TornTV.com
    2012-11-25 14:59 . 2012-11-25 14:59 -------- d-----w- c:\program files\SAMSUNG
    2012-11-25 14:57 . 2012-12-07 01:18 -------- d-----w- c:\programdata\Samsung
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-15 20:48 . 2012-09-01 01:56 67413224 ----a-w- c:\windows\system32\MRT.exe
    2012-10-29 17:09 . 2012-10-29 17:09 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
    2012-10-29 17:09 . 2012-10-29 17:09 90112 ----a-w- c:\windows\MAMCityDownload.ocx
    2012-10-29 17:09 . 2012-10-29 17:09 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
    2012-10-29 17:09 . 2012-10-29 17:09 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
    2012-10-29 17:09 . 2012-10-29 17:09 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
    2012-10-29 17:09 . 2012-10-29 17:09 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
    2012-10-29 17:09 . 2012-10-29 17:09 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
    2012-10-29 17:09 . 2012-10-29 17:09 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
    2012-10-29 17:09 . 2012-10-29 17:09 330240 ----a-w- c:\windows\MASetupCaller.dll
    2012-10-29 17:09 . 2012-10-29 17:09 30568 ----a-w- c:\windows\MusiccityDownload.exe
    2012-10-29 17:09 . 2012-10-29 17:09 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
    2012-10-29 17:09 . 2012-10-29 17:09 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
    2012-10-29 17:09 . 2012-10-29 17:09 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
    2012-10-29 17:09 . 2012-10-29 17:09 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
    2012-10-29 17:09 . 2012-10-29 17:09 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
    2012-10-29 17:09 . 2012-10-29 17:09 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
    2012-10-29 17:09 . 2012-10-29 17:09 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
    2012-10-29 17:09 . 2012-10-29 17:09 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
    2012-10-29 17:09 . 2012-10-29 17:09 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
    2012-10-29 17:09 . 2012-10-29 17:09 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
    2012-10-29 17:09 . 2012-10-29 17:09 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
    2012-10-29 17:09 . 2012-10-29 17:09 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
    2012-10-29 17:09 . 2012-10-29 17:09 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
    2012-10-29 17:09 . 2012-10-29 17:09 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
    2012-10-29 17:09 . 2012-10-29 17:09 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
    2012-10-29 17:09 . 2012-10-29 17:09 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
    2012-10-29 17:09 . 2012-10-29 17:09 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
    2012-10-29 17:09 . 2012-10-29 17:09 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
    2012-10-16 08:38 . 2012-12-01 14:23 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38 . 2012-12-01 14:23 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39 . 2012-12-01 14:23 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
    2012-10-13 13:18 . 2012-10-13 13:18 388096 ----a-r- c:\users\Rich Gulden\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-10-09 18:17 . 2012-11-18 13:53 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
    2012-10-09 18:17 . 2012-11-18 13:53 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
    2012-10-09 17:40 . 2012-11-18 13:53 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40 . 2012-11-18 13:53 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
    2012-10-04 16:40 . 2012-12-15 20:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-10-03 17:56 . 2012-11-18 13:53 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-10-03 17:44 . 2012-11-18 13:53 70656 ----a-w- c:\windows\system32\nlaapi.dll
    2012-10-03 17:44 . 2012-11-18 13:53 303104 ----a-w- c:\windows\system32\nlasvc.dll
    2012-10-03 17:44 . 2012-11-18 13:53 246272 ----a-w- c:\windows\system32\netcorehc.dll
    2012-10-03 17:44 . 2012-11-18 13:53 18944 ----a-w- c:\windows\system32\netevent.dll
    2012-10-03 17:44 . 2012-11-18 13:53 216576 ----a-w- c:\windows\system32\ncsi.dll
    2012-10-03 17:42 . 2012-11-18 13:53 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
    2012-10-03 16:42 . 2012-11-18 13:53 18944 ----a-w- c:\windows\SysWow64\netevent.dll
    2012-10-03 16:42 . 2012-11-18 13:53 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
    2012-10-03 16:42 . 2012-11-18 13:53 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
    2012-10-03 16:07 . 2012-11-18 13:53 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2012-09-30 00:54 . 2012-09-01 13:18 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-29 01:42 . 2012-09-29 01:42 2177704 ----a-w- c:\windows\system32\coin92.dll
    2012-09-28 15:32 . 2012-09-28 15:32 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll
    2012-09-28 15:32 . 2012-09-28 15:32 53760 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
    2012-09-27 23:42 . 2012-09-27 23:42 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-01 39408]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
    R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
    R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
    R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-06-08 27136]
    R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-01 1255736]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
    R4 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-07-17 116632]
    R4 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]
    S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 281088]
    S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-06-10 15360]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-10 52584]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-02-24 78336]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-02-24 181248]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-01 02:06]
    .
    2012-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-01 02:06]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Rich Gulden\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = 192.168.*.*;*.local
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    AddRemove-DefaultTab - c:\users\Rich Gulden\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-12-25 08:31:42 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-12-25 13:31
    .
    Pre-Run: 29,375,438,848 bytes free
    Post-Run: 29,129,822,208 bytes free
    .
    - - End Of File - - 639F6FC23C41C62D67C5B55722F0B2CC
     
