Possible Adware/Malware Virus. Need help!

View previous topic View next topic Go down

Possible Adware/Malware Virus. Need help!

Post by craig.deboard on Fri Jun 28, 2013 10:23 pm

Here is the log that I got when I ran the program you guys suggested. I'm really desperate to get my issue resolved as I start school in a few weeks and really need this fixed. Thanks so much in advance for helping me Smile



# AdwCleaner v2.303 - Logfile created 06/28/2013 at 15:09:51
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Craig - CRAIG-VAIO
# Boot Mode : Normal
# Running from : C:\Users\Craig\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Application Updater
Stopped & Deleted : Web Assistant Updater

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\spigot
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\0k0sxn7w.default\searchplugins\MyStart Search.xml
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Folder Deleted : C:\Program Files (x86)\Perion
Folder Deleted : C:\Program Files (x86)\Vuze Remote toolbar
Folder Deleted : C:\Program Files (x86)\Vuze_Remote
Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Registry Optimizer
Folder Deleted : C:\Users\Craig\AppData\Local\APN
Folder Deleted : C:\Users\Craig\AppData\Local\Babylon
Folder Deleted : C:\Users\Craig\AppData\Local\blekkotb
Folder Deleted : C:\Users\Craig\AppData\Local\Conduit
Folder Deleted : C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Deleted : C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Folder Deleted : C:\Users\Craig\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Craig\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Craig\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Craig\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Craig\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Craig\AppData\LocalLow\Vuze_Remote
Folder Deleted : C:\Users\Craig\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\0k0sxn7w.default\Conduit
Folder Deleted : C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\0k0sxn7w.default\ConduitEngine
Folder Deleted : C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\0k0sxn7w.default\CT2504091
Folder Deleted : C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\0k0sxn7w.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Folder Deleted : C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\0k0sxn7w.default\extensions\engine@conduit.com
Folder Deleted : C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\0k0sxn7w.default\extensions\ffxtlbr@incredibar.com
Folder Deleted : C:\Users\Craig\AppData\Roaming\OpenCandy
Folder Deleted : C:\Windows\SysWOW64\WNLT

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8584E584-A83A-472F-B8BF-3D4D92D35FE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8584E584-A83A-472F-B8BF-3D4D92D35FE6}
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\Vuze_Remote
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8584E584-A83A-472F-B8BF-3D4D92D35FE6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43375CB7-CE9B-46AC-8486-545315264156}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{835B5D84-7FB0-419E-A655-B345EC07C302}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE289E7F-AD70-4D92-8B4D-7F76E4FE55D9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\0k0sxn7w.default\prefs.js

C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\0k0sxn7w.default\user.js ... Deleted !

Deleted : user_pref("CT2504091..clientLogIsEnabled", false);
Deleted : user_pref("CT2504091..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2504091..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2504091.CTID", "CT2504091");
Deleted : user_pref("CT2504091.CurrentServerDate", "21-4-2011");
Deleted : user_pref("CT2504091.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2504091.DialogsGetterLastCheckTime", "Thu Apr 21 2011 09:15:38 GMT-0700 (US Mountain St[...]
Deleted : user_pref("CT2504091.DownloadReferralCookieData", "");
Deleted : user_pref("CT2504091.EMailNotifierPollDate", "Thu Apr 21 2011 12:50:38 GMT-0700 (US Mountain Standar[...]
Deleted : user_pref("CT2504091.FeedLastCount129079840422964131", 10);
Deleted : user_pref("CT2504091.FeedPollDate128891351169457140", "Thu Apr 21 2011 12:15:39 GMT-0700 (US Mountai[...]
Deleted : user_pref("CT2504091.FeedPollDate129079840422964131", "Thu Apr 21 2011 11:15:38 GMT-0700 (US Mountai[...]
Deleted : user_pref("CT2504091.FeedTTL128891351169457140", 40);
Deleted : user_pref("CT2504091.FirstServerDate", "21-4-2011");
Deleted : user_pref("CT2504091.FirstTime", true);
Deleted : user_pref("CT2504091.FirstTimeFF3", true);
Deleted : user_pref("CT2504091.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2504091.HasUserGlobalKeys", true);
Deleted : user_pref("CT2504091.Initialize", true);
Deleted : user_pref("CT2504091.InitializeCommonPrefs", true);
Deleted : user_pref("CT2504091.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2504091.InstallationId", "StubInstaller");
Deleted : user_pref("CT2504091.InstallationType", "ConduitIntegration");
Deleted : user_pref("CT2504091.InstalledDate", "Thu Apr 21 2011 09:15:38 GMT-0700 (US Mountain Standard Time)"[...]
Deleted : user_pref("CT2504091.IsGrouping", false);
Deleted : user_pref("CT2504091.IsMulticommunity", false);
Deleted : user_pref("CT2504091.IsOpenThankYouPage", false);
Deleted : user_pref("CT2504091.IsOpenUninstallPage", false);
Deleted : user_pref("CT2504091.LanguagePackLastCheckTime", "Thu Apr 21 2011 09:15:39 GMT-0700 (US Mountain Sta[...]
Deleted : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2504091.LastLogin_3.3.3.2", "Thu Apr 21 2011 09:15:38 GMT-0700 (US Mountain Standard Ti[...]
Deleted : user_pref("CT2504091.LatestVersion", "3.3.3.2");
Deleted : user_pref("CT2504091.Locale", "en-us");
Deleted : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Deleted : user_pref("CT2504091.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Thu Apr 21 2011 09:15:38 GMT-0700 (US Mountain S[...]
Deleted : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2504091.ServiceMapLastCheckTime", "Thu Apr 21 2011 09:15:36 GMT-0700 (US Mountain Stand[...]
Deleted : user_pref("CT2504091.SettingsLastCheckTime", "Thu Apr 21 2011 09:15:37 GMT-0700 (US Mountain Standar[...]
Deleted : user_pref("CT2504091.SettingsLastUpdate", "1301829146");
Deleted : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Thu Apr 21 2011 09:15:36 GMT-0700 (US Mountain[...]
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1246786978");
Deleted : user_pref("CT2504091.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2504091");
Deleted : user_pref("CT2504091.UserID", "UN24367661307686328");
Deleted : user_pref("CT2504091.alertChannelId", "897164");
Deleted : user_pref("CT2504091.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Deleted : user_pref("CT2504091.globalFirstTimeInfoLastCheckTime", "Thu Apr 21 2011 09:15:41 GMT-0700 (US Mount[...]
Deleted : user_pref("CT2504091.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2504091.myStuffEnabled", true);
Deleted : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2504091.testingCtid", "");
Deleted : user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Thu Apr 21 2011 09:15:38 GMT-0700 (US Mounta[...]
Deleted : user_pref("CT2504091.toolbarContextMenuLastCheckTime", "Thu Apr 21 2011 09:15:39 GMT-0700 (US Mounta[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/897164/892962/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2504091/CT2504091[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2504091");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{ba14329e-9550-4989-b3f2-9732e92d17cc}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "vuze_remote");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2504091");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{ba14329e-9550-4989-b3f2-9732e92d17cc}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "vuze_remote");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2504091");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri May 13 2011 17:14:35 GMT-07[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Nov 13 2011 23:13:09 GMT-0500 (US Ea[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Mar 08 2012 02:09:19 GMT-0500 (US Easter[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "665704eb-1824-4d2d-a21a-33fb77ca2edc");
Deleted : user_pref("CommunityToolbar.globalUserId", "6f3f20ee-98a1-4768-b77f-03ff93487d30");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sun Nov 06 2011 13:19:56 GMT-0500 (US Eastern S[...]
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Tue Mar 06 2012 03:01:05 GMT-0500 (US Eastern[...]
Deleted : user_pref("ConduitEngine.FirstServerDate", "04/21/2011 19");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Thu Apr 21 2011 09:15:37 GMT-0700 (US Mountain Standard Ti[...]
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Thu Mar 08 2012 02:09:20 GMT-0500 (US Eastern [...]
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Thu Mar 08 2012 02:09:20 GMT-0500 (US Eastern Standard[...]
Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Thu Mar 08 2012 02:09:20 GMT-0500 (US Eastern Stan[...]
Deleted : user_pref("ConduitEngine.UserID", "UN14936511424867982");
Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Thu Mar 08 2012 02:09:20 GMT-0500 (US Ea[...]
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Thu Mar 08 2012 02:09:20 GMT-0500 (US E[...]
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("ConduitEngine.usagesFlag", 2);
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb178?a=6PQHELGvHs&loc=FF_NT");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109930");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "b0a649e30000000000008ca98204e013");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "b0a649e30000000000008ca98204e013");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15412");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=109930&babsrc=NT_s[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:32:47");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.cntry", "US");
Deleted : user_pref("extensions.incredibar.dfltLng", "");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.did", "10643");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "AE8B707A6E947400C115834B67E90592");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.id", "b0a649e30000000000008ca98204e013");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15577");
Deleted : user_pref("extensions.incredibar.instlRef", "");
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1415:57:36");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.ppd", "1");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQHELGvHs&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.upn2", "6PQHELGvHs");
Deleted : user_pref("extensions.incredibar.upn2n", "92543468381996642");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1415:57:36");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10643");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "b0a649e30000000000008ca98204e013");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15577");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "1");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQHELGvHs&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6PQHELGvHs");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92543468381996642");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1415:57:36");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
Deleted : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]
Deleted : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.3898] : urls_to_restore_on_startup = [ "hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ch", "hxxp:[...]

*************************

AdwCleaner[S1].txt - [30981 octets] - [28/06/2013 15:09:51]

########## EOF - C:\AdwCleaner[S1].txt - [31042 octets] ##########

craig.deboard
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2013-06-28
OS : Windows 7

View user profile

Back to top Go down

Re: Possible Adware/Malware Virus. Need help!

Post by Superdave on Sat Jun 29, 2013 6:41 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.

  • If an update is found, it will download and install the latest version.

  • Once the program has loaded, select "Perform Full Scan", then click Scan.

  • The scan may take some time to finish,so please be patient.

  • When the scan is complete, click OK, then Show Results to view the results.

  • Make sure that everything is checked, and click Remove Selected.

  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)

  • Please save the log to a location you will remember.

  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

  • Copy and paste the entire report in your next reply.


Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*******************************************************
Please download [You must be registered and logged in to see this link.] to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click [You must be registered and logged in to see this link.]link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Possible Adware/Malware Virus. Need help!

Post by craig.deboard on Sun Jun 30, 2013 12:02 am

OK I may have to copy this into a few replies since I ran all three programs you instructed me to just to be safe. So here you go. The security check one (the final log you asked for me to paste) does have me bothered because i know for a fact my version of windows is legitimate due to me purchasing my machine brand new.




Malwarebytes Anti-Malware (Trial) 1.75.0.1300
[You must be registered and logged in to see this link.]

Database version: v2013.06.29.04

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Craig :: CRAIG-VAIO [administrator]

Protection: Enabled

6/29/2013 12:12:15 PM
mbam-log-2013-06-29 (12-12-15).txt

Scan type: Full scan (C:\|D:\|E:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 558465
Time elapsed: 4 hour(s), 1 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Craig\Desktop\Artwork\Tools\Adobe\ADBE.CS5.MasterKeygen\ADBE.CS5.MasterKeygen.rar (Trojan.Agent.CK) -> Quarantined and deleted successfully.

(end)






craig.deboard
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2013-06-28
OS : Windows 7

View user profile

Back to top Go down

Re: Possible Adware/Malware Virus. Need help!

Post by craig.deboard on Sun Jun 30, 2013 12:03 am

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Craig on Sat 06/29/2013 at 16:30:33.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "HKEY_CURRENT_USER\Software\Microsoft\internet explorer\internetregistry\registry\user\S-1-5-21-2449745153-3000992257-2090208652-1005\software\web assistant"
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE}



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\spigot"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\privacy safeguard"
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{00B70F51-4047-46F4-9F55-D10266954EE7}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{02948043-3EA3-4B22-9CC0-5E1BF73CEA2D}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{04068B6D-939B-4AC2-832F-2B9D9E23A711}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{092351B1-A119-41E0-B736-591F753E30AD}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{0E897D64-CD4B-4EA1-B109-F56AA0841911}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{10DCBB2E-3BA8-49EA-A4E2-4E549104E30C}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{196095FD-37D4-49CA-8F8E-842C5CB83ED1}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{1F679469-31FC-4652-B63D-8DCB2A6CBA6E}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{1FA27040-2E77-400C-9458-B1F9D35DE929}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{20F7442D-1ADD-45DC-9765-BB91BEFACAC1}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{29DBB285-EA92-47EE-884C-20F82BBB63C4}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{2F2FADBD-CBFB-424C-AC55-F8B5CFF12023}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{2F988BFE-9142-400D-B001-7304889D8B8E}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{30891D7F-68E9-40A9-9C3B-6471A2298B60}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{342DC641-F9C7-4D55-9E5E-2A25EB7A17E6}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{349A8A77-E225-4166-8C31-89B6873D7F7F}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{42F037CA-1C98-43D9-987B-9FF1562E7DD9}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{4711CE9B-CF5F-4AC8-8926-0144E797025D}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{58857BB3-39B9-4D7C-8AA7-5BA202F055C4}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{5BAEA191-B014-4E22-830A-C3F6B9A98EA2}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{5DC62215-276F-49AE-95AD-F3426231FC56}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{5F338612-1BB8-4AF3-8AD4-BC6456D04AA8}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{64D8E6AB-EAEF-43F6-AC2C-1607F0EC1B78}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{6E3A6C3F-3388-4517-8F45-7A2E9A9C3B88}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{725409F0-81B1-4CAF-AC0E-6955274F14B5}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{7770E0F4-4F27-44DD-B008-CB809D02D4CA}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{78D58D4C-7BEA-42D3-AD35-EA32422FE116}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{7AE32E89-6FB5-4B10-AF8B-00CD97288DDE}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{8B4B1596-231B-4A11-A5BB-D661C606E89C}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{91DB6860-E6CE-4A27-ACDF-411EC99272A8}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{9246E0B9-84D6-4D22-B57E-E4B2996876D8}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{95202CCB-D927-4166-8370-956FDB1CDA77}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{970246BD-9441-4E69-9223-3EC6A802A7A3}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{9E520D74-3071-425A-8091-631AA3B04EE3}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{9FD30F0F-29AD-45DC-A194-FB4E76F6254F}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{A017479E-D363-4EC7-9BD6-F88D71A4E569}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{A8617459-463F-4870-9A4E-3D0A218FDC6B}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{AC678F2B-7EAD-438D-AC44-FCE6696C9FE5}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{AC68B904-1097-4CE4-B21E-096B2C930381}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{AFD72944-C38B-4175-A312-FBF667564F35}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{B248552A-EB50-49D6-BD4D-2172A1CE80CA}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{B552A4C5-2C3F-4A97-ABFC-672A561DC615}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{BFABB0DD-015A-456E-8803-0D86BDA68397}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{C3EB0D44-CEE1-49A2-96C8-233B96651F60}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{C45BECB4-DF3E-4562-9606-29E811797CF4}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{C6D6B3EE-A9C2-4A60-BDAB-5C4AAE8FBF26}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{CC6FE63F-17E5-4B40-9CF6-DB694C0554AD}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{CFEFD57B-805D-4041-85C5-D9FC4E9C8385}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{D2FF9635-24B3-4441-B4D6-290F4308680D}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{D7F196B1-1F03-4393-A42C-DE8BF9F9E49B}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{DAB4772F-3F6D-41D7-A521-ADEFD69E6325}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{DEB51304-C426-42A8-91CB-8B30FC8D188A}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{E2A1CEED-C5CA-4486-977E-6663303774B6}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{E3CAB730-866D-48D5-B464-2D97F11A85B7}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{E53BD66A-DE1B-46FE-86D4-1951CF8E17E4}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{EBB6A8FF-2755-4865-8275-C1EF6194E448}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{EFBF5BFE-5EF7-4188-A29D-B6F083772EF6}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{F34C4FC0-4A86-4C21-BF3E-83BB16128C1D}
Successfully deleted: [Empty Folder] C:\Users\Craig\appdata\local\{FCB5E577-E3F7-40C6-85CF-E626041F5706}



~~~ FireFox

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\blekkotb.xml"
Successfully deleted: [Folder] C:\Users\Craig\AppData\Roaming\mozilla\firefox\profiles\0k0sxn7w.default\extensions\savingsslider@mybrowserbar.com
Emptied folder: C:\Users\Craig\AppData\Roaming\mozilla\firefox\profiles\0k0sxn7w.default\minidumps [6 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Craig\appdata\local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\geggofhlfbcmanadhknllmlajiafopoh



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/29/2013 at 16:56:42.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

craig.deboard
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2013-06-28
OS : Windows 7

View user profile

Back to top Go down

Re: Possible Adware/Malware Virus. Need help!

Post by craig.deboard on Sun Jun 30, 2013 12:05 am

Here is the checkup.txt I got:

UNSUPPORTED OPERATING SYSTEM! ABORTED!

As I said, I know my version of Windows is genuine due to me purchasing my machine brand new rather than used. My main problem seems to be when I try to run any of my Adobe programs at the same time as any videos or music player. This problem never started until a few months ago. I've had the computer for a few years now.

craig.deboard
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2013-06-28
OS : Windows 7

View user profile

Back to top Go down

Re: Possible Adware/Malware Virus. Need help!

Post by Superdave on Sun Jun 30, 2013 1:52 am

The security check one (the final log you asked for me to paste) does have me bothered because i know for a fact my version of windows is legitimate due to me purchasing my machine brand new.
It's not to check your Windows OS. I have another program for that. I need to see what's running on your computer and what's not up to date.

Download [You must be registered and logged in to see this link.] to your desktop.

* Double click CKScanner.exe and click Search For Files
* After a very short time, when the cursor hourglass disappears, click Save List To File
* A message box will verify the file saved.
* There will now be a file called CKFiles.txt on your desktop.
* Copy and paste the contents of CKFiles.txt in your next reply.
***********************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Possible Adware/Malware Virus. Need help!

Post by craig.deboard on Sun Jun 30, 2013 3:07 am

CKScanner 2.3 - Additional Security Risks - These are not necessarily bad
c:\program files\adobe\adobe premiere pro cs5.5\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cs5.5\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cs5.5\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cs6\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cs6\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cs6\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files\adobe\adobe premiere pro cs6\plug-ins\zh_cn\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cs6\plug-ins\zh_cn\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cs6\plug-ins\zh_cn\vstplugins\decrackler6.dll
c:\program files (x86)\adobe\adobe flash catalyst cs5.5\plugins\com.adobe.thermo.core_1.5.0.308731\com\adobe\thermo\undo\thermoundosystem$undoabledocumentchangecracker.class
c:\users\craig\desktop\artwork\tools\adobe\adbe.cs5.masterkeygen\keygen.txt
c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\dcgame\cookedpc\character\geargroup\helmet\dhelmetnutcracker1acr.upk
c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\dcgame\cookedpc\character\geargroup\helmet\dhelmetnutcracker1mes.upk
c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\dcgame\cookedpc\character\geargroup\helmet\dhelmetnutcracker1mon.upk
c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\dcgame\cookedpc\character\geargroup\helmet\dhelmetnutcracker1spr.upk
c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\dcgame\cookedpc\character\geargroup\helmet\dhelmetnutcracker1stk.upk
c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\dcgame\cookedpc\character\geargroup\helmet\dhelmetnutcracker1thg.upk
c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\dcgame\cookedpc\character\geargroup\helmet\dhelmetnutcracker2acr.upk
c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\dcgame\cookedpc\character\geargroup\helmet\dhelmetnutcracker2mes.upk
c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\dcgame\cookedpc\character\geargroup\helmet\dhelmetnutcracker2mon.upk
c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\dcgame\cookedpc\character\geargroup\helmet\dhelmetnutcracker2spr.upk
c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\dcgame\cookedpc\character\geargroup\helmet\dhelmetnutcracker2stk.upk
c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\dcgame\cookedpc\character\geargroup\helmet\dhelmetnutcracker2thg.upk
c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\dcgame\cookedpc\character\geargroup\helmet\dhelmetnutcracker3acr.upk
c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\dcgame\cookedpc\character\geargroup\helmet\dhelmetnutcracker3mes.upk
c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\dcgame\cookedpc\character\geargroup\helmet\dhelmetnutcracker3mon.upk
c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\dcgame\cookedpc\character\geargroup\helmet\dhelmetnutcracker3spr.upk
c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\dcgame\cookedpc\character\geargroup\helmet\dhelmetnutcracker3stk.upk
c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\dcgame\cookedpc\character\geargroup\helmet\dhelmetnutcracker3thg.upk
c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\dcgame\cookedpc\dcfxgroups\power\electric\dcfxpowele_thundercrack_imp.upk
scanner sequence 3.ZZ.11.LLNACK
----- EOF -----

craig.deboard
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2013-06-28
OS : Windows 7

View user profile

Back to top Go down

Re: Possible Adware/Malware Virus. Need help!

Post by craig.deboard on Sun Jun 30, 2013 3:08 am

ComboFix 13-06-28.02 - Craig 06/29/2013 19:44:42.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3758.1239 [GMT -7:00]
Running from: c:\users\Craig\Downloads\ComboFix.exe
AV: Norton AntiVirus *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\PrivacySafeGuard\PrIVacysafeguard.dll
c:\programdata\Roaming
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((( Files Created from 2013-05-28 to 2013-06-30 )))))))))))))))))))))))))))))))
.
.
2013-06-30 02:22 . 2013-06-30 02:22 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F0EF99A-0300-486C-9593-0F2B44979000}\offreg.dll
2013-06-30 02:12 . 2013-06-30 02:12 -------- d-----w- c:\users\Craig\AppData\Local\Avg2013
2013-06-29 23:30 . 2013-06-29 23:30 -------- d-----w- c:\windows\ERUNT
2013-06-29 23:29 . 2013-06-29 23:29 -------- d-----w- C:\JRT
2013-06-29 19:08 . 2013-06-29 19:08 -------- d-----w- c:\users\Craig\AppData\Roaming\Malwarebytes
2013-06-29 19:07 . 2013-06-29 19:07 -------- d-----w- c:\programdata\Malwarebytes
2013-06-29 19:07 . 2013-06-29 19:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-29 19:07 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-28 22:10 . 2013-06-28 22:11 110 ----a-w- c:\windows\DeleteOnReboot.bat
2013-06-22 18:57 . 2013-06-22 19:01 -------- d-----w- c:\users\Craig\AppData\Local\Sony Online Entertainment
2013-06-21 16:18 . 2013-06-21 16:18 -------- d-----w- c:\users\Craig\AppData\Roaming\Nico Mak Computing
2013-06-21 16:18 . 2013-02-13 18:07 19840 ----a-w- c:\windows\system32\roboot64.exe
2013-06-21 16:17 . 2013-06-21 16:17 -------- d-----w- c:\users\Craig\AppData\Local\Slick Savings
2013-06-21 16:17 . 2013-06-21 16:17 -------- d-----w- c:\users\Craig\AppData\Roaming\Slick Savings
2013-06-19 22:58 . 2013-06-19 22:58 -------- d-----w- c:\users\Craig\AppData\Local\SWTORPerf
2013-06-12 06:36 . 2013-06-12 06:36 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 10:00 . 2011-03-15 11:36 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 06:36 . 2012-04-07 06:50 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 06:36 . 2011-05-26 20:52 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-20 20:32 . 2012-07-22 19:46 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-17 18:43 . 2011-12-11 23:20 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-05-17 18:43 . 2011-12-11 23:20 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-05-17 18:42 . 2011-12-11 23:20 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-05-17 18:42 . 2011-12-11 23:20 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-04-27 20:08 . 2013-04-27 20:08 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-04-27 20:08 . 2013-04-27 20:08 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-27 20:08 . 2013-04-27 20:08 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2013-04-27 20:08 . 2013-04-27 20:08 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-04-27 20:08 . 2013-04-27 20:08 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-27 20:08 . 2013-04-27 20:08 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-04-27 20:08 . 2013-04-27 20:08 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-27 20:08 . 2013-04-27 20:08 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-27 20:08 . 2013-04-27 20:08 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-27 20:08 . 2013-04-27 20:08 367104 ----a-w- c:\windows\SysWow64\html.iec
2013-04-27 20:08 . 2013-04-27 20:08 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-04-27 20:08 . 2013-04-27 20:08 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-27 20:08 . 2013-04-27 20:08 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-27 20:08 . 2013-04-27 20:08 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-27 20:08 . 2013-04-27 20:08 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-27 20:08 . 2013-04-27 20:08 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-04-27 20:08 . 2013-04-27 20:08 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-27 20:08 . 2013-04-27 20:08 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-27 20:08 . 2013-04-27 20:08 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-04-27 20:08 . 2013-04-27 20:08 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-27 20:08 . 2013-04-27 20:08 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-27 20:08 . 2013-04-27 20:08 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2013-04-27 20:08 . 2013-04-27 20:08 85504 ----a-w- c:\windows\system32\jsproxy.dll
2013-04-27 20:08 . 2013-04-27 20:08 222208 ----a-w- c:\windows\system32\msls31.dll
2013-04-27 20:08 . 2013-04-27 20:08 2147840 ----a-w- c:\windows\system32\iertutil.dll
2013-04-27 20:08 . 2013-04-27 20:08 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-27 20:08 . 2013-04-27 20:08 1392128 ----a-w- c:\windows\system32\wininet.dll
2013-04-27 20:08 . 2013-04-27 20:08 1346560 ----a-w- c:\windows\system32\urlmon.dll
2013-04-27 20:08 . 2013-04-27 20:08 816640 ----a-w- c:\windows\system32\jscript.dll
2013-04-27 20:08 . 2013-04-27 20:08 65024 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-27 20:08 . 2013-04-27 20:08 49664 ----a-w- c:\windows\system32\imgutil.dll
2013-04-27 20:08 . 2013-04-27 20:08 267776 ----a-w- c:\windows\system32\ieaksie.dll
2013-04-27 20:08 . 2013-04-27 20:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-04-27 20:08 . 2013-04-27 20:08 2312704 ----a-w- c:\windows\system32\jscript9.dll
2013-04-27 20:08 . 2013-04-27 20:08 17817088 ----a-w- c:\windows\system32\mshtml.dll
2013-04-27 20:08 . 2013-04-27 20:08 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-27 20:08 . 2013-04-27 20:08 163840 ----a-w- c:\windows\system32\ieakui.dll
2013-04-27 20:08 . 2013-04-27 20:08 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-27 20:08 . 2013-04-27 20:08 145920 ----a-w- c:\windows\system32\iepeers.dll
2013-04-27 20:08 . 2013-04-27 20:08 12288 ----a-w- c:\windows\system32\mshta.exe
2013-04-27 20:08 . 2013-04-27 20:08 114176 ----a-w- c:\windows\system32\admparse.dll
2013-04-27 20:08 . 2013-04-27 20:08 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-27 20:08 . 2013-04-27 20:08 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-27 20:08 . 2013-04-27 20:08 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-27 20:08 . 2013-04-27 20:08 248320 ----a-w- c:\windows\system32\ieui.dll
2013-04-27 20:08 . 2013-04-27 20:08 160256 ----a-w- c:\windows\system32\ieakeng.dll
2013-04-27 20:08 . 2013-04-27 20:08 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-27 20:08 . 2013-04-27 20:08 111616 ----a-w- c:\windows\system32\iesysprep.dll
2013-04-27 20:08 . 2013-04-27 20:08 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-27 20:08 . 2013-04-27 20:08 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2013-04-27 20:08 . 2013-04-27 20:08 82432 ----a-w- c:\windows\system32\icardie.dll
2013-04-27 20:08 . 2013-04-27 20:08 76800 ----a-w- c:\windows\system32\tdc.ocx
2013-04-27 20:08 . 2013-04-27 20:08 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-27 20:08 . 2013-04-27 20:08 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-27 20:08 . 2013-04-27 20:08 448512 ----a-w- c:\windows\system32\html.iec
2013-04-27 20:08 . 2013-04-27 20:08 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-04-27 20:08 . 2013-04-27 20:08 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-27 20:08 . 2013-04-27 20:08 282112 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-27 20:08 . 2013-04-27 20:08 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-04-27 20:08 . 2013-04-27 20:08 85504 ----a-w- c:\windows\system32\iesetup.dll
2013-04-27 20:08 . 2013-04-27 20:08 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-27 20:08 . 2013-04-27 20:08 237056 ----a-w- c:\windows\system32\url.dll
2013-04-27 20:08 . 2013-04-27 20:08 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-27 20:08 . 2013-04-27 20:08 96768 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-27 20:08 . 2013-04-27 20:08 729088 ----a-w- c:\windows\system32\msfeeds.dll
2013-04-27 20:08 . 2013-04-27 20:08 599040 ----a-w- c:\windows\system32\vbscript.dll
2013-04-27 20:08 . 2013-04-27 20:08 30720 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-27 20:08 . 2013-04-27 20:08 249344 ----a-w- c:\windows\system32\webcheck.dll
2013-04-27 20:08 . 2013-04-27 20:08 165888 ----a-w- c:\windows\system32\iexpress.exe
2013-04-27 20:08 . 2013-04-27 20:08 160256 ----a-w- c:\windows\system32\wextract.exe
2013-04-27 20:08 . 2013-04-27 20:08 103936 ----a-w- c:\windows\system32\inseng.dll
2013-04-27 20:02 . 2013-04-27 20:02 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-27 20:02 . 2013-04-27 20:02 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-27 20:02 . 2013-04-27 20:02 144384 ----a-w- c:\windows\system32\cdd.dll
2013-04-27 20:02 . 2013-04-27 20:02 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2013-04-27 20:02 . 2013-04-27 20:02 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2013-04-27 20:02 . 2013-04-27 20:02 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2013-04-27 20:02 . 2013-04-27 20:02 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2013-04-12 14:36 . 2013-04-23 17:15 1653096 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-04 12:35 . 2013-05-20 20:24 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}]
2013-04-25 10:56 538944 ----a-w- c:\users\Craig\AppData\Roaming\Slick Savings\Coupons.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Craig\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Craig\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Craig\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Craig\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-06-28 1105408]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2013-01-17 1099576]
"AIM for Windows"="c:\users\Craig\AppData\Local\AOL\AIM\aim.exe" [2013-03-29 2937384]
"Spotify"="c:\users\Craig\AppData\Roaming\Spotify\Spotify.exe" [2013-06-28 4573184]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
.
c:\users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Craig\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe;c:\windows\runservice.exe [x]
R2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys;c:\windows\SYSNATIVE\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys;c:\windows\SYSNATIVE\DRIVERS\zghsmdm.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1207010.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1207010.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1207010.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1207010.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20120317.002\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120321.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120321.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1207010.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NAVx64\1207010.003\SYMNETS.SYS [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe;c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [x]
S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [x]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S4 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S4 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S4 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
*Deregistered* - Avgldx64
*Deregistered* - Avgloga
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 06:36]
.
2013-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-17 21:12]
.
2013-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-17 21:12]
.
2013-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2449745153-3000992257-2090208652-1005Core.job
- c:\users\Craig\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-09 23:44]
.
2013-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2449745153-3000992257-2090208652-1005UA.job
- c:\users\Craig\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-09 23:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}]
2012-08-08 04:08 105472 ----a-w- c:\program files\PrivacySafeGuard\PrivacySafeGuard-x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Craig\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Craig\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Craig\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Craig\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-24 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-24 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-24 413208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-19 1931024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\0k0sxn7w.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - ExtSQL: 2013-06-21 09:17; [You must be registered and logged in to see this link.]; c:\users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\0k0sxn7w.default\extensions\savingsslider@mybrowserbar.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-ROC_ROC_APR2013_AV - c:\users\Craig\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe
Wow6432Node-HKLM-Run- - (no file)
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-WinZip Registry Optimizer_is1 - c:\program files (x86)\WinZip Registry Optimizer\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB]
"1"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,d6,9f,52,ce,23,dc,1a,
c2
"2"=hex:d1,c8,c3,5e,08,10,b9,8f,1e,fd,a6,7c,f5,6d,b0,f3,a6,71,8f,f8,ab,bd,bd,
76,64,10,04,f0,92,77,f9,20
"3"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,ac,98,11,9b,be,95,83,
07,ae,ba,7e,d8,e6,d6,56,50,c4,dc,bb,7b,18,78,a4,de,04,5c,25,4e,9f,d7,39,6d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB\7BF9E831E71B650D9FD9ADA9E13AF2CA]
"1"=hex:47,e4,6c,02,68,b4,3b,2b,30,11,db,3c,35,63,21,d4,11,b1,7e,c5,ed,aa,8e,
1a,3b,92,af,55,30,f0,da,a7
"2"=hex:03,13,8a,80,bd,85,45,8e
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:3b,e8,2f,01,6c,32,33,d8,e1,d7,f3,f6,0e,0a,fa,46,62,39,09,43,d3,da,73,
d4,4e,db,d0,f9,b1,fb,0a,f1,d3,99,57,af,7d,98,93,fd,a5,1e,64,b6,5b,35,28,e1,\
"8"=hex:63,5a,d7,1b,b1,d4,18,46,3c,25,e7,95,a9,cd,5a,04,0a,ef,ab,a3,bc,d5,ff,
d9,5f,e7,cb,5e,09,e4,0e,eb,84,1a,55,8c,ca,0a,7c,04
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\06\01\0f40?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-29 20:06:05
ComboFix-quarantined-files.txt 2013-06-30 03:06
.
Pre-Run: 60,491,087,872 bytes free
Post-Run: 60,207,652,864 bytes free
.
- - End Of File - - 0004B96DB3D5EE7E409A3396F748A161
D41D8CD98F00B204E9800998ECF8427E

craig.deboard
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2013-06-28
OS : Windows 7

View user profile

Back to top Go down

Re: Possible Adware/Malware Virus. Need help!

Post by Superdave on Sun Jun 30, 2013 7:16 pm


  • Download [You must be registered and logged in to see this link.] on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Possible Adware/Malware Virus. Need help!

Post by craig.deboard on Sun Jun 30, 2013 8:38 pm

Here's my Rogue Killer log. 6 items were "found" but I'm not sure If I'm supposed to delete them or not.

RogueKiller V8.6.1 [Jun 29 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : [You must be registered and logged in to see this link.]
Website : [You must be registered and logged in to see this link.]
Blog : [You must be registered and logged in to see this link.]

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Craig [Admin rights]
Mode : Scan -- Date : 06/30/2013 13:36:01
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : AIM for Windows ("C:\Users\Craig\AppData\Local\AOL\AIM\aim.exe" [7]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2449745153-3000992257-2090208652-1005\[...]\Run : AIM for Windows ("C:\Users\Craig\AppData\Local\AOL\AIM\aim.exe" [7]) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-55A0RT0 +++++
--- User ---
[MBR] 584c6eb637c3b64d1d8c0cef3d04a3dc
[BSP] 6b2028ca9a80b1b24360e86c900a0e62 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10668 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21850112 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 22054912 | Size: 466170 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD5000BEVT-55A0RT0 +++++
--- User ---
[MBR] 5a03379aefb2a9d2762f32bfd71ced3a
[BSP] 37d992d7da7bde8ae9d31efc344e2ec3 : MBR Code unknown
Partition table:
0 - [XXXXXX] OS/2 (0x0a) [VISIBLE] Offset (sectors): 1919230059 | Size: 2092621 Mo
1 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 544829025 | Size: 266028 Mo
2 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 2885681152 | Size: 25 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_06302013_133601.txt >>





craig.deboard
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2013-06-28
OS : Windows 7

View user profile

Back to top Go down

Re: Possible Adware/Malware Virus. Need help!

Post by Superdave on Sun Jun 30, 2013 10:05 pm

Please run RogueKiller again and delete those items. Did you get my pm to you?
How's your computer running now?


I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Possible Adware/Malware Virus. Need help!

Post by craig.deboard on Mon Jul 01, 2013 6:58 pm

I ran the ESET program but forgot to export to file before closing out of it and uninstalling it. However the program did state that no threats were found. I also deleted the found items RogueKiller found as well. My computer seems to be working much better now. Thanks Smile

craig.deboard
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2013-06-28
OS : Windows 7

View user profile

Back to top Go down

Re: Possible Adware/Malware Virus. Need help!

Post by Superdave on Mon Jul 01, 2013 7:22 pm

Ok, let's do some cleanup and we'll be finished.

Download this program and run it [You must be registered and logged in to see this link.] .It will remove ComboFix for you

********************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
**************************************
Go to [You must be registered and logged in to see this link.] and get all critical updates.

----------

I suggest using [You must be registered and logged in to see this link.]. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

[You must be registered and logged in to see this link.]- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* [You must be registered and logged in to see this link.] from Spyware and Malware
* If you don't know what ActiveX controls are, see [You must be registered and logged in to see this link.]

Protect yourself against spyware using the Immunize feature in [You must be registered and logged in to see this link.] Guide: [You must be registered and logged in to see this link.] to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. [You must be registered and logged in to see this link.]

Check out [You must be registered and logged in to see this link.] for tips and free tools to help keep you safe in the future.

Also see [You must be registered and logged in to see this link.] for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum