Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Virus - Only sign is Cant create New Folder

Started by SJ Danny , Apr 30 2013 09:34 PM

Please log in to reply

#1
SJ Danny

Posted 30 April 2013 - 09:34 PM

Member

Member
86 posts

So the other week I had gotten a virus, I only noticed it when I couldnt create any new folders. I couldnt right click and create a new folder. I couldnt create one when clicking new folder button in any actual folder.

I was somehow able to get rid of it. I honestly dont know how. I was moving my main files over to get ready to re-format my entire PC, when it was able to work again.

Now My Dad has it on his PC, Im not 100% sure what to do. I've tried the same thing I did on my PC but with no luck. I've used Malwarebytes.

Virus:
- Won't let you create any new Folders.
- Slows Down the PC or completely Stalls it.

I don't remember if you guys allow hijackthis files but I really need to get his PC back up for his Business.

Thank You.

My Dad also just told me that he could never open up Firefox, I had to do this through Safemode, and When I opened up Firefox there were 3 Ad-Ons that were obvious spam Ad-Ons. Also there was a good amount of porgrams I deleted that were things like Search Engines, and Coupon Programs. He said he never downloaded them.

OTL logfile created on: 4/30/2013 9:54:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Number1\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 6.64 Gb Available Physical Memory | 83.45% Memory free
15.92 Gb Paging File | 14.65 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 912.90 Gb Total Space | 854.10 Gb Free Space | 93.56% Space Free | Partition Type: NTFS
Drive Z: | 1838.60 Gb Total Space | 1741.21 Gb Free Space | 94.70% Space Free | Partition Type: NTFS

Computer Name: NUMBER1-PC | User Name: Number1 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/30 21:53:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Number1\Downloads\OTL.exe
PRC - [2013/04/12 08:05:41 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/03/15 13:52:44 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

========== Modules (No Company Name) ==========

MOD - [2013/04/12 08:05:41 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/03/15 13:52:44 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

========== Services (SafeList) ==========

SRV:64bit: - [2012/01/10 20:01:52 | 000,627,936 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011/10/26 12:01:00 | 000,204,288 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/04/12 08:05:41 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/11 07:28:08 | 000,093,984 | ---- | M] (Conduit) [Auto | Stopped] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/03/15 14:35:29 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/11 14:03:22 | 000,045,056 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/12/22 23:53:46 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2012/12/22 23:53:14 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2012/12/22 23:52:02 | 000,679,936 | ---- | M] (Intuit, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgrN.exe -- (QuickBooksDB23)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/09 23:33:28 | 000,166,912 | ---- | M] (Dell Products, LP.) [Auto | Stopped] -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2012/03/28 16:56:20 | 000,077,824 | ---- | M] (Atheros) [Auto | Stopped] -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2012/03/08 18:47:18 | 000,159,360 | ---- | M] (Atheros) [Auto | Stopped] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
SRV - [2012/03/08 18:25:30 | 000,107,648 | ---- | M] (Atheros Commnucations) [Auto | Stopped] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/02/16 10:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) [Auto | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2012/02/01 15:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/01/21 09:35:24 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/01/21 09:35:22 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/08/25 19:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/21 01:02:26 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2013/02/21 01:02:24 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2013/02/21 01:02:22 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2013/02/21 01:02:22 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2013/02/21 01:02:15 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/02/21 01:02:13 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/02/21 01:02:13 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/02/11 21:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/05/20 23:25:00 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/05/20 23:25:00 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/05/20 23:25:00 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/03/22 10:21:36 | 002,808,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/03/08 18:36:36 | 000,551,552 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012/03/08 18:35:42 | 000,281,472 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/03/08 18:35:24 | 000,068,736 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012/03/08 18:34:42 | 000,168,064 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/03/08 18:34:24 | 000,036,480 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/03/08 18:34:06 | 000,030,848 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/03/08 18:33:48 | 000,111,232 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012/03/08 18:33:30 | 000,340,096 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012/02/01 16:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/12/06 04:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/24 00:02:20 | 000,648,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/10/26 13:05:12 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/26 11:22:00 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/18 03:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2010/11/20 20:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 13:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 03:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E276CB19-3307-4AA8-BD30-71CEBEEB6333}
IE:64bit: - HKLM\..\SearchScopes\{E276CB19-3307-4AA8-BD30-71CEBEEB6333}: "URL" = http://www.bing.com/...IE9TR&pc=MDDSJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {DB080ED8-D0FD-4959-A4CA-6BE4C1CCC900}
IE - HKLM\..\SearchScopes\{E276CB19-3307-4AA8-BD30-71CEBEEB6333}: "URL" = http://www.bing.com/...IE9TR&pc=MDDSJS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...12-BEB6D558AE4A
IE - HKCU\..\SearchScopes,DefaultScope = {DB080ED8-D0FD-4959-A4CA-6BE4C1CCC900}
IE - HKCU\..\SearchScopes\{D14410A6-661A-48F8-A6DE-ED4109B6C3D8}: "URL" = http://searchou.com/...11c9bcfbc&r=177
IE - HKCU\..\SearchScopes\{DB080ED8-D0FD-4959-A4CA-6BE4C1CCC900}: "URL" = http://search.condui...0152472627&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: "MixiDJ V47 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search The Web (privitize)"
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "MixiDJ V47 Customized Web Search"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "Google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..keyword.URL: "http://search.condui...877169&UM=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013/03/11 13:15:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/25 13:29:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/02/26 14:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Number1\AppData\Roaming\Mozilla\Extensions
[2013/04/30 21:52:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\615q579v.default\extensions
[2013/04/30 21:52:15 | 000,001,094 | ---- | M] () -- C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\615q579v.default\searchplugins\mixidj-v47-customized-web-search.xml
[2013/04/23 13:18:15 | 000,001,378 | ---- | M] () -- C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\615q579v.default\searchplugins\privitize.xml
[2013/04/12 08:05:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/12 08:05:41 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/02/15 17:35:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/15 17:35:09 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Number1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\Number1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Number1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Number1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Number1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihgnjjefcolnangbmnbboccfmjppnlnk\1\
CHR - Extension: No name found = C:\Users\Number1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2 - BHO: (privitize Helper Object) - {1ACB5ABE-4890-4747-952C-F13BDB93FB75} - C:\Program Files (x86)\Industriya\privitize\1.8.16.22\bh\privitize.dll (Industriya LLC)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [QuickBooksDB23] C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgrN.exe (Intuit, Inc.)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SearchProtect] C:\Users\Number1\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Number1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Number1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B06BE038-A07D-45E1-9F29-121DD5BAA6A2}: DhcpNameServer = 192.168.1.2 8.8.8.8 8.8.4.4
O18:64bit: - Protocol\Handler\intu-help-qb6 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb6 {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/03/18 09:44:13 | 000,000,000 | ---D | M] - Z:\AutoCAD -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/30 20:25:10 | 000,000,000 | R--D | C] -- C:\Users\Number1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013/04/30 19:48:31 | 000,000,000 | ---D | C] -- C:\Users\Number1\AppData\Roaming\Malwarebytes
[2013/04/30 19:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/30 19:47:51 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/30 19:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/30 19:47:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/04/25 13:48:59 | 000,000,000 | ---D | C] -- C:\Users\Number1\.thumbnails
[2013/04/25 13:47:05 | 000,000,000 | ---D | C] -- C:\Users\Number1\AppData\Roaming\gtk-2.0
[2013/04/25 13:31:55 | 000,000,000 | ---D | C] -- C:\Users\Number1\Documents\gegl-0.0
[2013/04/25 13:31:55 | 000,000,000 | ---D | C] -- C:\Users\Number1\.gimp-2.6
[2013/04/25 13:29:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/04/25 13:29:47 | 000,000,000 | ---D | C] -- C:\Users\Number1\AppData\Local\Conduit
[2013/04/25 13:29:38 | 000,000,000 | ---D | C] -- C:\Users\Number1\AppData\Roaming\Strongvault
[2013/04/25 13:29:28 | 000,000,000 | ---D | C] -- C:\Users\Number1\AppData\Local\CRE
[2013/04/25 13:29:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/04/25 13:28:54 | 000,000,000 | ---D | C] -- C:\Users\Number1\AppData\Roaming\SearchProtect
[2013/04/25 13:28:39 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/04/25 13:28:36 | 000,000,000 | ---D | C] -- C:\Users\Number1\AppData\Local\Lucky Savings
[2013/04/25 13:28:23 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2013/04/25 10:58:51 | 000,000,000 | R--D | C] -- C:\Users\Number1\Dropbox
[2013/04/23 13:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\CLSoft LTD
[2013/04/23 13:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\MageNoiPPiico
[2013/04/23 13:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/04/23 13:18:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Industriya
[2013/04/23 13:18:13 | 000,000,000 | ---D | C] -- C:\Users\Number1\AppData\Roaming\Industriya
[2013/04/23 09:35:10 | 000,000,000 | ---D | C] -- C:\Users\Number1\AppData\Local\Deployment
[2013/04/23 09:35:10 | 000,000,000 | ---D | C] -- C:\Users\Number1\AppData\Local\Apps
[2013/04/23 09:35:04 | 000,000,000 | ---D | C] -- C:\Users\Number1\Documents\Outlook Files
[2013/04/12 08:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/04/11 13:58:19 | 000,000,000 | ---D | C] -- C:\Users\Number1\AppData\Roaming\Nuance
[2013/04/11 13:58:19 | 000,000,000 | ---D | C] -- C:\Users\Number1\Documents\Intuit