  9. Pbman

    Pbman Thread Starter

    Joined:
    Sep 5, 2001
    Messages:
    575
    The alert stopped-

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.12.27.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Rich Gulden :: HOMEOFFICE2 [administrator]

    12/27/2012 9:03:54 AM
    mbam-log-2012-12-27 (09-03-54).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 202653
    Time elapsed: 50 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Good to here the alert has stopped, ok run the following:

    Run Eset Online Scanner

    **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

    Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • click on the Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
      Click Start
    • When asked, allow the add/on to be installed
      Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
      Click Scan
    • wait for the virus definitions to be downloaded
    • Wait for the scan to finish
    When the scan is complete

    • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
    If threats were found

    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    close program
    copy and paste the report here

    Next,

    Download Security Check by screen317 from either of the following:
    http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Post those two logs, let me know how your system is responding, also if any issues or concerns remain...

    Kevin
     
  11. Pbman

    Pbman Thread Starter

    Joined:
    Sep 5, 2001
    Messages:
    575
    Results of screen317's Security Check version 0.99.56
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.1.1000
    Adobe Reader 10.1.4 Adobe Reader out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    ESET ESET Online Scanner OnlineCmdLineScanner.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````[/


    Eset found no errors
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    OK, if no issues or alerts do the following:

    Remove Combofix now that we're done with it
    • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
      [​IMG]
    • Please follow the prompts to uninstall Combofix.
    • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
    The above procedure will delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:_OtMoveIt folder, if present
    • Reset the clock settings.
    • Hide file extensions, if required.
    • Hide System/Hidden files, if required.
    • Reset System Restore.

    It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

    Next,

    Remove ESET online scanner (Only If installed):

    • Click Start, type Uninstall a Program into the Search programs and files box, and then press ENTER.
    • Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted.

    Next,

    • Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
    • Double click [​IMG] icon to start the program.
      If you are using Vista or Windows 7 accept UAC
    • Then Click the big [​IMG] button.
    • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
    • Restart your computer when prompted.
    • This will remove tools we have used and itself.

    Any tools/logs remaining on the Desktop can be deleted.

    Next,

    Delete the following from your Desktop if still present:

    RogueKiller and its folder RK_Quarantine
    Scurity Checks and any logs.

    Next,

    Adobe Reader is outdated...
    Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

    Step 1 - Select your Operating System.
    Step 2 - Select your Langauge.
    Step 3 - Select latest version.

    Untick the option for McAfee security scanner if offered.

    Download and install.

    Having the latest updates ensures there are no security vulnerabilities in your system.

    Next,

    Download [​IMG] TFC to your desktop, from either of the following links
    http://oldtimer.geekstogo.com/TFC.exe
    http://itxassociates.com/OT-Tools/TFC.exe
    • Save any open work. TFC will close all open application windows.
    • Double-click TFC.exe to run the program. Vista or Windows 7 users accept the UAC alert.
    • If prompted, click "Yes" to reboot.
    TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

    Keep TFC it is an excellent, run weekly utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run, even if not prompted

    Let me know if those steps complete OK, also if any remaining issues or concerns...

    Kevin
     
  13. Pbman

    Pbman Thread Starter

    Joined:
    Sep 5, 2001
    Messages:
    575
    Kevin

    Have done all and can't thank you enough!!

    As far a total cleanup program I use 2-

    Steven Gould's "Cleanup 4.2" , which I found by accident. Also use- ATF Cleaner which I saw here on the Tech Guy site

    Thanks and Have A Great New Year!
    Rich
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Thanks for the feedback Rich,

    Here are some tips to reduce the potential for malware infection in the future:

    Make proper use of your antivirus and firewall

    Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

    You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

    Install and use WinPatrol from here http://www.winpatrol.com/download.html This will inform you of any attempted unauthorized changes to your system.

    WinPatrol features explained here http://www.winpatrol.com/features.html

    Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates. (Use stand alone version, not a full install)
    If Java or Adobe are updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed. <--- Very important

    Use a safer web browser

    Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

    FireFox http://www.mozilla.com/en-US/,

    Opera http://www.opera.com/, and

    Chrome http://www.google.com/chrome.

    All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here http://www.bleepingcomputer.com/tutorials/tutorial102.html which will help you to make IE MUCH safer.

    These browser add-ons will help to make your browser safer:

    Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

    Available for Firefox and Internet Explorer.

    Green to go,
    Yellow for caution, and
    Red to stop.


    Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

    These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article:
    http://browsers.about.com/od/addonsplugi2/tp/browser_security_privacy.htm

    Here a couple of links by two security experts that will give some excellent tips and advice.

    So how did I get infected in the first place by Tony Klein

    How to prevent Malware by Miekiemoes

    Finally this link http://www.geekstogo.com/forum/topic/38-free-antivirus-and-antispyware-software will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

    Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

    If no remaining issues hit the “Mark Solved” tab at the top of the thread,

    Take care,

    Kevin
     
  15. Pbman

    Pbman Thread Starter

    Joined:
    Sep 5, 2001
    Messages:
    575
    Thanks & Happy New Year!!
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1082317

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice