Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #1  
Old April 25th, 2013, 10:11 PM
NotAgain! NotAgain! is offline
New Member
 
Join Date: Apr 2013
O/S: Windows 7 64-bit
Location: New Jersey
Posts: 19
Trojans(?) On My Husband's Laptop

My Husband casually made the comment yesterday that his browser is getting redirected again. Yes, I said again.

AVG scan came up with 3 critical problems (2 Trojans and a "message", but it wouldn't show me any details?) that it could not clean. Ran just about every cleaning tool recommended on the AVG FAQ and it hasn't seemed to help, so a friend suggested that I try here.

Downloaded Hijack This and ran as admin. Log is below:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:00:56 PM, on 4/25/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Owner\AppData\Roaming\SearchProtect\bin\c ltmng.exe
C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox .exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Optimum\DigiDo\TrayApp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT32...5-B9CBB29A3543
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Vafmusic Toolbar - {6c3bc03f-d7b9-43ac-8931-c242e3cae971} - C:\Program Files (x86)\Vafmusic\prxtbVaf0.dll
O2 - BHO: CrossriderApp0019962 - {11111111-1111-1111-1111-110111991162} - C:\Program Files (x86)\Supreme Savings\Supreme Savings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Qwiklinx - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Owner\AppData\Roaming\Qwiklinx\Qwiklinx.d ll (file missing)
O2 - BHO: Vafmusic - {6c3bc03f-d7b9-43ac-8931-c242e3cae971} - C:\Program Files (x86)\Vafmusic\prxtbVaf0.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Owner\AppData\Roaming\DefaultTab\DefaultT ab\DefaultTabBHO.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Cartwheel - {B50DF051-E1D4-439C-B94E-F4DE82B56542} - C:\Users\Owner\AppData\Roaming\Cartwheel\Cartwheel .dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Vafmusic Toolbar - {6c3bc03f-d7b9-43ac-8931-c242e3cae971} - C:\Program Files (x86)\Vafmusic\prxtbVaf0.dll
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DigiDo] "C:\Program Files (x86)\Optimum\DigiDo\TrayApp.exe" startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
O4 - HKCU\..\Run: [{d39a077a-0fd1-8d59-16d6-4aea672bad8e}] rundll32 "C:\Users\Owner\AppData\Local\ISL Online Cache\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\azknlsmjk.dll",RFCOM_FreeUnusedNow
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [SearchProtect] C:\Users\Owner\AppData\Roaming\SearchProtect\bin\c ltmng.exe
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: MRI_DISABLED
O4 - Startup: MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/...Control_32.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} (First American Res MapActiveX Control) - http://realist2.firstamres.com/mapviewer/mapviewer.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_amd64_neutral_2994e9b145633086\AESTSr64.e xe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files (x86)\Optimum\DigiDo\AffinegyService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe (file missing)
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Just Develop It - C:\Program Files (x86)\MyPC Backup\BackupStack.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\SysWOW64\brsvc01a.exe
O23 - Service: Search Protect by Conduit Updater (CltMngSvc) - Conduit - C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
O23 - Service: DefaultTabSearch - Unknown owner - C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\Owner\AppData\Roaming\DefaultTab\DefaultT ab\DTUpdate.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: IDEXX Install Service - IDEXX Computer Systems - C:\Program Files (x86)\IDEXX\IDEXX SmartService\csinstallservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Cstone\NMSAccess.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_amd64_neutral_2994e9b145633086\STacSV64.e xe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UsbClientService - Unknown owner - C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14375 bytes


I'd rather get fillings with no Novocain than deal with this stuff.

Thank you in advance for your help.

- NotAgain!
Reply With Quote


  #2  
Old April 26th, 2013, 06:20 AM
schrauber's Avatar
schrauber schrauber is offline
Cyber Tech Help Moderator
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 33
Posts: 4,431
Hello, NotAgain!
Welcome to the CyberTechHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.


Hijackthis is very outdated, so we need to switch to another diagnostic tool.

  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Push the Quick Scan button.
  5. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
Reply With Quote
  #3  
Old April 29th, 2013, 09:33 PM
NotAgain! NotAgain! is offline
New Member
 
Join Date: Apr 2013
O/S: Windows 7 64-bit
Location: New Jersey
Posts: 19
Hi, Tom!

Thank you for your assistance. I apologize for my disappearance; work got crazy.

Apparently the OTL.txt file is too large to post in its entirety. Here isthe first part of the contents of OTL.txt:


OTL logfile created on: 4/29/2013 3:55:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 59.49% Memory free
5.92 Gb Paging File | 3.82 Gb Available in Paging File | 64.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 136.05 Gb Free Space | 62.35% Space Free | Partition Type: NTFS
Drive D: | 702.83 Mb Total Space | 641.53 Mb Free Space | 91.28% Space Free | Partition Type: UDF

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/29 15:50:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2013/04/25 14:59:58 | 000,107,520 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\DefaultTab\DefaultT ab\DTUpdate.exe
PRC - [2013/04/11 10:28:08 | 002,730,784 | ---- | M] (Conduit) -- C:\Users\Owner\AppData\Roaming\SearchProtect\bin\c ltmng.exe
PRC - [2013/04/11 10:28:08 | 000,093,984 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/12 03:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox .exe
PRC - [2013/02/27 22:16:40 | 000,968,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2012/12/11 04:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/12/10 12:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/21 22:52:06 | 000,248,704 | ---- | M] () -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
PRC - [2011/10/17 16:01:36 | 001,154,416 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Optimum\DigiDo\TrayApp.exe
PRC - [2011/10/17 16:01:36 | 000,587,120 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Optimum\DigiDo\AffinegyService.exe
PRC - [2011/10/17 16:01:34 | 007,909,232 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe
PRC - [2011/03/25 11:46:22 | 000,071,360 | ---- | M] () -- C:\Cstone\NMSAccess.exe
PRC - [2011/02/16 15:53:42 | 000,171,008 | ---- | M] (IDEXX Computer Systems) -- C:\Program Files (x86)\IDEXX\IDEXX SmartService\csinstallservice.exe
PRC - [2009/08/17 11:29:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/07/21 15:00:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSS01A.EXE
PRC - [2009/06/24 18:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/18 16:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/04/27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2007/04/27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2004/06/13 15:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSVC01A.EXE


========== Modules (No Company Name) ==========

MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/17 16:01:38 | 000,022,896 | ---- | M] () -- C:\Program Files (x86)\Optimum\DigiDo\AffinegyServicePS.dll
MOD - [2011/10/17 15:51:00 | 001,797,632 | ---- | M] () -- C:\Program Files (x86)\Optimum\DigiDo\gateways\NetgearWNDR3400LOC.d ll
MOD - [2011/10/17 15:49:34 | 001,756,160 | ---- | M] () -- C:\Program Files (x86)\Optimum\DigiDo\gateways\NetgearWNR3500LOC.dl l
MOD - [2011/10/17 15:45:44 | 000,335,360 | ---- | M] () -- C:\Program Files (x86)\Optimum\DigiDo\DigiDoFlavor.dll
MOD - [2011/08/04 17:28:14 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Optimum\DigiDo\imageformats\qjpeg4.dll
MOD - [2010/08/11 21:29:04 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Optimum\DigiDo\QtGui4.dll
MOD - [2010/08/11 21:29:02 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Optimum\DigiDo\QtXml4.dll
MOD - [2010/08/11 21:29:00 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Optimum\DigiDo\QtCore4.dll
MOD - [2010/08/11 21:29:00 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Optimum\DigiDo\QtNetwork4.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/14 21:34:36 | 001,024,384 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV:64bit: - [2012/12/16 07:25:38 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/06 23:50:18 | 000,244,224 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\st wrt64.inf_amd64_neutral_2994e9b145633086\stacsv64. exe -- (STacSV)
SRV:64bit: - [2009/07/16 21:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\st wrt64.inf_amd64_neutral_2994e9b145633086\AESTSr64. exe -- (AESTFilters)
SRV:64bit: - [2008/12/18 16:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2013/04/25 14:59:58 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\Owner\AppData\Roaming\DefaultTab\DefaultT ab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2013/04/22 20:56:07 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/11 10:28:08 | 000,093,984 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/04/08 05:36:56 | 000,032,808 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/14 19:02:21 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/27 22:16:40 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2013/02/11 03:42:26 | 000,572,928 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2012/12/10 12:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/21 22:52:06 | 000,248,704 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe -- (UsbClientService)
SRV - [2011/10/17 16:01:36 | 000,587,120 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Optimum\DigiDo\AffinegyService.exe -- (AffinegyService)
SRV - [2011/03/25 11:46:22 | 000,071,360 | ---- | M] () [Auto | Running] -- C:\Cstone\NMSAccess.exe -- (NMSAccess)
SRV - [2011/02/16 15:53:42 | 000,171,008 | ---- | M] (IDEXX Computer Systems) [Auto | Running] -- C:\Program Files (x86)\IDEXX\IDEXX SmartService\csinstallservice.exe -- (IDEXX Install Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/18 21:49:27 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/11/06 23:50:18 | 000,244,224 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_amd64_neutral_2994e9b145633086\STacSV64.e xe -- (STacSV)
SRV - [2009/08/17 11:29:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_amd64_neutral_2994e9b145633086\AESTSr64.e xe -- (AESTFilters)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/04/27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2007/04/27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2004/06/13 15:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\Windows\SysWOW64\BRSVC01A.EXE -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/27 22:16:40 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/12/16 07:25:34 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/16 00:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/22 14:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 04:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/03 05:36:52 | 000,055,776 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\busenum.sys -- (busenum)
DRV:64bit: - [2012/06/22 11:01:32 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/01/22 16:38:52 | 000,284,720 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/11/06 23:50:18 | 000,503,296 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/16 21:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 21:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/15 15:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/22 10:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/08 16:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2009/05/08 04:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2007/04/27 07:40:00 | 000,142,120 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{7D7807B7-DEEC-4286-B9ED-17BFC88C81DE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {6c3bc03f-d7b9-43ac-8931-c242e3cae971} - C:\Program Files (x86)\Vafmusic\prxtbVaf0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {F2BC6207-D69F-496C-B13A-0A95D021998B}
IE - HKLM\..\SearchScopes\{53C39A46-E1B0-4D7D-AEE3-DCAFE1C60EEC}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT32...5-B9CBB29A3543
IE - HKCU\..\URLSearchHook: {6c3bc03f-d7b9-43ac-8931-c242e3cae971} - C:\Program Files (x86)\Vafmusic\prxtbVaf0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {F2BC6207-D69F-496C-B13A-0A95D021998B}
IE - HKCU\..\SearchScopes\{C048CAFA-7E10-4DE5-8AA5-894221DDFD1A}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3283894&SearchSource=45&q={sea rchTerms}
IE - HKCU\..\SearchScopes\{F2BC6207-D69F-496C-B13A-0A95D021998B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&cti d=CT3287375&CUI=UN19237275119091251&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT3287375.browser.search.defaultthis.eng ineName: "true"
FF - prefs.js..browser.search.defaultthis.engineName: "Vafmusic Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&CUI=UN2981618482262 8128&UM=2&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Vafmusic Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3287375&octid=CT3287375&SearchSource=61&CU I=UN29816184822628128&UM=2&UP=SPA3B0E6D3-6152-4D1F-ADC5-B9CBB29A3543"
FF - prefs.js..extensions.enabledAddons: faemiakrli%40faemiakrli.org:3.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI= UN29816184822628128&UM=2&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_60 2_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_60 2_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122 .dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/25 15:00:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/01/08 22:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2013/04/25 15:00:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Pro files\osc1n9s0.default\extensions
[2013/04/25 15:00:28 | 000,000,000 | ---D | M] (Vafmusic) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Pro files\osc1n9s0.default\extensions\{6c3bc03f-d7b9-43ac-8931-c242e3cae971}
[2013/04/25 15:00:09 | 000,000,000 | ---D | M] ("Supreme Savings") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Pro files\osc1n9s0.default\extensions\crossriderapp199 62@crossrider.com
[2013/04/25 14:59:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Pro files\osc1n9s0.default\extensions\staged
[2013/04/25 15:00:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Pro files\osc1n9s0.default\extensions\crossriderapp199 62@crossrider.com\chrome\content\extensionCode
[1622/05/27 07:06:16 | 000,005,100 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Pro files\osc1n9s0.default\extensions\faemiakrli@faemi akrli.org.xpi
[2013/04/25 14:59:58 | 000,029,604 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Pro files\osc1n9s0.default\extensions\staged\addon@def aulttab.com.xpi
[2013/04/25 15:00:31 | 000,000,993 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Pro files\osc1n9s0.default\searchplugins\conduit.xml
[2013/04/22 20:55:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/22 20:56:08 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/03/21 15:53:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/21 15:53:26 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnid hooohk\1.23.47_0\crossrider
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnid hooohk\1.23.47_0\

O1 HOSTS File: ([2012/08/23 21:26:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Supreme Savings) - {11111111-1111-1111-1111-110111991162} - C:\Program Files (x86)\Supreme Savings\Supreme Savings.dll (Innovative Apps)
O2 - BHO: (Qwiklinx) - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Owner\AppData\Roaming\Qwiklinx\Qwiklinx.d ll File not found
O2 - BHO: (Vafmusic Toolbar) - {6c3bc03f-d7b9-43ac-8931-c242e3cae971} - C:\Program Files (x86)\Vafmusic\prxtbVaf0.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Owner\AppData\Roaming\DefaultTab\DefaultT ab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (Cartwheel) - {B50DF051-E1D4-439C-B94E-F4DE82B56542} - C:\Users\Owner\AppData\Roaming\Cartwheel\Cartwheel .dll (Cartwheel, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Vafmusic Toolbar) - {6c3bc03f-d7b9-43ac-8931-c242e3cae971} - C:\Program Files (x86)\Vafmusic\prxtbVaf0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Vafmusic Toolbar) - {6C3BC03F-D7B9-43AC-8931-C242E3CAE971} - C:\Program Files (x86)\Vafmusic\prxtbVaf0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DigiDo] C:\Program Files (x86)\Optimum\DigiDo\TrayApp.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKCU..\Run: [{d39a077a-0fd1-8d59-16d6-4aea672bad8e}] C:\Users\Owner\AppData\Local\ISL Online Cache\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\azknlsmjk.dll (CyberLink)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [SearchProtect] C:\Users\Owner\AppData\Roaming\SearchProtect\bin\c ltmng.exe (Conduit)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox .exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\MRI_DISABLED [2009/12/03 18:40:56 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} http://realist2.firstamres.com/mapviewer/mapviewer.cab (First American Res MapActiveX Control)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...Control_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{E4BB85D9-E1B1-4F34-ADA1-0F6DAB16C678}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/04/22 22:37:04 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/29 15:54:49 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2013/04/29 15:54:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/04/25 15:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\DomaIQ Uninstaller
[2013/04/25 15:03:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\HiJackThis
[2013/04/25 15:01:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/04/25 15:01:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vafmusic
[2013/04/25 15:01:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Conduit
[2013/04/25 15:01:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CRE
[2013/04/25 15:00:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/04/25 15:00:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Supreme Savings
[2013/04/25 15:00:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SearchProtect
[2013/04/25 15:00:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Updater19962
[2013/04/25 15:00:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\MyPC Backup
[2013/04/25 15:00:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/04/25 15:00:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DefaultTab
[2013/04/25 15:00:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Supreme Savings
[2013/04/25 14:59:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DefaultTab
[2013/04/23 14:53:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/04/23 14:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/04/23 11:59:51 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/04/23 11:52:38 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/04/22 22:42:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Optimizer Pro
[2013/04/22 22:34:30 | 000,000,000 | ---D | C] -- C:\ProgramData\W3i
[2013/04/22 22:34:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\SpyHunter
[2013/04/22 22:34:13 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013/04/22 22:34:13 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/04/22 22:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/04/22 22:33:02 | 000,000,000 | R--D | C] -- C:\Sandbox
[2013/04/22 22:32:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-zip
[2013/04/22 22:32:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Cartwheel
[2013/04/22 22:32:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-zip
[2013/04/22 22:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer Pro
[2013/04/22 22:32:40 | 000,000,000 | ---D | C] -- C:\Program Files\PC Optimizer Pro
[2013/04/22 22:32:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013/04/22 22:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2013/04/22 22:32:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Yahoo!
[2013/04/22 22:32:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2013/04/22 22:27:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2013/04/22 22:27:25 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2013/04/22 20:55:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/04/22 20:30:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/22 20:30:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/04/22 20:29:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Programs
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/29 15:52:39 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2013/04/29 15:52:11 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/29 15:50:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/04/29 15:48:44 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/29 15:48:44 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/29 15:40:45 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/29 15:40:14 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2013/04/29 15:40:07 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013/04/29 15:39:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/29 15:39:25 | 2386,317,312 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/25 21:20:31 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/25 15:03:41 | 000,002,975 | ---- | M] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2013/04/25 15:01:32 | 000,000,009 | ---- | M] () -- C:\END
[2013/04/25 15:00:20 | 000,001,103 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\MyPC Backup.lnk
[2013/04/25 15:00:20 | 000,001,093 | ---- | M] () -- C:\Users\Owner\Desktop\MyPC Backup.lnk
[2013/04/25 15:00:12 | 000,000,258 | RHS- | M] () -- C:\Users\Owner\ntuser.pol
[2013/04/25 14:54:40 | 000,001,494 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013/04/23 15:54:10 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/23 14:53:27 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/04/23 12:14:28 | 000,000,121 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/04/23 11:59:51 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/04/23 11:07:15 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro Updates.job
[2013/04/23 11:07:15 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 Scan.job
[2013/04/22 22:37:04 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/04/22 22:34:14 | 000,002,260 | ---- | M] () -- C:\Users\Owner\Desktop\SpyHunter.lnk
[2013/04/22 22:32:47 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\7-zip.lnk
[2013/04/22 22:32:42 | 000,000,924 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk
[2013/04/22 22:32:42 | 000,000,900 | ---- | M] () -- C:\Users\Public\Desktop\PC Optimizer Pro.lnk
[2013/04/22 22:27:25 | 000,000,898 | ---- | M] () -- C:\Users\Owner\Desktop\Sandboxed Web Browser.lnk
[2013/04/22 22:27:25 | 000,000,898 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/25 15:03:41 | 000,002,975 | ---- | C] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2013/04/25 15:00:20 | 000,001,103 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\MyPC Backup.lnk
[2013/04/25 15:00:20 | 000,001,093 | ---- | C] () -- C:\Users\Owner\Desktop\MyPC Backup.lnk
[2013/04/25 15:00:11 | 000,000,258 | RHS- | C] () -- C:\Users\Owner\ntuser.pol
[2013/04/25 14:59:45 | 000,000,009 | ---- | C] () -- C:\END
[2013/04/23 14:53:27 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/04/23 12:12:39 | 000,000,121 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/04/22 22:42:48 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro64 Scan.job
[2013/04/22 22:42:43 | 000,000,438 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro Updates.job
[2013/04/22 22:42:42 | 000,000,414 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2013/04/22 22:37:04 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/04/22 22:36:47 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys
[2013/04/22 22:34:14 | 000,002,260 | ---- | C] () -- C:\Users\Owner\Desktop\SpyHunter.lnk
[2013/04/22 22:32:47 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\7-zip.lnk
[2013/04/22 22:32:42 | 000,000,924 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk
[2013/04/22 22:32:42 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\PC Optimizer Pro.lnk
[2013/04/22 22:27:59 | 000,000,898 | ---- | C] () -- C:\Users\Owner\Desktop\Sandboxed Web Browser.lnk
[2013/04/22 22:27:59 | 000,000,898 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2013/04/22 22:27:56 | 000,001,494 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013/04/22 20:30:19 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/23 21:55:32 | 000,000,055 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\mbam.context.scan
[2012/06/11 15:17:11 | 000,000,076 | ---- | C] () -- C:\Windows\digident.ini
[2010/06/02 14:41:25 | 000,000,093 | ---- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat
[2010/02/27 11:13:32 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2012/08/04 14:41:22 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\L
[2012/08/21 22:06:27 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\U
[2012/08/21 21:59:19 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\L\00000004.@
[2011/11/17 02:41:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Local\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\L
[2011/11/17 02:41:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Local\{d39a077a-0fd1-8d59-16d6-4aea672bad8e}\U
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
Reply With Quote
  #4  
Old April 29th, 2013, 09:35 PM
NotAgain! NotAgain! is offline
New Member
 
Join Date: Apr 2013
O/S: Windows 7 64-bit
Location: New Jersey
Posts: 19
Second Part of OTL.txt

Here is the rest of the OTL.txt file:


[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== LOP Check ==========

[2012/10/12 16:07:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG
[2012/09/11 23:02:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG2013
[2013/04/22 22:32:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Cartwheel
[2013/04/25 14:59:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DefaultTab
[2013/04/29 15:41:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2011/02/15 21:14:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PCDr
[2013/04/25 15:06:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SearchProtect
[2012/09/11 23:00:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
[2010/11/14 21:46:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Turbine
[2011/03/12 19:44:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >
Reply With Quote
  #5  
Old April 29th, 2013, 09:36 PM
NotAgain! NotAgain! is offline
New Member
 
Join Date: Apr 2013
O/S: Windows 7 64-bit
Location: New Jersey
Posts: 19
OTL Extras.txt

Here are the contents of the Extras.txt file:


OTL Extras logfile created on: 4/29/2013 3:55:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 59.49% Memory free
5.92 Gb Paging File | 3.82 Gb Available in Paging File | 64.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 136.05 Gb Free Space | 62.35% Space Free | Partition Type: NTFS
Drive D: | 702.83 Mb Total Space | 641.53 Mb Free Space | 91.28% Space Free | Partition Type: UDF

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C40C6FFE-A33B-4900-ABFE-4B76F2D941FC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DE02B616-F4F4-4C77-8DB8-AD0172CAC0FF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{07C7F492-2134-4273-A85B-5437AB0F8738}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{1391745D-3412-4652-92B3-93099E286D7C}" = protocol=6 | dir=in | app=c:\program files (x86)\optimum\digido\digido.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{37F99602-7D39-4A2C-BD5C-80BFF4C98AB3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{571D7EF4-308F-412A-A8B6-415C0D3EC977}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{5E1B883D-CB04-44A5-818D-91454A5B4552}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{750B5333-51EF-449D-9CE0-2BF2227168EC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{88B4F2E8-3BAA-49AA-BFC4-708EB68D0510}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{92E54C16-423B-446A-A7EF-954268908A96}" = protocol=17 | dir=in | app=c:\program files (x86)\optimum\digido\digido.exe |
"{9CBFF871-7C40-4A09-B487-94B6FE365B8A}" = protocol=6 | dir=in | app=c:\program files (x86)\optimum\digido\digido.exe |
"{A2C885C5-4247-41BE-8F43-1C621D8D2BDC}" = dir=in | app=c:\program files (x86)\optimum\digido\digido.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A8D8D5E4-B745-46BB-A458-8B7C0D81AE70}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B8A285DA-49E9-4A7C-9869-1D6082C979D1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D6AC6DEC-A80B-43A9-BE95-556DBA86C476}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D947DEBD-0B50-45A7-958E-D30F1D028F5B}" = protocol=17 | dir=in | app=c:\program files (x86)\optimum\digido\digido.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E9DB9A94-D277-4A52-A04C-EF1B8F234759}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{93263A73-5471-4875-98E8-64446412134B}C:\program files (x86)\microsoft office\office14\outlook.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"UDP Query User{581593B3-EED3-4005-B6A0-C39EBE290A9E}C:\program files (x86)\microsoft office\office14\outlook.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{28DE691E-A3FE-4361-B240-9C7EFA3805DA}" = SpyHunter
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{AD27BE4B-A261-4F0A-AB5A-476C83EDAED2}" = AVG 2013
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5AA006A-1ABE-4F16-B6E1-FEE1F7D38102}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"AVG" = AVG 2013
"CCleaner" = CCleaner
"Cornerstone PDF Printer" = Cornerstone PDF Printer
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MyPC Backup" = MyPC Backup
"PC Optimizer Pro" = PC Optimizer Pro
"Sandboxie" = Sandboxie 3.76 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2C52D6EB-EE7E-45C4-AFB8-1242164A4A44}" = C5150n - C5200n Series GDI Driver from OKI® Printing Solutions for Windows
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5301C483-40FB-4F94-B56E-D7D5A114D2F6}" = Garmin City Navigator North America NT v8
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63E29D1A-D6B5-4295-BFAC-967606232411}_is1" = Cartwheel Shopping
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C94A234-CA2C-4D3C-81E6-6AAA8069825D}" = Garmin WebUpdater
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7641CBD8-F4F2-4AC7-B4BC-62E9C1E72A1B}" = IDEXX SmartService
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOKR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.OUTLOOKR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOKR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.OUTLOOKR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.OUTLOOKR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010
"{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F374A085-64BE-468D-9FA0-19F3B46514FA}" = Cornerstone
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.13.01.801
"7-zip" = 7-zip v9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AVS Audio Converter_is1" = AVS Audio Converter 7
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"DefaultTab" = DefaultTab
"Dell Webcam Central" = Dell Webcam Central
"Diablo III" = Diablo III
"DigiDo_is1" = DigiDo
"DomaIQ Uninstaller" = DomaIQ
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.OUTLOOKR" = Microsoft Outlook 2010
"SearchProtect" = Search Protect by conduit
"Supreme Savings" = Supreme Savings
"Synology Assistant" = Synology Assistant (remove only)
"Vafmusic Toolbar" = Vafmusic Toolbar
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"bd4d3a0508d364f5" = Dell Driver Download Manager
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/23/2013 3:11:31 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 4/23/2013 3:11:38 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 4/23/2013 3:11:38 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 4/23/2013 3:11:38 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 4/23/2013 3:11:38 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 4/23/2013 3:30:54 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program Spyhunter4.exe version 4.12.13.4202 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 720 Start
Time: 01ce405625dc846c Termination Time: 15 Application Path: C:\Program Files\Enigma
Software Group\SpyHunter\Spyhunter4.exe Report Id: 4e192d5d-ac4c-11e2-b62e-002564742c4f


Error - 4/25/2013 3:01:09 PM | Computer Name = Owner-PC | Source = CltMngSvc | ID = 1000
Description =

Error - 4/25/2013 3:01:26 PM | Computer Name = Owner-PC | Source = CltMngSvc | ID = 1000
Description =

Error - 4/25/2013 3:23:33 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0,
time stamp: 0x511246e7 Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0,
time stamp: 0x511246e7 Exception code: 0xc0000005 Fault offset: 0x00002c60 Faulting
process id: 0xeec Faulting application start time: 0x01ce41ea55de3d6c Faulting application
path: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe Faulting module path:
C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe Report Id: 9e3d3145-addd-11e2-a8a2-002564742c4f

Error - 4/29/2013 3:41:23 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0,
time stamp: 0x511246e7 Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0,
time stamp: 0x511246e7 Exception code: 0xc0000005 Fault offset: 0x00002c60 Faulting
process id: 0xc0c Faulting application start time: 0x01ce45117d73f927 Faulting application
path: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe Faulting module path:
C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe Report Id: c5a4b85d-b104-11e2-b2ff-002564742c4f

[ System Events ]
Error - 4/23/2013 3:11:38 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 4/23/2013 8:23:06 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 4/25/2013 3:00:11 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
Description = The DefaultTabSearch service is marked as an interactive service.
However, the system is configured to not allow interactive services. This service
may not function properly.

Error - 4/25/2013 3:23:14 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Computer
Backup (MyPC Backup) service to connect.

Error - 4/25/2013 3:23:14 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The Computer Backup (MyPC Backup) service failed to start due to the
following error: %%1053

Error - 4/25/2013 3:23:54 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7034
Description = The DefaultTabSearch service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/25/2013 9:21:03 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 4/29/2013 3:40:56 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Computer
Backup (MyPC Backup) service to connect.

Error - 4/29/2013 3:40:56 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The Computer Backup (MyPC Backup) service failed to start due to the
following error: %%1053

Error - 4/29/2013 3:41:47 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7034
Description = The DefaultTabSearch service terminated unexpectedly. It has done
this 1 time(s).


< End of report >
Reply With Quote
  #6  
Old April 29th, 2013, 09:39 PM
NotAgain! NotAgain! is offline
New Member
 
Join Date: Apr 2013
O/S: Windows 7 64-bit
Location: New Jersey
Posts: 19
aswMBR.txt

Tom -

Below is the aswMRB log:


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-29 16:16:18
-----------------------------
16:16:18.424 OS Version: Windows x64 6.1.7601 Service Pack 1
16:16:18.424 Number of processors: 2 586 0x170A
16:16:18.424 ComputerName: OWNER-PC UserName: Owner
16:16:19.656 Initialize success
16:17:25.586 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:17:25.586 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
16:17:25.695 Disk 0 MBR read successfully
16:17:25.711 Disk 0 MBR scan
16:17:25.711 Disk 0 Windows VISTA default MBR code
16:17:25.711 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
16:17:25.726 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
16:17:25.742 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223434 MB offset 30801920
16:17:25.757 Disk 0 scanning C:\Windows\system32\drivers
16:17:33.199 Service scanning
16:17:52.621 Modules scanning
16:17:52.621 Disk 0 trace - called modules:
16:17:52.683 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:17:52.699 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80032ef060]
16:17:52.699 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002e66050]
16:17:52.714 Scan finished successfully
16:20:57.577 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
16:20:57.592 The log file has been saved successfully to "C:\Users\Owner\Desktop\042913-aswMBR.txt"
Reply With Quote
  #7  
Old April 30th, 2013, 06:06 AM
schrauber's Avatar
schrauber schrauber is offline
Cyber Tech Help Moderator
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 33
Posts: 4,431
Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
Please post the contents of that log in your next reply.
Reply With Quote
  #8  
Old May 1st, 2013, 03:55 AM
NotAgain! NotAgain! is offline
New Member
 
Join Date: Apr 2013
O/S: Windows 7 64-bit
Location: New Jersey
Posts: 19
TDSSKiller returns "No threats found". I also ran it as administrator, just in case that might make a difference.
Reply With Quote
  #9  
Old May 1st, 2013, 10:19 AM
schrauber's Avatar
schrauber schrauber is offline
Cyber Tech Help Moderator
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 33
Posts: 4,431
Next, download ComboFix Save to the Desktop
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.
Please provide the contents of the ComboFix report in your reply.
Reply With Quote
  #10  
Old May 2nd, 2013, 02:04 AM
NotAgain! NotAgain! is offline
New Member
 
Join Date: Apr 2013
O/S: Windows 7 64-bit
Location: New Jersey
Posts: 19
Hi, Tom -

ComboFix log...

ComboFix 13-05-01.03 - Owner 05/01/2013 20:28:44.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3034.1705 [GMT -4:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\Owner\AppData\Roaming\DefaultTab\DefaultT ab
c:\users\Owner\AppData\Roaming\DefaultTab\DefaultT ab\addon.ico
c:\users\Owner\AppData\Roaming\DefaultTab\DefaultT ab\amazon_ie.ico
c:\users\Owner\AppData\Roaming\DefaultTab\DefaultT ab\DefaultTabBHO.cfg
c:\users\Owner\AppData\Roaming\DefaultTab\DefaultT ab\DefaultTabBHO.dll
c:\users\Owner\AppData\Roaming\DefaultTab\DefaultT ab\DefaultTabStart.exe
c:\users\Owner\AppData\Roaming\DefaultTab\DefaultT ab\DefaultTabStart64.exe
c:\users\Owner\AppData\Roaming\DefaultTab\DefaultT ab\DefaultTabUninstaller.exe
c:\users\Owner\AppData\Roaming\DefaultTab\DefaultT ab\DefaultTabWrap.dll
c:\users\Owner\AppData\Roaming\DefaultTab\DefaultT ab\DefaultTabWrap64.dll
c:\users\Owner\AppData\Roaming\DefaultTab\DefaultT ab\DT.ico
c:\users\Owner\AppData\Roaming\DefaultTab\DefaultT ab\DTUpdate.exe
c:\users\Owner\AppData\Roaming\DefaultTab\DefaultT ab\ebay_ie.ico
c:\users\Owner\AppData\Roaming\DefaultTab\DefaultT ab\facebook_ie.ico
c:\users\Owner\AppData\Roaming\DefaultTab\DefaultT ab\search_ie.ico
c:\users\Owner\AppData\Roaming\DefaultTab\DefaultT ab\searchhere.ico
c:\users\Owner\AppData\Roaming\DefaultTab\DefaultT ab\twitter_ie.ico
c:\users\Owner\AppData\Roaming\DefaultTab\DefaultT ab\uninstalldt.exe
c:\users\Owner\AppData\Roaming\DefaultTab\DefaultT ab\wikipedia_ie.ico
c:\users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk
c:\windows\TEMP\jniwrapper-3.8.2.Build.3.8.2\jniwrap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DefaultTabSearch
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((((( Files Created from 2013-04-02 to 2013-05-02 )))))))))))))))))))))))))))))))
.
.
2013-05-02 00:37 . 2013-05-02 00:37 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-05-02 00:37 . 2013-05-02 00:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-25 19:04 . 2013-04-25 19:04 -------- d-----w- c:\program files\DomaIQ Uninstaller
2013-04-25 19:03 . 2013-04-25 19:03 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer \{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-04-25 19:01 . 2013-04-25 19:01 -------- d-----w- c:\program files (x86)\Conduit
2013-04-25 19:01 . 2013-04-25 19:02 -------- d-----w- c:\program files (x86)\Vafmusic
2013-04-25 19:01 . 2013-04-25 19:01 -------- d-----w- c:\users\Owner\AppData\Local\Conduit
2013-04-25 19:01 . 2013-04-25 19:01 -------- d-----w- c:\users\Owner\AppData\Local\CRE
2013-04-25 19:00 . 2013-04-25 19:00 -------- d-----w- c:\program files (x86)\SearchProtect
2013-04-25 19:00 . 2013-04-25 19:00 -------- d-----w- c:\users\Owner\AppData\Local\Supreme Savings
2013-04-25 19:00 . 2013-04-25 19:06 -------- d-----w- c:\users\Owner\AppData\Roaming\SearchProtect
2013-04-25 19:00 . 2013-04-25 19:00 -------- d-----w- c:\users\Owner\AppData\Local\Updater19962
2013-04-25 19:00 . 2013-04-25 19:00 -------- d-----w- c:\program files (x86)\MyPC Backup
2013-04-25 19:00 . 2013-04-25 19:00 -------- d-----w- c:\program files (x86)\DefaultTab
2013-04-25 19:00 . 2013-04-25 19:00 -------- d-----w- c:\program files (x86)\Supreme Savings
2013-04-25 18:59 . 2013-05-02 00:36 -------- d-----w- c:\users\Owner\AppData\Roaming\DefaultTab
2013-04-23 18:53 . 2013-04-23 18:53 -------- d-----w- c:\program files\CCleaner
2013-04-23 16:12 . 2013-04-23 16:14 121 ----a-w- c:\windows\DeleteOnReboot.bat
2013-04-23 15:59 . 2013-04-23 15:59 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-04-23 15:52 . 2013-04-23 16:00 -------- d-----w- c:\programdata\HitmanPro
2013-04-23 02:42 . 2013-04-23 02:42 -------- d-----w- c:\programdata\PC Optimizer Pro
2013-04-23 02:36 . 2012-06-22 15:01 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2013-04-23 02:34 . 2013-04-23 02:34 -------- d-----w- c:\programdata\W3i
2013-04-23 02:34 . 2013-04-23 02:34 110080 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer \{28DE691E-A3FE-4361-B240-9C7EFA3805DA}\IconF7A21AF7.exe
2013-04-23 02:34 . 2013-04-23 02:34 110080 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer \{28DE691E-A3FE-4361-B240-9C7EFA3805DA}\IconD7F16134.exe
2013-04-23 02:34 . 2013-04-23 02:34 110080 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer \{28DE691E-A3FE-4361-B240-9C7EFA3805DA}\Icon1226A4C5.exe
2013-04-23 02:34 . 2013-04-23 02:36 -------- d-----w- C:\sh4ldr
2013-04-23 02:34 . 2013-04-23 02:34 -------- d-----w- c:\program files\Enigma Software Group
2013-04-23 02:33 . 2013-04-23 02:36 -------- d-----w- c:\windows\28DE691EA3FE4361B2409C7EFA3805DA.TMP
2013-04-23 02:33 . 2013-04-23 02:33 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-04-23 02:33 . 2013-04-23 02:33 -------- d-----r- C:\Sandbox
2013-04-23 02:32 . 2013-04-23 02:32 -------- d-----w- c:\users\Owner\AppData\Roaming\Cartwheel
2013-04-23 02:32 . 2013-04-23 02:32 -------- d-----w- c:\program files (x86)\7-zip
2013-04-23 02:32 . 2013-04-23 02:42 -------- d-----w- c:\program files\PC Optimizer Pro
2013-04-23 02:32 . 2013-04-23 02:32 -------- d-----w- c:\programdata\Yahoo!
2013-04-23 02:32 . 2013-04-23 02:32 -------- d-----w- c:\programdata\Yahoo! Companion
2013-04-23 02:32 . 2013-04-23 02:32 -------- d-----w- c:\users\Owner\AppData\Roaming\Yahoo!
2013-04-23 02:32 . 2013-04-23 02:32 -------- d-----w- c:\program files (x86)\Yahoo!
2013-04-23 02:27 . 2013-04-23 02:27 -------- d-----w- c:\program files\Sandboxie
2013-04-23 00:30 . 2013-04-23 19:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-23 00:30 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-23 00:29 . 2013-04-23 00:29 -------- d-----w- c:\users\Owner\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2013-03-14 23:02 . 2012-03-29 18:18 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-14 23:02 . 2011-06-04 00:12 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-28 02:16 . 2012-09-12 03:00 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-02-27 01:19 . 2013-02-27 01:19 4126720 ----a-w- c:\program files (x86)\GUT8D7.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6c3bc03f-d7b9-43ac-8931-c242e3cae971}"= "c:\program files (x86)\Vafmusic\prxtbVaf0.dll" [2013-04-14 231712]
.
[HKEY_CLASSES_ROOT\clsid\{6c3bc03f-d7b9-43ac-8931-c242e3cae971}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110111991162}]
2013-04-25 19:00 748424 ----a-w- c:\program files (x86)\Supreme Savings\Supreme Savings.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c3bc03f-d7b9-43ac-8931-c242e3cae971}]
2013-04-14 12:35 231712 ----a-w- c:\program files (x86)\Vafmusic\prxtbVaf0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B50DF051-E1D4-439C-B94E-F4DE82B56542}]
2013-04-04 16:22 232384 ----a-w- c:\users\Owner\AppData\Roaming\Cartwheel\Cartwheel .dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Internet Explorer\Toolbar]
"{6c3bc03f-d7b9-43ac-8931-c242e3cae971}"= "c:\program files (x86)\Vafmusic\prxtbVaf0.dll" [2013-04-14 231712]
.
[HKEY_CLASSES_ROOT\clsid\{6c3bc03f-d7b9-43ac-8931-c242e3cae971}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox Ext.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox Ext.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox Ext.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox Ext.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-12-16 765200]
"SearchProtect"="c:\users\Owner\AppData\Roaming\Se archProtect\bin\cltmng.exe" [2013-04-11 2730784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"DigiDo"="c:\program files (x86)\Optimum\DigiDo\TrayApp.exe" [2011-10-17 1154416]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SearchProtectAll"="c:\program files (x86)\SearchProtect\bin\cltmng.exe" [2013-04-11 2730784]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox .exe [2013-3-12 29106336]
MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe [2013-4-8 1913896]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\MRI_DISABLED
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-19 14:39 41208 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
2009-06-19 03:46 494064 ----a-w- c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-06-25 02:19 140520 ------w- c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe [2013-04-08 32808]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-04-11 93984]
R3 00390686;00390686; [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\ EsgScanner.sys [2012-06-22 22704]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-05-08 215552]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgi dsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-16 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHl pa64.sys [2009-07-09 55280]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIV ERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.s ys [2013-02-28 39768]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileReposi tory\stwrt64.inf_amd64_neutral_2994e9b145633086\AE STSr64.exe [2009-03-03 89600]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2012-12-10 1342024]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 IDEXX Install Service;IDEXX Install Service;c:\program files (x86)\IDEXX\IDEXX SmartService\csinstallservice.exe [2011-02-16 171008]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\ Sentinel64.sys [2007-04-27 142120]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2007-04-27 316992]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-08-17 656624]
S2 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [2012-10-22 248704]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\pro gram files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-02-28 968880]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys [2012-08-03 55776]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2013-04-04 25928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-12 00:52 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Insta ller\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2012-03-29 23:02]
.
2013-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 21:35]
.
2013-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 21:35]
.
2013-04-23 c:\windows\Tasks\PC Optimizer Pro Updates.job
- c:\program files\PC Optimizer Pro\StartApps.exe [2013-03-05 06:56]
.
2013-04-23 c:\windows\Tasks\PC Optimizer Pro64 Scan.job
- c:\program files\PC Optimizer Pro\StartApps.exe [2013-03-05 06:56]
.
2013-05-02 c:\windows\Tasks\PC Optimizer Pro64 startups.job
- c:\program files\PC Optimizer Pro\StartApps.exe [2013-03-05 06:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox Ext64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox Ext64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox Ext64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox Ext64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2010-08-26 415256]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-25 369152]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-11-07 487424]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com/?ctid=CT3287375&octid=CT3287375&SearchSource=61&CU I=UN19237275119091251&UM=2&UP=SPA3B0E6D3-6152-4D1F-ADC5-B9CBB29A3543
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Pro files\osc1n9s0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&CUI=UN2981618482262 8128&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Vafmusic Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3287375&octid=CT3287375&SearchSource=61&CU I=UN29816184822628128&UM=2&UP=SPA3B0E6D3-6152-4D1F-ADC5-B9CBB29A3543
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI= UN29816184822628128&UM=2&q=
FF - ExtSQL: 2013-04-25 15:00; crossriderapp19962@crossrider.com; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Pro files\osc1n9s0.default\extensions\crossriderapp199 62@crossrider.com
FF - ExtSQL: 2013-04-25 15:00; {6c3bc03f-d7b9-43ac-8931-c242e3cae971}; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Pro files\osc1n9s0.default\extensions\{6c3bc03f-d7b9-43ac-8931-c242e3cae971}
FF - ExtSQL: 2013-04-30 22:39; addon@defaulttab.com; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Pro files\osc1n9s0.default\extensions\addon@defaulttab .com.xpi
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{3E7C8B5A-96AB-438F-BF9B-782400655440} - c:\users\Owner\AppData\Roaming\Qwiklinx\Qwiklinx.d ll
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\Owner\AppData\Roaming\DefaultTab\DefaultT ab\DefaultTabBHO.dll
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe
WebBrowser-{6C3BC03F-D7B9-43AC-8931-C242E3CAE971} - (no file)
AddRemove-DefaultTab - c:\users\Owner\AppData\Roaming\DefaultTab\DefaultT ab\uninstalldt.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macrome d\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUt il64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\brsvc01a.exe
c:\windows\SysWOW64\brss01a.exe
c:\program files (x86)\Optimum\DigiDo\AffinegyService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\cstone\NMSAccess.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
************************************************** ************************
.
Completion time: 2013-05-01 20:48:28 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-02 00:48
.
Pre-Run: 145,459,503,104 bytes free
Post-Run: 145,102,700,544 bytes free
.
- - End Of File - - AA9FFE3CDD7171A61A790F1432312711
Reply With Quote
  #11  
Old May 2nd, 2013, 06:45 AM
schrauber's Avatar
schrauber schrauber is offline
Cyber Tech Help Moderator
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 33
Posts: 4,431
Hi,

Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it:

Code:
File::
c:\users\Owner\AppData\Roaming\Microsoft\Installer\{28DE691E-A3FE-4361-B240-9C7EFA3805DA}\IconF7A21AF7.exe
c:\users\Owner\AppData\Roaming\Microsoft\Installer\{28DE691E-A3FE-4361-B240-9C7EFA3805DA}\IconD7F16134.exe
c:\users\Owner\AppData\Roaming\Microsoft\Installer\{28DE691E-A3FE-4361-B240-9C7EFA3805DA}\Icon1226A4C5.exe
Save this as "CFScript"

(include the "quotation marks" with the name)



Referring to the picture above, drag CFScript.txt into ComboFix.exe

ComboFix will now run as it did before. When the command window opens, select 1 (and Enter). Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.




Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.




[img=http://imageshack.us/a/img841/7292/thisisujrt.gif] Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.[/*]
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".[/*]
  • The tool will open and start scanning your system.[/*]
  • Please be patient as this can take a while to complete depending on your system's specifications.[/*]
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.[/*]
  • Post the contents of JRT.txt into your next message.[/*]



Also please post back with a fresh OTL logfile.
Reply With Quote
  #12  
Old May 4th, 2013, 02:37 AM
NotAgain! NotAgain! is offline
New Member
 
Join Date: Apr 2013
O/S: Windows 7 64-bit
Location: New Jersey
Posts: 19
New ComboFix log and issues...

Hi, Tom -

Ran ComboFix as you directed, but now cannot download anything else. IE, Firefox and Outlook throwing similar error messages:
C:\Program Files (x86)\Internet Explorer\iexplore.exe

Illegal operation attempted on a registry key that has been marked for deletion.
Unfortunately, I think AVG restarted before ComboFix was done, plus "PC Optimizer Pro" opens on startup. I did not uninstall it as you said not to make changes once we started.

Here is the log from the ComboFix:


ComboFix 13-05-01.03 - Owner 05/02/2013 22:58:42.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3034.1053 [GMT -4:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Owner\AppData\Roaming\Microsoft\Installe r\{28DE691E-A3FE-4361-B240-9C7EFA3805DA}\Icon1226A4C5.exe"
"c:\users\Owner\AppData\Roaming\Microsoft\Installe r\{28DE691E-A3FE-4361-B240-9C7EFA3805DA}\IconD7F16134.exe"
"c:\users\Owner\AppData\Roaming\Microsoft\Installe r\{28DE691E-A3FE-4361-B240-9C7EFA3805DA}\IconF7A21AF7.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Local\Temp\AFF1.tmp\F_IN_BO X.dll
c:\users\Owner\AppData\Roaming\Microsoft\Installer \{28DE691E-A3FE-4361-B240-9C7EFA3805DA}\Icon1226A4C5.exe
c:\users\Owner\AppData\Roaming\Microsoft\Installer \{28DE691E-A3FE-4361-B240-9C7EFA3805DA}\IconD7F16134.exe
c:\users\Owner\AppData\Roaming\Microsoft\Installer \{28DE691E-A3FE-4361-B240-9C7EFA3805DA}\IconF7A21AF7.exe
c:\windows\TEMP\jniwrapper-3.8.2.Build.3.8.2\jniwrap.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-04-03 to 2013-05-03 )))))))))))))))))))))))))))))))
.
.
2013-05-03 03:17 . 2013-05-03 03:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-05-03 03:17 . 2013-05-03 03:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-25 19:04 . 2013-04-25 19:04 -------- d-----w- c:\program files\DomaIQ Uninstaller
2013-04-25 19:03 . 2013-04-25 19:03 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer \{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-04-25 19:01 . 2013-04-25 19:01 -------- d-----w- c:\program files (x86)\Conduit
2013-04-25 19:01 . 2013-04-25 19:02 -------- d-----w- c:\program files (x86)\Vafmusic
2013-04-25 19:01 . 2013-04-25 19:01 -------- d-----w- c:\users\Owner\AppData\Local\Conduit
2013-04-25 19:01 . 2013-04-25 19:01 -------- d-----w- c:\users\Owner\AppData\Local\CRE
2013-04-25 19:00 . 2013-04-25 19:00 -------- d-----w- c:\program files (x86)\SearchProtect
2013-04-25 19:00 . 2013-04-25 19:00 -------- d-----w- c:\users\Owner\AppData\Local\Supreme Savings
2013-04-25 19:00 . 2013-04-25 19:06 -------- d-----w- c:\users\Owner\AppData\Roaming\SearchProtect
2013-04-25 19:00 . 2013-04-25 19:00 -------- d-----w- c:\users\Owner\AppData\Local\Updater19962
2013-04-25 19:00 . 2013-05-03 03:20 -------- d-----w- c:\program files (x86)\MyPC Backup
2013-04-25 19:00 . 2013-04-25 19:00 -------- d-----w- c:\program files (x86)\DefaultTab
2013-04-25 19:00 . 2013-04-25 19:00 -------- d-----w- c:\program files (x86)\Supreme Savings
2013-04-25 18:59 . 2013-05-02 00:36 -------- d-----w- c:\users\Owner\AppData\Roaming\DefaultTab
2013-04-23 18:53 . 2013-04-23 18:53 -------- d-----w- c:\program files\CCleaner
2013-04-23 16:12 . 2013-04-23 16:14 121 ----a-w- c:\windows\DeleteOnReboot.bat
2013-04-23 15:59 . 2013-04-23 15:59 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-04-23 15:52 . 2013-04-23 16:00 -------- d-----w- c:\programdata\HitmanPro
2013-04-23 02:42 . 2013-04-23 02:42 -------- d-----w- c:\programdata\PC Optimizer Pro
2013-04-23 02:36 . 2012-06-22 15:01 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2013-04-23 02:34 . 2013-04-23 02:34 -------- d-----w- c:\programdata\W3i
2013-04-23 02:34 . 2013-04-23 02:36 -------- d-----w- C:\sh4ldr
2013-04-23 02:34 . 2013-04-23 02:34 -------- d-----w- c:\program files\Enigma Software Group
2013-04-23 02:33 . 2013-04-23 02:36 -------- d-----w- c:\windows\28DE691EA3FE4361B2409C7EFA3805DA.TMP
2013-04-23 02:33 . 2013-04-23 02:33 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-04-23 02:33 . 2013-04-23 02:33 -------- d-----r- C:\Sandbox
2013-04-23 02:32 . 2013-04-23 02:32 -------- d-----w- c:\users\Owner\AppData\Roaming\Cartwheel
2013-04-23 02:32 . 2013-04-23 02:32 -------- d-----w- c:\program files (x86)\7-zip
2013-04-23 02:32 . 2013-04-23 02:42 -------- d-----w- c:\program files\PC Optimizer Pro
2013-04-23 02:32 . 2013-04-23 02:32 -------- d-----w- c:\programdata\Yahoo!
2013-04-23 02:32 . 2013-04-23 02:32 -------- d-----w- c:\programdata\Yahoo! Companion
2013-04-23 02:32 . 2013-04-23 02:32 -------- d-----w- c:\users\Owner\AppData\Roaming\Yahoo!
2013-04-23 02:32 . 2013-04-23 02:32 -------- d-----w- c:\program files (x86)\Yahoo!
2013-04-23 02:27 . 2013-04-23 02:27 -------- d-----w- c:\program files\Sandboxie
2013-04-23 00:30 . 2013-04-23 19:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-23 00:30 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-23 00:29 . 2013-04-23 00:29 -------- d-----w- c:\users\Owner\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2013-03-14 23:02 . 2012-03-29 18:18 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-14 23:02 . 2011-06-04 00:12 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-28 02:16 . 2012-09-12 03:00 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-02-27 01:19 . 2013-02-27 01:19 4126720 ----a-w- c:\program files (x86)\GUT8D7.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6c3bc03f-d7b9-43ac-8931-c242e3cae971}"= "c:\program files (x86)\Vafmusic\prxtbVaf0.dll" [2013-04-14 231712]
.
[HKEY_CLASSES_ROOT\clsid\{6c3bc03f-d7b9-43ac-8931-c242e3cae971}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110111991162}]
2013-04-25 19:00 748424 ----a-w- c:\program files (x86)\Supreme Savings\Supreme Savings.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3E7C8B5A-96AB-438F-BF9B-782400655440}]
c:\users\Owner\AppData\Roaming\Qwiklinx\Qwiklinx.d ll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c3bc03f-d7b9-43ac-8931-c242e3cae971}]
2013-04-14 12:35 231712 ----a-w- c:\program files (x86)\Vafmusic\prxtbVaf0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]
c:\users\Owner\AppData\Roaming\DefaultTab\DefaultT ab\DefaultTabBHO.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B50DF051-E1D4-439C-B94E-F4DE82B56542}]
2013-04-04 16:22 232384 ----a-w- c:\users\Owner\AppData\Roaming\Cartwheel\Cartwheel .dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Internet Explorer\Toolbar]
"{6c3bc03f-d7b9-43ac-8931-c242e3cae971}"= "c:\program files (x86)\Vafmusic\prxtbVaf0.dll" [2013-04-14 231712]
.
[HKEY_CLASSES_ROOT\clsid\{6c3bc03f-d7b9-43ac-8931-c242e3cae971}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox Ext.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox Ext.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox Ext.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox Ext.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-12-16 765200]
"SearchProtect"="c:\users\Owner\AppData\Roaming\Se archProtect\bin\cltmng.exe" [2013-04-11 2730784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"DigiDo"="c:\program files (x86)\Optimum\DigiDo\TrayApp.exe" [2011-10-17 1154416]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SearchProtectAll"="c:\program files (x86)\SearchProtect\bin\cltmng.exe" [2013-04-11 2730784]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox .exe [2013-3-12 29106336]
MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe [2013-4-8 1913896]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\MRI_DISABLED
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-19 14:39 41208 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
2009-06-19 03:46 494064 ----a-w- c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-06-25 02:19 140520 ------w- c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe [2013-04-08 32808]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 00390686;00390686; [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\ EsgScanner.sys [2012-06-22 22704]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-05-08 215552]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgi dsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-16 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHl pa64.sys [2009-07-09 55280]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIV ERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.s ys [2013-02-28 39768]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileReposi tory\stwrt64.inf_amd64_neutral_2994e9b145633086\AE STSr64.exe [2009-03-03 89600]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2012-12-10 1342024]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 CltMngSvc;Search Protect by Conduit Updater;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-04-11 93984]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 IDEXX Install Service;IDEXX Install Service;c:\program files (x86)\IDEXX\IDEXX SmartService\csinstallservice.exe [2011-02-16 171008]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\ Sentinel64.sys [2007-04-27 142120]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2007-04-27 316992]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-08-17 656624]
S2 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [2012-10-22 248704]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\pro gram files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-02-28 968880]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys [2012-08-03 55776]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2013-04-04 25928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-12 00:52 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Insta ller\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2012-03-29 23:02]
.
2013-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 21:35]
.
2013-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 21:35]
.
2013-04-23 c:\windows\Tasks\PC Optimizer Pro Updates.job
- c:\program files\PC Optimizer Pro\StartApps.exe [2013-03-05 06:56]
.
2013-04-23 c:\windows\Tasks\PC Optimizer Pro64 Scan.job
- c:\program files\PC Optimizer Pro\StartApps.exe [2013-03-05 06:56]
.
2013-05-03 c:\windows\Tasks\PC Optimizer Pro64 startups.job
- c:\program files\PC Optimizer Pro\StartApps.exe [2013-03-05 06:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox Ext64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox Ext64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox Ext64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox Ext64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2010-08-26 415256]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-25 369152]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-11-07 487424]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com/?ctid=CT3287375&octid=CT3287375&SearchSource=61&CU I=UN19237275119091251&UM=2&UP=SPA3B0E6D3-6152-4D1F-ADC5-B9CBB29A3543
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Pro files\osc1n9s0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&CUI=UN2981618482262 8128&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Vafmusic Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3287375&octid=CT3287375&SearchSource=61&CU I=UN29816184822628128&UM=2&UP=SPA3B0E6D3-6152-4D1F-ADC5-B9CBB29A3543
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI= UN29816184822628128&UM=2&q=
FF - ExtSQL: 2013-04-25 15:00; crossriderapp19962@crossrider.com; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Pro files\osc1n9s0.default\extensions\crossriderapp199 62@crossrider.com
FF - ExtSQL: 2013-04-25 15:00; {6c3bc03f-d7b9-43ac-8931-c242e3cae971}; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Pro files\osc1n9s0.default\extensions\{6c3bc03f-d7b9-43ac-8931-c242e3cae971}
FF - ExtSQL: 2013-04-30 22:39; addon@defaulttab.com; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Pro files\osc1n9s0.default\extensions\addon@defaulttab .com.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe
WebBrowser-{6C3BC03F-D7B9-43AC-8931-C242E3CAE971} - (no file)
AddRemove-DefaultTab - c:\users\Owner\AppData\Roaming\DefaultTab\DefaultT ab\uninstalldt.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macrome d\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUt il64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\brsvc01a.exe
c:\windows\SysWOW64\brss01a.exe
c:\program files (x86)\Optimum\DigiDo\AffinegyService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\cstone\NMSAccess.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
************************************************** ************************
.
Completion time: 2013-05-02 23:52:46 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-03 03:52
ComboFix2.txt 2013-05-02 00:48
.
Pre-Run: 141,894,275,072 bytes free
Post-Run: 141,553,778,688 bytes free
.
- - End Of File - - 920A77F6AAEBFF10013A606FED54636C
Reply With Quote
  #13  
Old May 4th, 2013, 06:34 PM
schrauber's Avatar
schrauber schrauber is offline
Cyber Tech Help Moderator
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 33
Posts: 4,431
Just reboot, that will fix the problem, then please follow the rest of the instruction. You can uninstall the program before continuing the instructions.
Reply With Quote
  #14  
Old May 6th, 2013, 01:17 AM
NotAgain! NotAgain! is offline
New Member
 
Join Date: Apr 2013
O/S: Windows 7 64-bit
Location: New Jersey
Posts: 19
Should I reboot even if it means that MS is going to install updates? I have been putting the machine into hibernation mode to avoid the updates.
Reply With Quote
  #15  
Old May 6th, 2013, 05:56 AM
schrauber's Avatar
schrauber schrauber is offline
Cyber Tech Help Moderator
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 33
Posts: 4,431
If it will install updates, just let it do. The reboot will fix the "cannot open anything" problem after running combofix.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 11:10 AM.