========== Files - Modified Within 30 Days ==========

[2013/04/30 21:51:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/30 21:51:11 | 2116,767,743 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/30 20:32:37 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/30 20:32:37 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/30 20:25:15 | 000,000,244 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013/04/30 20:25:10 | 000,000,244 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2013/04/30 20:25:09 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/30 20:25:01 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2013/04/30 19:51:30 | 000,798,518 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/30 19:51:30 | 000,674,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/30 19:51:30 | 000,125,738 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/30 19:40:02 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/30 17:46:49 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/25 14:45:48 | 000,001,057 | ---- | M] () -- C:\Users\Number1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/04/25 13:50:21 | 000,001,459 | ---- | M] () -- C:\Users\Number1\.recently-used.xbel
[2013/04/25 13:30:04 | 000,000,009 | ---- | M] () -- C:\END
[2013/04/11 03:18:46 | 000,422,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2013/04/25 13:50:21 | 000,001,459 | ---- | C] () -- C:\Users\Number1\.recently-used.xbel
[2013/04/25 13:28:22 | 000,000,009 | ---- | C] () -- C:\END
[2013/03/11 13:30:07 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2013/03/07 15:52:17 | 000,000,257 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2013/03/07 15:52:17 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2013/03/07 15:52:02 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013/03/07 15:52:02 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2013/03/07 15:51:51 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2013/03/07 15:51:50 | 000,000,098 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2013/03/07 15:51:50 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2013/03/06 13:41:54 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2013/02/21 01:08:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/02/21 00:35:12 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/02/21 00:35:12 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/02/21 00:35:10 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/01/10 19:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011/10/25 20:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/10/25 20:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/21 01:02:15 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/21 01:02:15 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/18 14:03:08 | 000,000,000 | ---D | M] -- C:\Users\Number1\AppData\Roaming\Broderbund Software
[2013/04/30 20:26:54 | 000,000,000 | ---D | M] -- C:\Users\Number1\AppData\Roaming\Dropbox
[2013/04/25 13:50:21 | 000,000,000 | ---D | M] -- C:\Users\Number1\AppData\Roaming\gtk-2.0
[2013/04/23 13:18:13 | 000,000,000 | ---D | M] -- C:\Users\Number1\AppData\Roaming\Industriya
[2013/04/11 13:58:19 | 000,000,000 | ---D | M] -- C:\Users\Number1\AppData\Roaming\Nuance
[2013/03/11 13:16:43 | 000,000,000 | ---D | M] -- C:\Users\Number1\AppData\Roaming\RoboForm
[2013/04/25 13:33:56 | 000,000,000 | ---D | M] -- C:\Users\Number1\AppData\Roaming\SearchProtect
[2013/04/25 13:35:56 | 000,000,000 | ---D | M] -- C:\Users\Number1\AppData\Roaming\Strongvault
[2013/03/11 15:16:05 | 000,000,000 | ---D | M] -- C:\Users\Number1\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

< End of report >

Edited by admin, 01 May 2013 - 06:49 AM.
merged posts and moved

#2
RKinner

Posted 01 May 2013 - 10:32 PM

Malware Expert

Expert
24,625 posts

Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Download the adwCleaner

Run the Tool
Windows Vista and Windows 7 users:
Right click in the adwCleaner.exe and select the option
Select the Delete button.
When the scan completes, it will open a notepad windows.
Please, copy the content of this file in your next reply.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(Does this complain that it could not fix all of your files?)

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application. VEW will overwrite the log at C:\vew.txt each time it runs so either post your System results before running VEW for Applications or copy the file c:\vew.txt to a new location.

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Ron

#3
SJ Danny

Posted 02 May 2013 - 01:04 AM

Member

Topic Starter
Member
86 posts

Ok so I did a few things while I was waiting for a reply.

I ran Malwarebytes, 3 quick scans, 3 Full Scans, and 3 Flash Scans.
I was still having the issue so I did in Safe Mode a System Restore all the way back to March 30th. I did gain control of creating a new folder again, but still was having lag stall issues. I dont know if the System Restore I did will make a difference on the OTL Log.
1 More thing I did not completly do all the instructions you gave me, I stopped at "sfc /scannow"
It seems to be running better now. Now I can open up Firefox or any other program without any issues.

Here are the Logs:
-------------------------------------------------------------------------------------------------------
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-05-01 23:18:38
-----------------------------
23:18:38.124 OS Version: Windows x64 6.1.7601 Service Pack 1
23:18:38.124 Number of processors: 8 586 0x3A09
23:18:38.124 ComputerName: NUMBER1-PC UserName: Number1
23:18:38.795 Initialize success
23:21:53.093 AVAST engine defs: 13050101
23:22:26.977 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:22:26.992 Disk 0 Vendor: ST1000DM CC44 Size: 953869MB BusType: 3
23:22:27.086 Disk 0 MBR read successfully
23:22:27.086 Disk 0 MBR scan
23:22:27.086 Disk 0 Windows VISTA default MBR code
23:22:27.086 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
23:22:27.101 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 19016 MB offset 81920
23:22:27.101 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 934812 MB offset 39026688
23:22:27.133 Disk 0 scanning C:\Windows\system32\drivers
23:22:34.387 Service scanning
23:22:48.146 Modules scanning
23:22:49.019 AVAST engine scan C:\Windows
23:22:50.923 AVAST engine scan C:\Windows\system32
23:24:34.086 AVAST engine scan C:\Windows\system32\drivers
23:24:45.786 AVAST engine scan C:\Users\Number1
23:26:22.849 Disk 0 MBR has been saved successfully to "C:\Users\Number1\Desktop\MBR.dat"
23:26:22.849 The log file has been saved successfully to "C:\Users\Number1\Desktop\aswMBR.txt"

-------------------------------------------------------------------------------------------------------

ComboFix 13-05-01.03 - Number1 05/01/2013 23:28:13.1.8 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8153.7038 [GMT -7:00]
Running from: c:\users\Number1\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\MageNoiPPiico
c:\programdata\MageNoiPPiico\data\MageNoiPPiico.dat
c:\windows\RPSETUP.EXE.LOG
.
.
((((((((((((((((((((((((( Files Created from 2013-04-02 to 2013-05-02 )))))))))))))))))))))))))))))))
.
.
2013-05-02 06:31 . 2013-05-02 06:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-02 02:25 . 2012-12-14 23:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-02 01:47 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DBBD6F60-CC01-4A85-981D-0BFD825ED86E}\mpengine.dll
2013-05-01 02:48 . 2013-05-01 02:48 -------- d-----w- c:\users\Number1\AppData\Roaming\Malwarebytes
2013-05-01 02:47 . 2013-05-01 02:47 -------- d-----w- c:\programdata\Malwarebytes
2013-05-01 02:47 . 2013-05-02 02:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-25 20:48 . 2013-04-25 20:48 -------- d-----w- c:\users\Number1\.thumbnails
2013-04-25 20:31 . 2013-04-25 20:50 -------- d-----w- c:\users\Number1\.gimp-2.6
2013-04-25 20:29 . 2013-05-01 03:12 -------- d-----w- c:\users\Number1\AppData\Local\Conduit
2013-04-25 20:29 . 2013-04-25 20:35 -------- d-----w- c:\users\Number1\AppData\Roaming\Strongvault
2013-04-25 20:29 . 2013-04-25 20:29 -------- d-----w- c:\users\Number1\AppData\Local\CRE
2013-04-25 20:29 . 2013-05-02 01:42 -------- d-----w- c:\program files (x86)\SearchProtect
2013-04-25 20:28 . 2013-04-25 20:33 -------- d-----w- c:\users\Number1\AppData\Roaming\SearchProtect
2013-04-25 20:28 . 2013-04-25 20:35 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2013-04-25 20:28 . 2013-05-01 03:04 -------- d-----w- c:\users\Number1\AppData\Local\Lucky Savings
2013-04-25 20:28 . 2013-04-25 20:35 -------- d-----w- C:\AI_RecycleBin
2013-04-25 17:58 . 2013-05-02 01:42 -------- d-----w- c:\users\Number1\Dropbox
2013-04-23 20:18 . 2013-04-23 20:18 -------- d-----w- c:\programdata\CLSoft LTD
2013-04-23 20:18 . 2013-05-02 01:42 -------- d-----w- c:\programdata\InstallMate
2013-04-23 16:35 . 2013-04-23 16:35 -------- d-----w- c:\users\Number1\AppData\Local\Deployment
2013-04-23 16:35 . 2013-04-23 16:35 -------- d-----w- c:\users\Number1\AppData\Local\Apps
2013-04-11 20:58 . 2013-04-11 20:58 -------- d-----w- c:\users\Number1\AppData\Roaming\Nuance
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 01:44 . 2013-03-11 20:30 151552 ----a-w- c:\windows\KMSEmulator.exe
2013-03-22 10:00 . 2013-03-22 10:00 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-22 10:00 . 2013-03-22 10:00 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-22 10:00 . 2013-03-22 10:00 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-22 10:00 . 2013-03-22 10:00 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-03-22 10:00 . 2013-03-22 10:00 855552 ----a-w- c:\windows\system32\jscript.dll
2013-03-22 10:00 . 2013-03-22 10:00 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-22 10:00 . 2013-03-22 10:00 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-22 10:00 . 2013-03-22 10:00 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-22 10:00 . 2013-03-22 10:00 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-22 10:00 . 2013-03-22 10:00 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-22 10:00 . 2013-03-22 10:00 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-03-22 10:00 . 2013-03-22 10:00 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-03-22 10:00 . 2013-03-22 10:00 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-22 10:00 . 2013-03-22 10:00 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-22 10:00 . 2013-03-22 10:00 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-03-22 10:00 . 2013-03-22 10:00 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-03-22 10:00 . 2013-03-22 10:00 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-22 10:00 . 2013-03-22 10:00 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-03-22 10:00 . 2013-03-22 10:00 526848 ----a-w- c:\windows\system32\ieui.dll
2013-03-22 10:00 . 2013-03-22 10:00 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-22 10:00 . 2013-03-22 10:00 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-22 10:00 . 2013-03-22 10:00 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-03-22 10:00 . 2013-03-22 10:00 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-22 10:00 . 2013-03-22 10:00 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-22 10:00 . 2013-03-22 10:00 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-22 10:00 . 2013-03-22 10:00 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-22 10:00 . 2013-03-22 10:00 441856 ----a-w- c:\windows\system32\html.iec
2013-03-22 10:00 . 2013-03-22 10:00 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-03-22 10:00 . 2013-03-22 10:00 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-03-22 10:00 . 2013-03-22 10:00 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-22 10:00 . 2013-03-22 10:00 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-22 10:00 . 2013-03-22 10:00 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-03-22 10:00 . 2013-03-22 10:00 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-22 10:00 . 2013-03-22 10:00 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-22 10:00 . 2013-03-22 10:00 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-22 10:00 . 2013-03-22 10:00 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-03-22 10:00 . 2013-03-22 10:00 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-03-22 10:00 . 2013-03-22 10:00 2647552 ----a-w- c:\windows\system32\iertutil.dll
2013-03-22 10:00 . 2013-03-22 10:00 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-22 10:00 . 2013-03-22 10:00 235008 ----a-w- c:\windows\system32\url.dll
2013-03-22 10:00 . 2013-03-22 10:00 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-22 10:00 . 2013-03-22 10:00 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-22 10:00 . 2013-03-22 10:00 2240512 ----a-w- c:\windows\system32\wininet.dll
2013-03-22 10:00 . 2013-03-22 10:00 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-22 10:00 . 2013-03-22 10:00 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-22 10:00 . 2013-03-22 10:00 19221504 ----a-w- c:\windows\system32\mshtml.dll
2013-03-22 10:00 . 2013-03-22 10:00 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-22 10:00 . 2013-03-22 10:00 1766912 ----a-w- c:\windows\SysWow64\wininet.dll
2013-03-22 10:00 . 2013-03-22 10:00 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-22 10:00 . 2013-03-22 10:00 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-22 10:00 . 2013-03-22 10:00 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-22 10:00 . 2013-03-22 10:00 15407616 ----a-w- c:\windows\system32\ieframe.dll
2013-03-22 10:00 . 2013-03-22 10:00 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-22 10:00 . 2013-03-22 10:00 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-22 10:00 . 2013-03-22 10:00 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-22 10:00 . 2013-03-22 10:00 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-22 10:00 . 2013-03-22 10:00 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-22 10:00 . 2013-03-22 10:00 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-22 10:00 . 2013-03-22 10:00 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-22 10:00 . 2013-03-22 10:00 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-22 10:00 . 2013-03-22 10:00 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-22 10:00 . 2013-03-22 10:00 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-03-22 10:00 . 2013-03-22 10:00 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-03-22 10:00 . 2013-03-22 10:00 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-22 10:00 . 2013-03-22 10:00 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-22 10:00 . 2013-03-22 10:00 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-22 10:00 . 2013-03-22 10:00 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-22 10:00 . 2013-03-22 10:00 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-22 10:00 . 2013-03-22 10:00 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-03-22 10:00 . 2013-03-22 10:00 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-22 10:00 . 2013-03-22 10:00 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-15 21:35 . 2013-02-21 06:12 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-15 21:35 . 2013-02-21 06:12 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 10:02 . 2013-02-26 21:20 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-02-26 20:51 . 2010-06-24 17:33 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-02-21 08:02 . 2013-02-21 08:02 360832 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
2013-02-21 08:02 . 2013-02-21 08:02 936448 ----a-w- c:\windows\system32\vmsal.exe
2013-02-21 08:02 . 2013-02-21 08:02 793600 ----a-w- c:\windows\SysWow64\vmsal.exe
2013-02-21 08:02 . 2013-02-21 08:02 59392 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys
2013-02-21 08:02 . 2013-02-21 08:02 562176 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2013-02-21 08:02 . 2013-02-21 08:02 4514816 ----a-w- c:\windows\system32\vpc.exe
2013-02-21 08:02 . 2013-02-21 08:02 2264064 ----a-w- c:\windows\system32\VPCWizard.exe
2013-02-21 08:02 . 2013-02-21 08:02 1369600 ----a-w- c:\windows\system32\VPCSettings.exe
2013-02-21 08:02 . 2013-02-21 08:02 1210368 ----a-w- c:\windows\system32\VMWindow.exe
2013-02-21 08:02 . 2013-02-21 08:02 95232 ----a-w- c:\windows\system32\drivers\vpcusb.sys
2013-02-21 08:02 . 2013-02-21 08:02 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2013-02-21 08:02 . 2013-02-21 08:02 778752 ----a-w- c:\windows\system32\mssvp.dll
2013-02-21 08:02 . 2013-02-21 08:02 75264 ----a-w- c:\windows\system32\msscntrs.dll
2013-02-21 08:02 . 2013-02-21 08:02 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2013-02-21 08:02 . 2013-02-21 08:02 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2013-02-21 08:02 . 2013-02-21 08:02 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2013-02-21 08:02 . 2013-02-21 08:02 491520 ----a-w- c:\windows\system32\mssph.dll
2013-02-21 08:02 . 2013-02-21 08:02 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2013-02-21 08:02 . 2013-02-21 08:02 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2013-02-21 08:02 . 2013-02-21 08:02 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2013-02-21 08:02 . 2013-02-21 08:02 31232 ----a-w- c:\windows\system32\prevhost.exe
2013-02-21 08:02 . 2013-02-21 08:02 288256 ----a-w- c:\windows\system32\mssphtb.dll
2013-02-21 08:02 . 2013-02-21 08:02 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2013-02-21 08:02 . 2013-02-21 08:02 2315776 ----a-w- c:\windows\system32\tquery.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\users\Number1\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\users\Number1\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\users\Number1\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 129272 ----a-w- c:\users\Number1\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-03-11 109784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-21 291648]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-27 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2013-03-11 2778424]
"QuickBooksDB23"="c:\progra~2\Intuit\QUICKB~2\QBDBMgrN.exe" [2012-12-23 679936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 512360]
.
c:\users\Number1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Number1\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 26043088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-12-22 6189944]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2013-3-11 1182536]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2013\QBW32.EXE [2013-3-11 1185096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi3"=wdmaud.drv
.
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]
R2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [2012-03-09 107648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-04-10 166912]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-01-11 627936]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
R2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-12-23 1248256]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2012-02-16 1695040]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-01-21 363800]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2012-03-09 159360]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [2012-03-28 77824]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-03-09 36480]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-18 93712]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 281088]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-06-10 15360]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-03-09 340096]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-03-09 111232]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-03-09 168064]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-03-09 68736]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-03-09 281472]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-03-09 551552]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-02-26 1255736]
R4 QuickBooksDB23;QuickBooksDB23;c:\progra~2\Intuit\QUICKB~2\QBDBMgrN.exe [2012-12-23 679936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-05-21 19264]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-03-09 30848]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-05-21 357184]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-05-21 789824]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-11-24 648808]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-27 18:36 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-21 21:35]
.
2013-05-02 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2013-03-11 20:30]
.
2013-05-02 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS\AutoKMS.exe [2013-03-11 20:30]
.
2013-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-27 18:35]
.
2013-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-27 18:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 162552 ----a-w- c:\users\Number1\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 162552 ----a-w- c:\users\Number1\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 162552 ----a-w- c:\users\Number1\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39 162552 ----a-w- c:\users\Number1\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-23 6457960]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-16 1156712]
"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2012-03-09 1021056]
"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2012-03-09 800896]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 112512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.roboform.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.2 8.8.8.8 8.8.4.4
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - c:\program files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\615q579v.default\
FF - prefs.js: browser.startup.homepage - Google.com
FF - ExtSQL: 2013-03-11 13:15; {22119944-ED35-4ab1-910B-E619EA06A115}; c:\program files (x86)\Siber Systems\AI RoboForm\Firefox
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-01 23:32:27
ComboFix-quarantined-files.txt 2013-05-02 06:32
.
Pre-Run: 917,025,103,872 bytes free
Post-Run: 917,558,706,176 bytes free
.
- - End Of File - - E4F6F6104E3FC5C1E86E03CEF079D81E

-------------------------------------------------------------------------------------------------------

# AdwCleaner v2.300 - Logfile created 05/01/2013 at 23:37:02
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Number1 - NUMBER1-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Number1\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Users\Number1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhajdiepodlpiaghfiflddceiknahfih
File Deleted : C:\END
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\ProgramData\clsoft ltd
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Users\Number1\AppData\Local\Conduit
Folder Deleted : C:\Users\Number1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhajdiepodlpiaghfiflddceiknahfih
Folder Deleted : C:\Users\Number1\AppData\Local\Lucky Savings
Folder Deleted : C:\Users\Number1\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Number1\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Number1\AppData\Roaming\SearchProtect

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Number1\AppData\Roaming\Mozilla\Firefox\Profiles\615q579v.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.43

File : C:\Users\Number1\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.20] : icon_url = "hxxp://search.conduit.com/fav.ico",
Deleted [l.23] : keyword = "search.conduit.com",
Deleted [l.27] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN87[...]
Deleted [l.28] : suggest_url = "hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=U[...]

*************************

AdwCleaner[S1].txt - [1984 octets] - [01/05/2013 23:37:02]

########## EOF - C:\AdwCleaner[S1].txt - [2044 octets] ##########

-------------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.02.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Number1 :: NUMBER1-PC [administrator]

Protection: Enabled

5/1/2013 11:46:04 PM
mbam-log-2013-05-01 (23-46-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214572
Time elapsed: 2 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#4
RKinner

Posted 02 May 2013 - 08:59 AM

Malware Expert

Expert
24,625 posts

Can you continue from where you left off?

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot....

It shouldn't take too long and it will check to see if there are any errors which need to be addressed.