Jump to content

Unable to Clean PC - Please Help

wkandravi

By wkandravi,
in Solved Malware Logs

 Share

Recommended Posts

wkandravi Newbie

wkandravi

Posted
Posted

Currently working on a HP Pavilion All-in-One with an AMD Athalon II with 4 GB RAM & Win 7 x64.

 

I have run Malwarebytes & SophosVirusRemovalTool and cleaned a number of viruses. Unfortunately, I still cannot get the main virus off this PC. I have not been able to run the MBAM complete scan as the RootKit Agent fails at program startup. I have attached the image of the MBAM error message and pasted the 3 log files from the scans. Any assistance would be greatly appreciated.

 

MALWAREBYTES LOG

 

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/03/30 15:27:05 -0400</date>
<log>mbam-log-2014-03-30 (15-04-01).xml</log>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.0.1000</version>
<rules-database>v2014.03.30.05</rules-database>
<swissarmy-database>v2014.03.27.01</swissarmy-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Wayne</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>327913</objects>
<time>1383</time>
<processes>0</processes>
<modules>0</modules>
<keys>252</keys>
<values>28</values>
<datas>0</datas>
<folders>18</folders>
<files>171</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<shuriken>enabled</shuriken>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>6d0064a53b40a690566ff50bf70a52ae</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{28C3737A-32D1-492D-B76B-8D75EBBFB887}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>6d0064a53b40a690566ff50bf70a52ae</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{8FAE973C-3FE3-44BF-81F0-ADB0D42CE851}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>6d0064a53b40a690566ff50bf70a52ae</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{28C3737A-32D1-492D-B76B-8D75EBBFB887}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>6d0064a53b40a690566ff50bf70a52ae</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8FAE973C-3FE3-44BF-81F0-ADB0D42CE851}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>6d0064a53b40a690566ff50bf70a52ae</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>6d0064a53b40a690566ff50bf70a52ae</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DictionaryBossService</path><vendor>PUP.Optional.AudioToAudioToolBar.A</vendor><action>success</action><hash>caa34abf96e5b28402b01f1656aaac54</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{042DA63B-0933-403D-9395-B49307691690}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{042DA63B-0933-403D-9395-B49307691690}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{CBEF8724-D080-4737-88DA-111EEC6651AA}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{CBEF8724-D080-4737-88DA-111EEC6651AA}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Inbox.JSServer</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Inbox.JSServer</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKU\S-1-5-21-3804815134-1290454183-1668720314-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{042DA63B-0933-403D-9395-B49307691690}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Inbox.IBX404</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Inbox.IBX404</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKU\S-1-5-21-3804815134-1290454183-1668720314-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKU\S-1-5-21-3804815134-1290454183-1668720314-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Inbox.Toolbar</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Inbox.Toolbar</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKU\S-1-5-21-3804815134-1290454183-1668720314-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKU\S-1-5-21-3804815134-1290454183-1668720314-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKU\S-1-5-21-3804815134-1290454183-1668720314-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\INPROCSERVER32</path><vendor>PUP.Optional.Inbox</vendor><action>success</action><hash>d39afc0d58238caa398ca35d04fdae52</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3042df7a-e900-4389-9b94-923df0daa57e}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6eb534fb-2001-45c4-b860-bc904865a379}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{6EB534FB-2001-45C4-B860-BC904865A379}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKU\S-1-5-21-3804815134-1290454183-1668720314-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6EB534FB-2001-45C4-B860-BC904865A379}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKU\S-1-5-21-3804815134-1290454183-1668720314-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6EB534FB-2001-45C4-B860-BC904865A379}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKU\S-1-5-21-3804815134-1290454183-1668720314-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6EB534FB-2001-45C4-B860-BC904865A379}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKU\S-1-5-21-3804815134-1290454183-1668720314-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6EB534FB-2001-45C4-B860-BC904865A379}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8eb0aaa0-2ffe-4326-8331-efe2d5d15ec7}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{1a033ae8-0d4d-4ec8-a4a9-47bbe0b6489b}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{264E97DD-7AD7-442B-87A8-F9EC4819E47B}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{476C9DB6-2846-4507-A4FC-B95B9D84637C}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{5A61E8B4-1D41-43FC-8237-AAAF8755317B}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{73A92446-8E2A-4B4D-8BFB-FA18F6B1C9A8}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{C7D153B1-5602-41A4-A012-06165B4B0C53}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{FF14F9E4-44C9-4CAB-88CE-A4E8221D0206}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{264E97DD-7AD7-442B-87A8-F9EC4819E47B}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{476C9DB6-2846-4507-A4FC-B95B9D84637C}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5A61E8B4-1D41-43FC-8237-AAAF8755317B}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{73A92446-8E2A-4B4D-8BFB-FA18F6B1C9A8}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C7D153B1-5602-41A4-A012-06165B4B0C53}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FF14F9E4-44C9-4CAB-88CE-A4E8221D0206}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1a033ae8-0d4d-4ec8-a4a9-47bbe0b6489b}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\DictionaryBoss.SettingsPlugin.1</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\DictionaryBoss.SettingsPlugin</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\DictionaryBoss.SettingsPlugin</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\DictionaryBoss.SettingsPlugin.1</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{8EB0AAA0-2FFE-4326-8331-EFE2D5D15EC7}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DictionaryBossbar Uninstall</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKU\S-1-5-21-3804815134-1290454183-1668720314-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3042DF7A-E900-4389-9B94-923DF0DAA57E}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKU\S-1-5-21-3804815134-1290454183-1668720314-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3042DF7A-E900-4389-9B94-923DF0DAA57E}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKU\S-1-5-21-3804815134-1290454183-1668720314-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3042DF7A-E900-4389-9B94-923DF0DAA57E}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKU\S-1-5-21-3804815134-1290454183-1668720314-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3042DF7A-E900-4389-9B94-923DF0DAA57E}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>234a27e2accf3afc6dbe50f04ab83cc4</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{33119133-0854-469d-807A-171568457991}</path><vendor>PUP.Optional.FunWebProducts.A</vendor><action>success</action><hash>5914a366d6a5eb4b89182d115aa8ec14</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{13119113-0854-469d-807A-171568457991}</path><vendor>PUP.Optional.FunWebProducts.A</vendor><action>success</action><hash>5914a366d6a5eb4b89182d115aa8ec14</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\DictionaryBoss.SkinLauncher.1</path><vendor>PUP.Optional.FunWebProducts.A</vendor><action>success</action><hash>5914a366d6a5eb4b89182d115aa8ec14</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\DictionaryBoss.SkinLauncher</path><vendor>PUP.Optional.FunWebProducts.A</vendor><action>success</action><hash>5914a366d6a5eb4b89182d115aa8ec14</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\DictionaryBoss.SkinLauncher</path><vendor>PUP.Optional.FunWebProducts.A</vendor><action>success</action><hash>5914a366d6a5eb4b89182d115aa8ec14</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CelebSauce.SkinLauncher</path><vendor>PUP.Optional.FunWebProducts.A</vendor><action>success</action><hash>5914a366d6a5eb4b89182d115aa8ec14</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CelebSauce.SkinLauncher.1</path><vendor>PUP.Optional.FunWebProducts.A</vendor><action>success</action><hash>5914a366d6a5eb4b89182d115aa8ec14</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CelebSauce.SkinLauncher</path><vendor>PUP.Optional.FunWebProducts.A</vendor><action>success</action><hash>5914a366d6a5eb4b89182d115aa8ec14</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CelebSauce.SkinLauncher.1</path><vendor>PUP.Optional.FunWebProducts.A</vendor><action>success</action><hash>5914a366d6a5eb4b89182d115aa8ec14</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\DictionaryBoss.SkinLauncher.1</path><vendor>PUP.Optional.FunWebProducts.A</vendor><action>success</action><hash>5914a366d6a5eb4b89182d115aa8ec14</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{03119103-0854-469d-807A-171568457991}</path><vendor>PUP.Optional.FunWebProducts.A</vendor><action>success</action><hash>5914a366d6a5eb4b89182d115aa8ec14</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{23119123-0854-469D-807A-171568457991}</path><vendor>PUP.Optional.FunWebProducts.A</vendor><action>success</action><hash>5914a366d6a5eb4b89182d115aa8ec14</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{23119123-0854-469D-807A-171568457991}</path><vendor>PUP.Optional.FunWebProducts.A</vendor><action>success</action><hash>5914a366d6a5eb4b89182d115aa8ec14</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{03119103-0854-469d-807A-171568457991}</path><vendor>PUP.Optional.FunWebProducts.A</vendor><action>success</action><hash>5914a366d6a5eb4b89182d115aa8ec14</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\DictionaryBoss.SkinLauncherSettings.1</path><vendor>PUP.Optional.FunWebProducts.A</vendor><action>success</action><hash>5914a366d6a5eb4b89182d115aa8ec14</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\DictionaryBoss.SkinLauncherSettings</path><vendor>PUP.Optional.FunWebProducts.A</vendor><action>success</action><hash>5914a366d6a5eb4b89182d115aa8ec14</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\DictionaryBoss.SkinLauncherSettings</path><vendor>PUP.Optional.FunWebProducts.A</vendor><action>success</action><hash>5914a366d6a5eb4b89182d115aa8ec14</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CelebSauce.SkinLauncherSettings</path><vendor>PUP.Optional.FunWebProducts.A</vendor><action>success</action><hash>5914a366d6a5eb4b89182d115aa8ec14</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CelebSauce.SkinLauncherSettings.1</path><vendor>PUP.Optional.FunWebProducts.A</vendor><action>success</action><hash>5914a366d6a5eb4b89182d115aa8ec14</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CelebSauce.SkinLauncherSettings</path><vendor>PUP.Optional.FunWebProducts.A</vendor><action>success</action><hash>5914a366d6a5eb4b89182d115aa8ec14</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CelebSauce.SkinLauncherSettings.1</path><vendor>PUP.Optional.FunWebProducts.A</vendor><action>success</action><hash>5914a366d6a5eb4b89182d115aa8ec14</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\DictionaryBoss.SkinLauncherSettings.1</path><vendor>PUP.Optional.FunWebProducts.A</vendor><action>success</action><hash>5914a366d6a5eb4b89182d115aa8ec14</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{58376892-60e7-4f63-aca0-0f686af554d6}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>155843c617648bab88a6271909f9e31d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{58376892-60E7-4F63-ACA0-0F686AF554D6}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>155843c617648bab88a6271909f9e31d</hash></key>
<key><path>HKU\S-1-5-21-3804815134-1290454183-1668720314-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{58376892-60E7-4F63-ACA0-0F686AF554D6}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>155843c617648bab88a6271909f9e31d</hash></key>
<key><path>HKU\S-1-5-21-3804815134-1290454183-1668720314-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{58376892-60E7-4F63-ACA0-0F686AF554D6}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>155843c617648bab88a6271909f9e31d</hash></key>
<key><path>HKU\S-1-5-21-3804815134-1290454183-1668720314-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{58376892-60E7-4F63-ACA0-0F686AF554D6}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>155843c617648bab88a6271909f9e31d</hash></key>
<key><path>HKU\S-1-5-21-3804815134-1290454183-1668720314-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{58376892-60E7-4F63-ACA0-0F686AF554D6}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>155843c617648bab88a6271909f9e31d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}</path><vendor>PUP.Optional.AppGraffiti.A</vendor><action>success</action><hash>5914b554106b181eee5e79c3c53d9f61</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}</path><vendor>PUP.Optional.AppGraffiti.A</vendor><action>success</action><hash>5914b554106b181eee5e79c3c53d9f61</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{DB02BC6B-B0F0-4074-99E6-884B70FCB6AE}</path><vendor>PUP.Optional.AppGraffiti.A</vendor><action>success</action><hash>5914b554106b181eee5e79c3c53d9f61</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{022C9F90-2E96-47D6-A971-107650154563}</path><vendor>PUP.Optional.AppGraffiti.A</vendor><action>success</action><hash>5914b554106b181eee5e79c3c53d9f61</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{022C9F90-2E96-47D6-A971-107650154563}</path><vendor>PUP.Optional.AppGraffiti.A</vendor><action>success</action><hash>5914b554106b181eee5e79c3c53d9f61</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DB02BC6B-B0F0-4074-99E6-884B70FCB6AE}</path><vendor>PUP.Optional.AppGraffiti.A</vendor><action>success</action><hash>5914b554106b181eee5e79c3c53d9f61</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\AppGraffiti.AppGraffitiJS</path><vendor>PUP.Optional.AppGraffiti.A</vendor><action>success</action><hash>5914b554106b181eee5e79c3c53d9f61</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\AppGraffiti.AppGraffitiJS</path><vendor>PUP.Optional.AppGraffiti.A</vendor><action>success</action><hash>5914b554106b181eee5e79c3c53d9f61</hash></key>
<key><path>HKU\S-1-5-21-3804815134-1290454183-1668720314-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CC99A798-FD3D-4AB4-969E-6071612524F9}</path><vendor>PUP.Optional.AppGraffiti.A</vendor><action>success</action><hash>5914b554106b181eee5e79c3c53d9f61</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}</path><vendor>PUP.Optional.AppGraffiti.A</vendor><action>success</action><hash>5914b554106b181eee5e79c3c53d9f61</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}</path><vendor>PUP.Optional.AppGraffiti.A</vendor><action>success</action><hash>5914b554106b181eee5e79c3c53d9f61</hash></key>
<key><path>HKU\S-1-5-21-3804815134-1290454183-1668720314-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}</path><vendor>PUP.Optional.AppGraffiti.A</vendor><action>success</action><hash>5914b554106b181eee5e79c3c53d9f61</hash></key>
<key><path>HKU\S-1-5-21-3804815134-1290454183-1668720314-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}</path><vendor>PUP.Optional.AppGraffiti.A</vendor><action>success</action><hash>5914b554106b181eee5e79c3c53d9f61</hash></key>
<key><path>HKU\S-1-5-21-3804815134-1290454183-1668720314-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}</path><vendor>PUP.Optional.AppGraffiti.A</vendor><action>success</action><hash>5914b554106b181eee5e79c3c53d9f61</hash></key>
<key><path>HKU\S-1-5-21-3804815134-1290454183-1668720314-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}</path><vendor>PUP.Optional.AppGraffiti.A</vendor><action>success</action><hash>5914b554106b181eee5e79c3c53d9f61</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}</path><vendor>PUP.Optional.AppGraffiti.A</vendor><action>success</action><hash>5914b554106b181eee5e79c3c53d9f61</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}</path><vendor>PUP.Optional.AppGraffiti.A</vendor><action>success</action><hash>5914b554106b181eee5e79c3c53d9f61</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{CCB69577-088B-4004-9ED8-FF5BCC83A039}</path><vendor>PUP.Optional.RebateInformer.A</vendor><action>success</action><hash>98d50cfdc1ba40f6820b330b818123dd</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1</path><vendor>PUP.Optional.AppGraffiti.A</vendor><action>success</action><hash>4e1f808982f980b6d8f580face35f10f</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\INBOX TOOLBAR</path><vendor>PUP.Optional.InboxToolBar.A</vendor><action>success</action><hash>6c01ff0adaa1ba7c622571f60cf605fb</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSHOST32</path><vendor>Trojan.Agent</vendor><action>success</action><hash>4c217a8f48337abc37d855ffa360f40c</hash></key>
<key><path>HKU\S-1-5-21-3804815134-1290454183-1668720314-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Inbox Toolbar</path><vendor>PUP.Optional.InboxToolBar.A</vendor><action>success</action><hash>fc7165a4770496a0cca512716d9619e7</hash></key>
<key><path>HKU\S-1-5-21-3804815134-1290454183-1668720314-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>1459ef1a6f0cde5856237706010224dc</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{eb2049f6-9dfa-4e51-b2a1-fc5a6e596c80}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{9378167c-fac6-4dfb-bd4f-f7c195d2b1e4}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{19C920DF-88F9-44F8-A17E-A35A12D60525}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{1C27D391-1D58-4C02-878E-4E975B775B6F}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{19C920DF-88F9-44F8-A17E-A35A12D60525}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1C27D391-1D58-4C02-878E-4E975B775B6F}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{9378167c-fac6-4dfb-bd4f-f7c195d2b1e4}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\DictionaryBoss.HTMLPanel.1</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\DictionaryBoss.HTMLPanel</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\DictionaryBoss.HTMLPanel</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\DictionaryBoss.HTMLPanel.1</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{EB2049F6-9DFA-4E51-B2A1-FC5A6E596C80}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{488c2712-1482-42ad-bc4d-681e5832f0c2}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{d1479029-bacc-4c9a-8c15-d857a2974e27}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{8A44A538-73FC-4D86-83DB-68ACE71E5FE8}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{C567FB88-C02E-4042-8685-8563D0633BE1}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{E79601CE-6CB5-4A4C-A643-A9FEC2C136F5}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8A44A538-73FC-4D86-83DB-68ACE71E5FE8}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C567FB88-C02E-4042-8685-8563D0633BE1}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E79601CE-6CB5-4A4C-A643-A9FEC2C136F5}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{d1479029-bacc-4c9a-8c15-d857a2974e27}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{da08805b-ba32-426b-ad14-ecac8235a8aa}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{6c367b45-0824-419a-af7f-157665b56aba}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{08855E67-37D6-48CC-B59E-A010D658A7BB}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{08855E67-37D6-48CC-B59E-A010D658A7BB}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{6c367b45-0824-419a-af7f-157665b56aba}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2c72f7a5-8160-4024-94d8-e0995d547bb0}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\DictionaryBoss.DynamicBarButton.1</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\DictionaryBoss.DynamicBarButton</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\DictionaryBoss.DynamicBarButton</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\DictionaryBoss.DynamicBarButton.1</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{032416f0-0007-481b-9df8-9bcd1bf357f0}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{696d3b4f-71ef-41cc-96ff-342317e644de}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{0270C2C5-40BD-4CFF-B0DF-79AD2E283AD3}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{ED49DF44-2DC8-4CFC-8510-DAF4DFCC5F40}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0270C2C5-40BD-4CFF-B0DF-79AD2E283AD3}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{ED49DF44-2DC8-4CFC-8510-DAF4DFCC5F40}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{696d3b4f-71ef-41cc-96ff-342317e644de}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\DictionaryBoss.FeedManager.1</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\DictionaryBoss.FeedManager</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\DictionaryBoss.FeedManager</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\DictionaryBoss.FeedManager.1</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F9A402FD-82C8-4743-991E-BC77E62DA0E5}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\DictionaryBoss.HTMLMenu.1</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\DictionaryBoss.HTMLMenu</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\DictionaryBoss.HTMLMenu</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\DictionaryBoss.HTMLMenu.1</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{F9A402FD-82C8-4743-991E-BC77E62DA0E5}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{23f28f6b-50a2-4327-9450-7d3d2f33daae}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{4de8b15e-e379-482a-81c5-cd99eb8cef40}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{6DDD8F3F-3774-484C-938C-4D9AB3A5F575}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{FE17CD12-2988-47B4-86E3-640288DE42CB}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6DDD8F3F-3774-484C-938C-4D9AB3A5F575}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FE17CD12-2988-47B4-86E3-640288DE42CB}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{4de8b15e-e379-482a-81c5-cd99eb8cef40}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{b4ea8204-ee81-4f73-a240-ec4aeb8ad3de}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\DictionaryBoss.MultipleButton.1</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\DictionaryBoss.MultipleButton</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\DictionaryBoss.MultipleButton</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\DictionaryBoss.MultipleButton.1</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6d0c6f55-e3eb-4d6b-8f52-996b4da196d9}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{a525b28e-04ee-455f-8c17-3a0273ebea2c}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{5BD5AE73-FDA3-469B-9358-D4EDA7123370}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{8C0CFCBE-D7E4-4778-8BFD-3A8D8B5A9CCD}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{934894D3-9DF1-4063-BE0B-4246762A87D8}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5BD5AE73-FDA3-469B-9358-D4EDA7123370}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8C0CFCBE-D7E4-4778-8BFD-3A8D8B5A9CCD}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{934894D3-9DF1-4063-BE0B-4246762A87D8}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{a525b28e-04ee-455f-8c17-3a0273ebea2c}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\DictionaryBoss.XMLSessionPlugin.1</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\DictionaryBoss.XMLSessionPlugin</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\DictionaryBoss.XMLSessionPlugin</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\DictionaryBoss.XMLSessionPlugin.1</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{6D0C6F55-E3EB-4D6B-8F52-996B4DA196D9}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{715321aa-a1fc-4058-8ffa-668d687b6e32}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\DictionaryBoss.Radio.1</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\DictionaryBoss.Radio</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\DictionaryBoss.Radio</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\DictionaryBoss.Radio.1</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{82481cff-738f-4410-bffb-77595d5d9faa}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{9d14caf3-88c2-4c9a-ae73-fe77c2a5697d}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{BE9F4D06-3A23-4F1A-902F-D9E113793576}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BE9F4D06-3A23-4F1A-902F-D9E113793576}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{9d14caf3-88c2-4c9a-ae73-fe77c2a5697d}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\DictionaryBoss.RadioSettings.1</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\DictionaryBoss.RadioSettings</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\DictionaryBoss.RadioSettings</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\DictionaryBoss.RadioSettings.1</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{afed4702-7932-4426-aea4-9b248189c7a3}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\DictionaryBoss.ScriptButton.1</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\DictionaryBoss.ScriptButton</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\DictionaryBoss.ScriptButton</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\DictionaryBoss.ScriptButton.1</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{272143f8-3dbe-424c-949f-20acd11e5a6d}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{a436c6ec-9040-4322-ab62-bdb9e81e2f6c}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{7448C04F-A2EC-43F8-B42C-49001A49A199}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{806AADCB-C4D7-4545-954B-5E6C2952CE79}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{9120FCF5-A797-46B8-BAFD-66E1678AA284}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{9BECF6AB-82E3-4E58-9E73-78565FFE5C05}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7448C04F-A2EC-43F8-B42C-49001A49A199}</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>115cfe0be794bd799b1094c37989fa06</hash></key>
<ke

post-96269-0-10814900-1396235707_thumb.jpg

Link to comment
Share on other sites
  • Replies 57
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

wkandravi Newbie

wkandravi

Posted
  • Author
Posted (edited)

Here are the DDS & Attach reports

 

DDS.TXT

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450
Run by Wayne at 11:42:40 on 2014-03-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.1876 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\spool\DRIVERS\x64\3\lxdnserv.exe
C:\Windows\system32\lxdncoms.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\aol\1269351362\ee\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\svchost.exe
c:\program files (x86)\teamviewer\version9\TeamViewer_Desktop.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/?ncid=customie9
uDefault_Page_URL = hxxp://www.aol.com/?ncid=customie9
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1269351362\ee\AOLSoftware.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{802F067A-1493-4B9E-9FDA-6A97335552B4} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{802F067A-1493-4B9E-9FDA-6A97335552B4}\44E4459443 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{89DE6A28-FEB1-4F69-B82E-DE5D92E2B544} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe
x64-Run: [lxdnmon.exe] "C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe"
x64-Run: [lxdnamon] "C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe"
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\bybst9sc.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - ExtSQL: 2014-03-17 15:02; kaffxtbr@CelebSauce.com; C:\Program Files (x86)\CelebSauce\bar\1.bin
.
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-4-13 50976]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-13 92160]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-13 203264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 lxdn_device;lxdn_device;C:\Windows\System32\lxdncoms.exe -service --> C:\Windows\System32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxdnserv.exe [2009-4-28 29184]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-12-2 218432]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-3-30 4971840]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-11-13 139616]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-13 239616]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-11-13 34872]
S0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-11-25 196376]
S0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
S0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
S1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-25 150808]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 243480]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
S1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-2-23 3782672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-10-29 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2010-9-29 21504]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2009-1-29 9216]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-7 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-14 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-03-31 05:09:33 -------- d-----w- C:\Users\Wayne\AppData\Roaming\AVG2014
2014-03-31 05:08:06 -------- d--h--w- C:\$AVG
2014-03-31 05:08:06 -------- d-----w- C:\ProgramData\AVG2014
2014-03-31 05:07:28 -------- d-----w- C:\Program Files (x86)\AVG
2014-03-31 05:06:00 -------- d-----w- C:\Users\Wayne\AppData\Local\Avg2014
2014-03-31 03:51:16 20472 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\TeamViewer_PrintProcessor.dll
2014-03-31 03:50:54 -------- d-----w- C:\Program Files (x86)\TeamViewer
2014-03-31 00:57:20 388096 ----a-r- C:\Users\Wayne\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-03-31 00:57:20 -------- d-----w- C:\Program Files (x86)\Trend Micro
2014-03-30 21:34:11 -------- d-----w- C:\Users\Wayne\AppData\Local\VirtualStore
2014-03-30 19:52:19 -------- d-----w- C:\ProgramData\Sophos
2014-03-30 19:52:15 73728 ----a-r- C:\Users\Wayne\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-03-30 19:52:15 73728 ----a-r- C:\Users\Wayne\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-03-30 19:52:15 73728 ----a-r- C:\Users\Wayne\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-03-30 19:51:59 -------- d-----w- C:\Program Files (x86)\Sophos
2014-03-30 19:44:49 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-30 19:44:49 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-03-30 19:44:49 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-30 19:44:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-30 18:34:00 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-03-30 18:33:48 -------- d-----w- C:\Users\Wayne\AppData\Local\CrashDumps
2014-03-30 18:33:09 -------- d-----w- C:\Users\Wayne\AppData\Local\Macromedia
2014-03-30 18:32:00 -------- d-----w- C:\Users\Wayne\AppData\Local\Mozilla
2014-03-30 18:26:33 -------- d-----w- C:\Users\Wayne\AppData\Local\Programs
2014-03-30 18:20:47 -------- d-----w- C:\Users\Wayne\AppData\Local\Avg2013
2014-03-30 18:20:32 -------- d-----w- C:\Users\Wayne\AppData\Roaming\TuneUp Software
2014-03-30 18:19:19 -------- d-----w- C:\Users\Wayne\AppData\Local\MFAData
2014-03-30 18:18:32 -------- d-----w- C:\Users\Wayne\AppData\Roaming\Malwarebytes
2014-03-30 18:15:14 -------- d-----w- C:\Users\Wayne\AppData\Local\ATI
2014-03-30 18:14:14 -------- d-----w- C:\Users\Wayne\AppData\Local\AOL
2014-03-30 18:13:51 -------- d-----w- C:\Users\Wayne\AppData\Local\Hewlett-Packard
.
==================== Find3M ====================
.
2014-03-12 08:43:06 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 08:43:06 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-03 05:22:25 50976 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-01-23 16:49:59 92488 ----a-w- C:\Windows\System32\LMIinit.dll.000.bak
.
============= FINISH: 11:43:07.56 ===============

attach.txt

Edited by wkandravi
Link to comment
Share on other sites
wkandravi Newbie

wkandravi

Posted
  • Author
Posted

I'm sorry Tomk_,

 

I was editing my previous post with the DDS & Attach as I mistakenly posted the text for attach.txt instead of attaching the file. Everything should be there and accessible now. Please let me know if it is not. Thank you

Link to comment
Share on other sites
Tomk_ Contributor

Tomk_

Posted
Posted

Looks like there may be multiple things going on in there. You have a variety of of junk PUP's (possibly unwanted programs) working and perhaps something more sinister as your AVG doesn't seem to be doing anything but throwing errors.

 

Let's see if we can nuke several things in one fell swoop:

 

Download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

Link to comment
Share on other sites
wkandravi Newbie

wkandravi

Posted
  • Author
Posted

Tomk_,

 

Prior to receiving your post for combofix I ran Kapersky TDSSKiller. I have attached the log for you to review. Here are the results for the ComboFix

 

ComboFix 14-03-24.01 - Wayne 03/31/2014 17:13:59.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2631 [GMT -4:00]
Running from: c:\users\Wayne\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files (x86)\TelevisionFanatic
c:\program files (x86)\TelevisionFanatic\bar\gen1\COMMON.T8S
c:\program files (x86)\TelevisionFanatic\bar\IE9Mesg\COMMON.T8S
c:\program files (x86)\TelevisionFanatic\bar\Message\COMMON.T8S
c:\program files (x86)\TelevisionFanatic\bar\Settings\s_pid.dat
c:\programdata\SPL4F08.tmp
c:\programdata\SPL6412.tmp
c:\programdata\SPL6A72.tmp
c:\programdata\SPL7A4D.tmp
c:\programdata\SPL8690.tmp
c:\programdata\SPLA41D.tmp
c:\programdata\SPLBC11.tmp
c:\programdata\SPLC002.tmp
c:\programdata\SPLCC7A.tmp
c:\users\Wayne\Documents\mbam-log-2014-03-30 (15-04-01).log
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.3.inf
c:\windows\SysWow64\u
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2014-02-28 to 2014-03-31 )))))))))))))))))))))))))))))))
.
.
2014-03-31 21:23 . 2014-03-31 21:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-31 18:17 . 2014-03-31 18:17 -------- d-----w- C:\TDSSKiller_Quarantine
2014-03-31 03:51 . 2013-10-17 15:32 20472 ----a-w- c:\windows\system32\Spool\prtprocs\x64\TeamViewer_PrintProcessor.dll
2014-03-31 03:50 . 2014-03-31 03:50 -------- d-----w- c:\program files (x86)\TeamViewer
2014-03-31 00:57 . 2014-03-31 00:57 388096 ----a-r- c:\users\Wayne\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-03-31 00:57 . 2014-03-31 00:57 -------- d-----w- c:\program files (x86)\Trend Micro
2014-03-30 21:34 . 2014-03-31 00:57 -------- d-----w- c:\users\Wayne\AppData\Local\VirtualStore
2014-03-30 19:52 . 2014-03-30 19:52 -------- d-----w- c:\programdata\Sophos
2014-03-30 19:52 . 2014-03-30 19:52 73728 ----a-r- c:\users\Wayne\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-03-30 19:52 . 2014-03-30 19:52 73728 ----a-r- c:\users\Wayne\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-03-30 19:52 . 2014-03-30 19:52 73728 ----a-r- c:\users\Wayne\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-03-30 19:51 . 2014-03-30 19:51 -------- d-----w- c:\program files (x86)\Sophos
2014-03-30 19:44 . 2014-03-05 13:26 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-03-30 19:44 . 2014-03-05 13:26 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-30 19:44 . 2014-03-05 13:26 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-30 19:44 . 2014-03-30 19:44 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-03-30 18:34 . 2014-03-31 03:45 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-30 18:33 . 2014-03-30 18:33 -------- d-----w- c:\users\Wayne\AppData\Local\CrashDumps
2014-03-30 18:33 . 2014-03-30 18:33 -------- d-----w- c:\users\Wayne\AppData\Local\Macromedia
2014-03-30 18:32 . 2014-03-30 18:32 -------- d-----w- c:\users\Wayne\AppData\Local\Mozilla
2014-03-30 18:26 . 2014-03-30 18:26 -------- d-----w- c:\users\Wayne\AppData\Local\Programs
2014-03-30 18:20 . 2014-03-30 18:21 -------- d-----w- c:\users\Wayne\AppData\Local\Avg2013
2014-03-30 18:20 . 2014-03-30 18:20 -------- d-----w- c:\users\Wayne\AppData\Roaming\TuneUp Software
2014-03-30 18:19 . 2014-03-30 18:19 -------- d-----w- c:\users\Wayne\AppData\Local\MFAData
2014-03-30 18:18 . 2014-03-30 18:18 -------- d-----w- c:\users\Wayne\AppData\Roaming\Malwarebytes
2014-03-30 18:15 . 2014-03-30 18:15 -------- d-----w- c:\users\Wayne\AppData\Roaming\ATI
2014-03-30 18:15 . 2014-03-30 18:15 -------- d-----w- c:\users\Wayne\AppData\Local\ATI
2014-03-30 18:14 . 2014-03-30 19:45 -------- d-----w- c:\users\Wayne\AppData\Roaming\Hewlett-Packard
2014-03-30 18:14 . 2014-03-30 18:14 -------- d-----w- c:\users\Wayne\AppData\Roaming\Apple Computer
2014-03-30 18:14 . 2014-03-30 18:14 -------- d-----w- c:\users\Wayne\AppData\Local\AOL
2014-03-30 18:13 . 2014-03-30 18:14 -------- d-----w- c:\users\Wayne\AppData\Local\Hewlett-Packard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 08:43 . 2012-11-12 23:24 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 08:43 . 2011-06-03 21:05 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-03 05:22 . 2013-04-13 15:56 50976 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-01-23 16:49 . 2012-03-09 16:13 92488 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 7266972E86890E2B30C0C322E906B027 . 509440 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[-] 2010-11-20 . 6460232D6B79120F67AFA1361EBF1890 . 513536 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"HostManager"="c:\program files (x86)\Common Files\AOL\1269351362\ee\AOLSoftware.exe" [2010-03-08 41800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe;c:\windows\SYSNATIVE\lxdncoms.exe [x]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxdnserv.exe [x]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGTP
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-12 08:43]
.
2014-03-31 c:\windows\Tasks\HPCeeScheduleForMelanie.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 09:43]
.
2014-03-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-04 8098848]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"lxdnamon"="c:\program files (x86)\Lexmark 2600 Series\lxdnamon.exe" [2010-02-04 16040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-03-12 21720]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?ncid=customie9
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\bybst9sc.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - ExtSQL: 2014-03-17 15:02; kaffxtbr@CelebSauce.com; c:\program files (x86)\CelebSauce\bar\1.bin
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-68426450.sys
SafeBoot-87450452.sys
HKLM-Run-lxdnmon.exe - c:\program files (x86)\Lexmark 2600 Series\lxdnmon.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-31 17:26:05
ComboFix-quarantined-files.txt 2014-03-31 21:26
.
Pre-Run: 240,113,963,008 bytes free
Post-Run: 239,733,112,832 bytes free
.
- - End Of File - - E606DEF4F7E44B0C735D1A406A6DF0EF

TDSSKiller.3.0.0.26_31.03.2014_14.04.42_log.zip

Link to comment
Share on other sites
Tomk_ Contributor

Tomk_

Posted
Posted (edited)

Typically we ask that you don't run programs without our direction... but I was going to have you run TDSSKiller anyway. :)

COMBOFIX-Script

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    FCopy::
c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll | c:\windows\system32\rpcss.dll 
Firefox::
FF - ProfilePath - c:\users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\bybst9sc.default\
FF - ExtSQL: 2014-03-17 15:02; kaffxtbr@CelebSauce.com; c:\program files (x86)\CelebSauce\bar\1.bin
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Edited by Tomk_
Link to comment
Share on other sites
wkandravi Newbie

wkandravi

Posted
  • Author
Posted

ComboFix 14-03-24.01 - Wayne 03/31/2014 20:44:33.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.1858 [GMT -4:00]
Running from: c:\users\Wayne\Downloads\ComboFix.exe
Command switches used :: c:\users\Wayne\Downloads\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll --> c:\windows\system32\rpcss.dll
.
((((((((((((((((((((((((( Files Created from 2014-03-01 to 2014-04-01 )))))))))))))))))))))))))))))))
.
.
2014-04-01 00:51 . 2014-04-01 00:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-31 18:17 . 2014-03-31 18:17 -------- d-----w- C:\TDSSKiller_Quarantine
2014-03-31 03:51 . 2013-10-17 15:32 20472 ----a-w- c:\windows\system32\Spool\prtprocs\x64\TeamViewer_PrintProcessor.dll
2014-03-31 03:50 . 2014-03-31 03:50 -------- d-----w- c:\program files (x86)\TeamViewer
2014-03-31 00:57 . 2014-03-31 00:57 388096 ----a-r- c:\users\Wayne\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-03-31 00:57 . 2014-03-31 00:57 -------- d-----w- c:\program files (x86)\Trend Micro
2014-03-30 21:34 . 2014-03-31 00:57 -------- d-----w- c:\users\Wayne\AppData\Local\VirtualStore
2014-03-30 19:52 . 2014-03-30 19:52 -------- d-----w- c:\programdata\Sophos
2014-03-30 19:52 . 2014-03-30 19:52 73728 ----a-r- c:\users\Wayne\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-03-30 19:52 . 2014-03-30 19:52 73728 ----a-r- c:\users\Wayne\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-03-30 19:52 . 2014-03-30 19:52 73728 ----a-r- c:\users\Wayne\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-03-30 19:51 . 2014-03-30 19:51 -------- d-----w- c:\program files (x86)\Sophos
2014-03-30 19:44 . 2014-03-05 13:26 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-03-30 19:44 . 2014-03-05 13:26 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-30 19:44 . 2014-03-05 13:26 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-30 19:44 . 2014-03-30 19:44 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-03-30 18:34 . 2014-03-31 03:45 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-30 18:33 . 2014-03-30 18:33 -------- d-----w- c:\users\Wayne\AppData\Local\CrashDumps
2014-03-30 18:33 . 2014-03-30 18:33 -------- d-----w- c:\users\Wayne\AppData\Local\Macromedia
2014-03-30 18:32 . 2014-03-31 23:57 -------- d-----w- c:\users\Wayne\AppData\Local\Mozilla
2014-03-30 18:26 . 2014-03-30 18:26 -------- d-----w- c:\users\Wayne\AppData\Local\Programs
2014-03-30 18:20 . 2014-03-30 18:21 -------- d-----w- c:\users\Wayne\AppData\Local\Avg2013
2014-03-30 18:20 . 2014-03-30 18:20 -------- d-----w- c:\users\Wayne\AppData\Roaming\TuneUp Software
2014-03-30 18:19 . 2014-03-30 18:19 -------- d-----w- c:\users\Wayne\AppData\Local\MFAData
2014-03-30 18:18 . 2014-03-30 18:18 -------- d-----w- c:\users\Wayne\AppData\Roaming\Malwarebytes
2014-03-30 18:15 . 2014-03-30 18:15 -------- d-----w- c:\users\Wayne\AppData\Roaming\ATI
2014-03-30 18:15 . 2014-03-30 18:15 -------- d-----w- c:\users\Wayne\AppData\Local\ATI
2014-03-30 18:14 . 2014-03-30 19:45 -------- d-----w- c:\users\Wayne\AppData\Roaming\Hewlett-Packard
2014-03-30 18:14 . 2014-03-30 18:14 -------- d-----w- c:\users\Wayne\AppData\Roaming\Apple Computer
2014-03-30 18:14 . 2014-03-30 18:14 -------- d-----w- c:\users\Wayne\AppData\Local\AOL
2014-03-30 18:13 . 2014-03-30 18:14 -------- d-----w- c:\users\Wayne\AppData\Local\Hewlett-Packard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 08:43 . 2012-11-12 23:24 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 08:43 . 2011-06-03 21:05 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-03 05:22 . 2013-04-13 15:56 50976 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-01-23 16:49 . 2012-03-09 16:13 92488 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"HostManager"="c:\program files (x86)\Common Files\AOL\1269351362\ee\AOLSoftware.exe" [2010-03-08 41800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe;c:\windows\SYSNATIVE\lxdncoms.exe [x]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxdnserv.exe [x]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGTP
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-12 08:43]
.
2014-03-31 c:\windows\Tasks\HPCeeScheduleForMelanie.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 09:43]
.
2014-03-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-04 8098848]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"lxdnmon.exe"="c:\program files (x86)\Lexmark 2600 Series\lxdnmon.exe" [bU]
"lxdnamon"="c:\program files (x86)\Lexmark 2600 Series\lxdnamon.exe" [2010-02-04 16040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-03-12 21720]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?ncid=customie9
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\bybst9sc.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - ExtSQL: 2014-03-17 15:02; kaffxtbr@CelebSauce.com; c:\program files (x86)\CelebSauce\bar\1.bin
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-31 20:54:02
ComboFix-quarantined-files.txt 2014-04-01 00:54
ComboFix2.txt 2014-03-31 21:26
.
Pre-Run: 239,519,117,312 bytes free
Post-Run: 239,269,822,464 bytes free
.
- - End Of File - - 97C3F18C1240A4972D288ACB457AA39F

Link to comment
Share on other sites
Tomk_ Contributor

Tomk_

Posted
Posted

Hm... it only partially worked... but it took care of the important issue.

Let's hit it with the "shot gun" approach. Basically each of these programs do similiar jobs. They clean out garbage... but each works off of it's own target list so they tend to cover items the other one missed.

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.

Step 3Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log



In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to comment
Share on other sites
wkandravi Newbie

wkandravi

Posted
  • Author
Posted

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Wayne on Mon 03/31/2014 at 21:56:19.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dnu.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\yontooieclient.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\appgraffiti
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\firstsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\inbox.appserver
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\app24x7help_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\app24x7help_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\viewpointmediaplayer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{612ad33d-9824-4e87-8396-92374e91c4bb}_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2559647
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C81AB027-1C7A-4FF6-BFCC-3FCEEF9011DC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{98d8c683-126b-4a29-816d-853af6e31c3f}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnu.xpt"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.xpt"
Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\viewpoint"
Successfully deleted: [Folder] "C:\Users\Wayne\appdata\locallow\appgraffiti"
Successfully deleted: [Folder] "C:\Users\Wayne\appdata\locallow\dictionaryboss"
Successfully deleted: [Folder] "C:\Program Files (x86)\aol toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\celebsauce"
Successfully deleted: [Folder] "C:\Program Files (x86)\free offers from freeze.com"
Successfully deleted: [Folder] "C:\Program Files (x86)\inbox toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\viewpoint"
Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo layers runtime"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\appgraffiti"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\inbox toolbar"



~~~ FireFox

Emptied folder: C:\Users\Wayne\AppData\Roaming\mozilla\firefox\profiles\bybst9sc.default\minidumps [2 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/31/2014 at 22:07:24.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

# AdwCleaner v3.022 - Report created 31/03/2014 at 22:19:41
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Wayne - MELANIE-PC
# Running from : C:\Users\Wayne\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Melanie\AppData\Local\Conduit
Folder Deleted : C:\Users\Melanie\AppData\Local\iac
Folder Deleted : C:\Users\Melanie\AppData\LocalLow\AppGraffiti
Folder Deleted : C:\Users\Melanie\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Melanie\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Melanie\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Melanie\AppData\LocalLow\Inbox Toolbar
Folder Deleted : C:\Users\Melanie\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Melanie\AppData\LocalLow\TelevisionFanatic
Folder Deleted : C:\Users\Melanie\AppData\Roaming\AppGraffiti
Folder Deleted : C:\Users\Melanie\AppData\Roaming\AVG Secure Search
Folder Deleted : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\jd4ubnk1.default\Inbox Toolbar
Folder Deleted : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\jd4ubnk1.default\Extensions\64ffxtbr@TelevisionFanatic.com
Folder Deleted : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\jd4ubnk1.default\Extensions\AppGraffiti@AppGraffiti.com
Folder Deleted : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\jd4ubnk1.default\Extensions\inboxcomtoolbar@inbox.com
File Deleted : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\jd4ubnk1.default\Extensions\plugin@yontoo.com.xpi
File Deleted : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\jd4ubnk1.default\.autoreg
File Deleted : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\jd4ubnk1.default\invalidprefs.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\jd4ubnk1.default\searchplugins\mywebsearch.xml
File Deleted : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\jd4ubnk1.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKCU\Software\AppDataLow\Software\TelevisionFanatic
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\TelevisionFanatic
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16450


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\jd4ubnk1.default\prefs.js ]

Line Deleted : user_pref("browser.search.selectedEngine", "Inbox Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.inbox.com/homepage.aspx?tbid=80357&iwk=0&lng=en");
Line Deleted : user_pref("extensions.enabledAddons", "plugin%40yontoo.com:1.20.02,AppGraffiti%40AppGraffiti.com:1.0.1.3,inboxcomtoolbar%40inbox.com:1.2.0.48,64ffxtbr%40TelevisionFanatic.com:2.1.0.41972,kaffxtbr%40Ce[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=undefined&n=780bb030&p2=^XP^xpi000^S02112^");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2014031920");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "^XP^xpi000^S02112^");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.success", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "undefined");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "19030");
Line Deleted : user_pref("extensions.toolbar.mindspark._kaMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=undefined&n=780bb030&ptnrS=Z6xpi000YY");
Line Deleted : user_pref("extensions.toolbar.mindspark._kaMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._kaMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._kaMembers_.installation.installDate", "2014031920");
Line Deleted : user_pref("extensions.toolbar.mindspark._kaMembers_.installation.partnerId", "Z6xpi000YY");
Line Deleted : user_pref("extensions.toolbar.mindspark._kaMembers_.installation.partnerSubId", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._kaMembers_.installation.success", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._kaMembers_.installation.toolbarId", "undefined");
Line Deleted : user_pref("extensions.toolbar.mindspark._kaMembers_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._kaMembers_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._kaMembers_.options.keywordEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._kaMembers_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._v4Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=undefined&n=780bb030&ptnrS=XQxpi000YY");
Line Deleted : user_pref("extensions.toolbar.mindspark._v4Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._v4Members_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._v4Members_.installation.installDate", "2014031920");
Line Deleted : user_pref("extensions.toolbar.mindspark._v4Members_.installation.partnerId", "XQxpi000YY");
Line Deleted : user_pref("extensions.toolbar.mindspark._v4Members_.installation.partnerSubId", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._v4Members_.installation.success", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._v4Members_.installation.toolbarId", "undefined");
Line Deleted : user_pref("extensions.toolbar.mindspark._v4Members_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._v4Members_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._v4Members_.options.keywordEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._v4Members_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "dictionaryboss@mindspark.com");
Line Deleted : user_pref("extentions.y2layers.installId", "69498CC2-5272-EA63-1D7A-781E2EAD67E8");
Line Deleted : user_pref("extentions.y2layers.installId_backup", "69498CC2-5272-EA63-1D7A-781E2EAD67E8");
Line Deleted : user_pref("ibxcomtb.defs", "<buttons>\n<button id=\"calculator_calculator\" position=\"3150\" default=\"3\" type=\"simple\" action=\"calc.exe\" acttype=\"exec\" status_disabled=\"0\" ver=\"1.0.0.1\">\[...]
Line Deleted : user_pref("ibxcomtb.ibxHP", "hxxp://www.inbox.com/homepage.aspx?tbid=80357&iwk=0&lng=en");
Line Deleted : user_pref("keyword.URL", "hxxp://www2.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80357&iwk=0&language=en&qkw=");

[ File : C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\bybst9sc.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [14699 octets] - [31/03/2014 22:17:48]
AdwCleaner[s0].txt - [14735 octets] - [31/03/2014 22:19:41]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [14796 octets] ##########

 

 

 

 

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/1/2014
Scan Time: 5:34:07 AM
Logfile: mbam-log-2014-03-31 (22-23-56).txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.04.01.01
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Wayne

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 467160
Time Elapsed: 7 hr, 10 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
Trojan.Patched, C:\Qoobox\Quarantine\C\Windows\System32\rpcss.dll.vir, Quarantined, [51afc63a51af0af638c10123ec1517e9],
Rootkit.Necurs.GO, C:\TDSSKiller_Quarantine\31.03.2014_14.04.43\necurs0000\svc0000\tsk0000.dta, Quarantined, [768a22de6799b24e4ebc67f54db4916f],

Physical Sectors: 0
(No malicious items detected)


(end)

Link to comment
Share on other sites
Tomk_ Contributor

Tomk_

Posted
Posted

Great... the multitude of entries found with JRT and AdwCleaner are from nearly a dozen different programs that got installed along with something that you really wanted to do. They, at minimum, leach resources and some of them are known to cause redirects, stalling, and a variety of other issues. It is my best guess that one of them "brought a friend" and you got infected with the Necurs rootkit. Necurs disables your onboard security and then opens a backdoor into your system. Once the door is open, it is virtually impossible to tell if any information was gleaned for nefarious purposes. Therefore it is prudent that I issue a warning:

 

Your computer appears to have been infected by a backdoor trojan. These programs have the ability to steal passwords and other information from your system. If you use your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps


This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

If you wish to reformat then please let me know in your next response, I'll now continue with instructions for cleaning.

I suspect you've noticed a significant improvement with you system by now. Let's get an online scan (that will probably take hours).

 

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: EOLS1.gif

     
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:


    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif [*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection. [*]When completed the Online Scan will begin automatically. [*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall. [*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first! [*]Now click on: EOLS4.gif [*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt. [*]Copy and paste that log as a reply to this topic.



Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Also, please update me as to how things seem to be running.

Link to comment
Share on other sites
wkandravi Newbie

wkandravi

Posted
  • Author
Posted

Tomk_,

 

I just wanted to update and let you know that the ESET scan is still running. It's been running about 3 hrs now and is about 50% complete. So far it found 2 items, but they only appear to be PUPs. I will post the log upon completion. Thanks

Link to comment
Share on other sites
Tomk_ Contributor

Tomk_

Posted
Posted

There is a good chance that what it finds will already be in quarantine... but we'll see what we see when it finishes.

 

Don't forget to give me an update on how things seem to be running... after it finishes.

Link to comment
Share on other sites
wkandravi Newbie

wkandravi

Posted
  • Author
Posted

C:\AdwCleaner\Quarantine\C\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\jd4ubnk1.default\Extensions\plugin@yontoo.com.xpi.vir Win32/Adware.Yontoo application
C:\AdwCleaner\Quarantine\C\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\jd4ubnk1.default\Extensions\inboxcomtoolbar@inbox.com\chrome\ibxcomtb.jar.vir Win32/Toolbar.Inbox.F potentially unwanted application

 

Can these be deleted instead of quarantined?

 

I will run a few tasks and report back on the performance. Thanks

Link to comment
Share on other sites
wkandravi Newbie

wkandravi

Posted
  • Author
Posted

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450
Run by Melanie at 18:47:07 on 2014-04-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.627 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\spool\DRIVERS\x64\3\lxdnserv.exe
C:\Windows\system32\lxdncoms.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\aol\1269351362\ee\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
c:\program files (x86)\teamviewer\version9\TeamViewer_Desktop.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Windows Internet Explorer provided by AOL
uDefault_Page_URL = hxxp://www.aol.com/?ncid=customie9
mDefault_Page_URL = hxxp://www.google.com
uProxyOverride = 192.168.*.*;*.local
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE" -b
uRun: [AZFworks] regsvr32.exe C:\Users\Melanie\AppData\Local\AZFworks\ASMct217I.dll
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1269351362\ee\AOLSoftware.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Search - http://tbedits.dictionaryboss.com/one-toolbaredits/menusearch.jhtml?s=100000414&p2=^XQ^xdm002^YY^us&si=CPuCts3XoLUCFUQw4AodDjEATg&a=A21FC1A8-3F94-40B5-AA6F-A9F0438C8732&n=2013030813&cv=4
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{802F067A-1493-4B9E-9FDA-6A97335552B4} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{802F067A-1493-4B9E-9FDA-6A97335552B4}\44E4459443 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{89DE6A28-FEB1-4F69-B82E-DE5D92E2B544} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe
x64-Run: [lxdnmon.exe] "C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe"
x64-Run: [lxdnamon] "C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe"
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\jd4ubnk1.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - ExtSQL: !HIDDEN! 2012-09-08 13:45; kaffxtbr@CelebSauce.com; C:\Program Files (x86)\CelebSauce\bar\1.bin
FF - ExtSQL: !HIDDEN! 2013-02-05 21:57; v4ffxtbr@DictionaryBoss.com; C:\Program Files (x86)\DictionaryBoss\bar\1.bin
.
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-4-13 50976]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-10-29 48488]
.
=============== Created Last 30 ================
.
2014-04-01 16:19:30 -------- d-----w- C:\Program Files (x86)\ESET
2014-04-01 02:15:25 -------- d-----w- C:\AdwCleaner
2014-04-01 01:56:16 -------- d-----w- C:\Windows\ERUNT
2014-04-01 00:54:08 -------- d-sh--w- C:\$RECYCLE.BIN
2014-03-31 20:09:47 98816 ----a-w- C:\Windows\sed.exe
2014-03-31 20:09:47 256000 ----a-w- C:\Windows\PEV.exe
2014-03-31 20:09:47 208896 ----a-w- C:\Windows\MBR.exe
2014-03-31 18:17:29 -------- d-----w- C:\TDSSKiller_Quarantine
2014-03-31 03:51:16 20472 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\TeamViewer_PrintProcessor.dll
2014-03-31 03:50:54 -------- d-----w- C:\Program Files (x86)\TeamViewer
2014-03-31 00:57:20 -------- d-----w- C:\Program Files (x86)\Trend Micro
2014-03-30 19:52:19 -------- d-----w- C:\ProgramData\Sophos
2014-03-30 19:51:59 -------- d-----w- C:\Program Files (x86)\Sophos
2014-03-30 19:44:49 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-30 19:44:49 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-03-30 19:44:49 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-30 19:44:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-30 18:34:00 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
.
==================== Find3M ====================
.
2014-03-12 08:43:06 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 08:43:06 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-03 05:22:25 50976 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-01-23 16:49:59 92488 ----a-w- C:\Windows\System32\LMIinit.dll.000.bak
.
============= FINISH: 18:52:33.36 ===============

Link to comment
Share on other sites
Tomk_ Contributor

Tomk_

Posted
Posted

No attach.txt?

 

That .dll file that was hanging should be part of Autodesk... but your computer says it is by AZF works. I can't seem to find anything about a company of that name. Does it mean anything to you?

 

You've got a couple of infected Firefox tool bars on there. One is called CelebSauce and the other is DictionaryBoss. They are "hiding" in hidden files. Let's see if we can rip them out.

 

COMBOFIX-Script

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

     

    DDS::
FF - ExtSQL: !HIDDEN! 2012-09-08 13:45; kaffxtbr@CelebSauce.com; C:\Program Files (x86)\CelebSauce\bar\1.bin
FF - ExtSQL: !HIDDEN! 2013-02-05 21:57; v4ffxtbr@DictionaryBoss.com; C:\Program Files (x86)\DictionaryBoss\bar\1.bin 
Folder::
C:\Program Files (x86)\CelebSauce
C:\Program Files (x86)\DictionaryBoss

Firefox::
FF - ExtSQL:  2012-09-08 13:45; kaffxtbr@CelebSauce.com; C:\Program Files (x86)\CelebSauce\bar\1.bin
FF - ExtSQL:  2013-02-05 21:57; v4ffxtbr@DictionaryBoss.com; C:\Program Files (x86)\DictionaryBoss\bar\1.bin

Driver::
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

     

    CFScriptB-4.gif

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Link to comment
Share on other sites
wkandravi Newbie

wkandravi

Posted
  • Author
Posted

ComboFix 14-03-24.01 - Melanie 04/01/2014 19:57:15.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2294 [GMT -4:00]
Running from: c:\users\Wayne\Downloads\ComboFix.exe
Command switches used :: c:\users\Wayne\Downloads\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-03-02 to 2014-04-02 )))))))))))))))))))))))))))))))
.
.
2014-04-02 00:07 . 2014-04-02 00:07 -------- d-----w- c:\users\Wayne\AppData\Local\temp
2014-04-02 00:07 . 2014-04-02 00:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-01 16:19 . 2014-04-01 16:19 -------- d-----w- c:\program files (x86)\ESET
2014-04-01 15:54 . 2014-04-01 15:54 -------- d-----w- c:\users\Wayne\AppData\Local\Diagnostics
2014-04-01 02:15 . 2014-04-01 02:19 -------- d-----w- C:\AdwCleaner
2014-04-01 01:56 . 2014-04-01 01:56 -------- d-----w- c:\windows\ERUNT
2014-03-31 18:17 . 2014-03-31 18:17 -------- d-----w- C:\TDSSKiller_Quarantine
2014-03-31 03:51 . 2013-10-17 15:32 20472 ----a-w- c:\windows\system32\Spool\prtprocs\x64\TeamViewer_PrintProcessor.dll
2014-03-31 03:50 . 2014-03-31 03:50 -------- d-----w- c:\program files (x86)\TeamViewer
2014-03-31 00:57 . 2014-03-31 00:57 388096 ----a-r- c:\users\Wayne\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-03-31 00:57 . 2014-03-31 00:57 -------- d-----w- c:\program files (x86)\Trend Micro
2014-03-30 21:34 . 2014-03-31 00:57 -------- d-----w- c:\users\Wayne\AppData\Local\VirtualStore
2014-03-30 19:52 . 2014-03-30 19:52 -------- d-----w- c:\programdata\Sophos
2014-03-30 19:52 . 2014-03-30 19:52 73728 ----a-r- c:\users\Wayne\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-03-30 19:52 . 2014-03-30 19:52 73728 ----a-r- c:\users\Wayne\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-03-30 19:52 . 2014-03-30 19:52 73728 ----a-r- c:\users\Wayne\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-03-30 19:51 . 2014-03-30 19:51 -------- d-----w- c:\program files (x86)\Sophos
2014-03-30 19:44 . 2014-03-05 13:26 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-03-30 19:44 . 2014-03-05 13:26 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-30 19:44 . 2014-03-05 13:26 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-30 19:44 . 2014-03-30 19:44 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-03-30 18:34 . 2014-04-01 22:12 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-30 18:33 . 2014-03-30 18:33 -------- d-----w- c:\users\Wayne\AppData\Local\CrashDumps
2014-03-30 18:33 . 2014-03-30 18:33 -------- d-----w- c:\users\Wayne\AppData\Local\Macromedia
2014-03-30 18:32 . 2014-03-31 23:57 -------- d-----w- c:\users\Wayne\AppData\Local\Mozilla
2014-03-30 18:26 . 2014-03-30 18:26 -------- d-----w- c:\users\Wayne\AppData\Local\Programs
2014-03-30 18:20 . 2014-03-30 18:21 -------- d-----w- c:\users\Wayne\AppData\Local\Avg2013
2014-03-30 18:20 . 2014-03-30 18:20 -------- d-----w- c:\users\Wayne\AppData\Roaming\TuneUp Software
2014-03-30 18:19 . 2014-03-30 18:19 -------- d-----w- c:\users\Wayne\AppData\Local\MFAData
2014-03-30 18:18 . 2014-03-30 18:18 -------- d-----w- c:\users\Wayne\AppData\Roaming\Malwarebytes
2014-03-30 18:15 . 2014-03-30 18:15 -------- d-----w- c:\users\Wayne\AppData\Roaming\ATI
2014-03-30 18:15 . 2014-03-30 18:15 -------- d-----w- c:\users\Wayne\AppData\Local\ATI
2014-03-30 18:14 . 2014-03-30 19:45 -------- d-----w- c:\users\Wayne\AppData\Roaming\Hewlett-Packard
2014-03-30 18:14 . 2014-03-30 18:14 -------- d-----w- c:\users\Wayne\AppData\Roaming\Apple Computer
2014-03-30 18:14 . 2014-03-30 18:14 -------- d-----w- c:\users\Wayne\AppData\Local\AOL
2014-03-30 18:13 . 2014-04-01 09:40 -------- d-----w- c:\users\Wayne\AppData\Local\Hewlett-Packard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 08:43 . 2012-11-12 23:24 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 08:43 . 2011-06-03 21:05 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-03 05:22 . 2013-04-13 15:56 50976 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-01-23 16:49 . 2012-03-09 16:13 92488 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.6\AOL.EXE" [2011-01-13 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"HostManager"="c:\program files (x86)\Common Files\AOL\1269351362\ee\AOLSoftware.exe" [2010-03-08 41800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe;c:\windows\SYSNATIVE\lxdncoms.exe [x]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxdnserv.exe [x]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-12 08:43]
.
2014-04-01 c:\windows\Tasks\HPCeeScheduleForMelanie.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 09:43]
.
2014-04-01 c:\windows\Tasks\HPCeeScheduleForWayne.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 09:43]
.
2014-03-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-04 8098848]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"lxdnmon.exe"="c:\program files (x86)\Lexmark 2600 Series\lxdnmon.exe" [bU]
"lxdnamon"="c:\program files (x86)\Lexmark 2600 Series\lxdnamon.exe" [2010-02-04 16040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-03-12 21720]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\jd4ubnk1.default\
FF - ExtSQL: !HIDDEN! 2012-09-08 13:45; kaffxtbr@CelebSauce.com; c:\program files (x86)\CelebSauce\bar\1.bin
FF - ExtSQL: !HIDDEN! 2013-02-05 21:57; v4ffxtbr@DictionaryBoss.com; c:\program files (x86)\DictionaryBoss\bar\1.bin
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AZFworks - c:\users\Melanie\AppData\Local\AZFworks\ASMct217I.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-01 20:24:44
ComboFix-quarantined-files.txt 2014-04-02 00:24
ComboFix2.txt 2014-04-01 00:54
ComboFix3.txt 2014-03-31 21:26
.
Pre-Run: 235,802,374,144 bytes free
Post-Run: 236,213,448,704 bytes free
.
- - End Of File - - B01A3823DEECBE63ACFF189278228FE2

Link to comment
Share on other sites
Tomk_ Contributor

Tomk_

Posted
Posted

Hmm... It didn't even try to work. Let's try one more time... and if no go, then we will have to try something different.

COMBOFIX-Script

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    FireFox::
FF - ExtSQL: !HIDDEN! 2012-09-08 13:45; kaffxtbr@CelebSauce.com; C:\Program Files (x86)\CelebSauce\bar\1.bin
FF - ExtSQL: !HIDDEN! 2013-02-05 21:57; v4ffxtbr@DictionaryBoss.com; C:\Program Files (x86)\DictionaryBoss\bar\1.bin 

Folder::
C:\Program Files (x86)\CelebSauce
C:\Program Files (x86)\DictionaryBoss
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Link to comment
Share on other sites
wkandravi Newbie

wkandravi

Posted
  • Author
Posted

ComboFix 14-03-24.01 - Melanie 04/01/2014 22:01:47.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2535 [GMT -4:00]
Running from: c:\users\Wayne\Downloads\ComboFix.exe
Command switches used :: c:\users\Wayne\Downloads\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-03-02 to 2014-04-02 )))))))))))))))))))))))))))))))
.
.
2014-04-02 02:38 . 2014-04-02 02:38 -------- d-----w- c:\users\Wayne\AppData\Local\temp
2014-04-02 02:38 . 2014-04-02 02:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-01 16:19 . 2014-04-01 16:19 -------- d-----w- c:\program files (x86)\ESET
2014-04-01 15:54 . 2014-04-01 15:54 -------- d-----w- c:\users\Wayne\AppData\Local\Diagnostics
2014-04-01 02:15 . 2014-04-01 02:19 -------- d-----w- C:\AdwCleaner
2014-04-01 01:56 . 2014-04-01 01:56 -------- d-----w- c:\windows\ERUNT
2014-03-31 18:17 . 2014-03-31 18:17 -------- d-----w- C:\TDSSKiller_Quarantine
2014-03-31 03:51 . 2013-10-17 15:32 20472 ----a-w- c:\windows\system32\Spool\prtprocs\x64\TeamViewer_PrintProcessor.dll
2014-03-31 03:50 . 2014-03-31 03:50 -------- d-----w- c:\program files (x86)\TeamViewer
2014-03-31 00:57 . 2014-03-31 00:57 388096 ----a-r- c:\users\Wayne\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-03-31 00:57 . 2014-03-31 00:57 -------- d-----w- c:\program files (x86)\Trend Micro
2014-03-30 21:34 . 2014-03-31 00:57 -------- d-----w- c:\users\Wayne\AppData\Local\VirtualStore
2014-03-30 19:52 . 2014-03-30 19:52 -------- d-----w- c:\programdata\Sophos
2014-03-30 19:52 . 2014-03-30 19:52 73728 ----a-r- c:\users\Wayne\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-03-30 19:52 . 2014-03-30 19:52 73728 ----a-r- c:\users\Wayne\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-03-30 19:52 . 2014-03-30 19:52 73728 ----a-r- c:\users\Wayne\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-03-30 19:51 . 2014-03-30 19:51 -------- d-----w- c:\program files (x86)\Sophos
2014-03-30 19:44 . 2014-03-05 13:26 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-03-30 19:44 . 2014-03-05 13:26 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-30 19:44 . 2014-03-05 13:26 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-30 19:44 . 2014-03-30 19:44 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-03-30 18:34 . 2014-04-01 22:12 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-30 18:33 . 2014-03-30 18:33 -------- d-----w- c:\users\Wayne\AppData\Local\CrashDumps
2014-03-30 18:33 . 2014-03-30 18:33 -------- d-----w- c:\users\Wayne\AppData\Local\Macromedia
2014-03-30 18:32 . 2014-03-31 23:57 -------- d-----w- c:\users\Wayne\AppData\Local\Mozilla
2014-03-30 18:26 . 2014-03-30 18:26 -------- d-----w- c:\users\Wayne\AppData\Local\Programs
2014-03-30 18:20 . 2014-03-30 18:21 -------- d-----w- c:\users\Wayne\AppData\Local\Avg2013
2014-03-30 18:20 . 2014-03-30 18:20 -------- d-----w- c:\users\Wayne\AppData\Roaming\TuneUp Software
2014-03-30 18:19 . 2014-03-30 18:19 -------- d-----w- c:\users\Wayne\AppData\Local\MFAData
2014-03-30 18:18 . 2014-03-30 18:18 -------- d-----w- c:\users\Wayne\AppData\Roaming\Malwarebytes
2014-03-30 18:15 . 2014-03-30 18:15 -------- d-----w- c:\users\Wayne\AppData\Roaming\ATI
2014-03-30 18:15 . 2014-03-30 18:15 -------- d-----w- c:\users\Wayne\AppData\Local\ATI
2014-03-30 18:14 . 2014-03-30 19:45 -------- d-----w- c:\users\Wayne\AppData\Roaming\Hewlett-Packard
2014-03-30 18:14 . 2014-03-30 18:14 -------- d-----w- c:\users\Wayne\AppData\Roaming\Apple Computer
2014-03-30 18:14 . 2014-03-30 18:14 -------- d-----w- c:\users\Wayne\AppData\Local\AOL
2014-03-30 18:13 . 2014-04-01 09:40 -------- d-----w- c:\users\Wayne\AppData\Local\Hewlett-Packard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 08:43 . 2012-11-12 23:24 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 08:43 . 2011-06-03 21:05 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-03 05:22 . 2013-04-13 15:56 50976 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-01-23 16:49 . 2012-03-09 16:13 92488 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.6\AOL.EXE" [2011-01-13 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"HostManager"="c:\program files (x86)\Common Files\AOL\1269351362\ee\AOLSoftware.exe" [2010-03-08 41800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe;c:\windows\SYSNATIVE\lxdncoms.exe [x]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxdnserv.exe [x]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-12 08:43]
.
2014-04-01 c:\windows\Tasks\HPCeeScheduleForMelanie.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 09:43]
.
2014-04-01 c:\windows\Tasks\HPCeeScheduleForWayne.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 09:43]
.
2014-03-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-04 8098848]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"lxdnmon.exe"="c:\program files (x86)\Lexmark 2600 Series\lxdnmon.exe" [bU]
"lxdnamon"="c:\program files (x86)\Lexmark 2600 Series\lxdnamon.exe" [2010-02-04 16040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-03-12 21720]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\jd4ubnk1.default\
FF - ExtSQL: !HIDDEN! 2012-09-08 13:45; kaffxtbr@CelebSauce.com; c:\program files (x86)\CelebSauce\bar\1.bin
FF - ExtSQL: !HIDDEN! 2013-02-05 21:57; v4ffxtbr@DictionaryBoss.com; c:\program files (x86)\DictionaryBoss\bar\1.bin
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-01 22:40:43
ComboFix-quarantined-files.txt 2014-04-02 02:40
ComboFix2.txt 2014-04-01 00:54
ComboFix3.txt 2014-03-31 21:26
.
Pre-Run: 236,352,131,072 bytes free
Post-Run: 236,292,149,248 bytes free
.
- - End Of File - - 6A8E07C0E4CC70E3DF69314BD185D21D

Link to comment
Share on other sites
Tomk_ Contributor

Tomk_

Posted
Posted

Well bummer.... let's get a scan from a different tool.

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

Link to comment
Share on other sites
wkandravi Newbie

wkandravi

Posted
  • Author
Posted

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Melanie (administrator) on MELANIE-PC on 02-04-2014 06:00:09
Running from C:\Users\Melanie\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Lexmark International, Inc.) C:\Windows\system32\spool\DRIVERS\x64\3\lxdnserv.exe
( ) C:\Windows\system32\lxdncoms.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\aol\1269351362\ee\aolsoftware.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8098848 2009-09-04] (Realtek Semiconductor)
HKLM\...\Run: [PC-Doctor for Windows localizer] - C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM\...\Run: [lxdnmon.exe] - "C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe"
HKLM\...\Run: [lxdnamon] - C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe [16040 2010-02-04] ()
HKLM-x32\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [startCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPCam_Menu] - c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [HostManager] - C:\Program Files (x86)\Common Files\AOL\1269351362\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-12] (Hewlett-Packard)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKU\S-1-5-21-3804815134-1290454183-1668720314-1001\...\Run: [AOL Fast Start] - C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE [42320 2011-01-13] (AOL Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {053A3BF2-AE78-4A18-9A27-E3A4EF0C6669} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {053A3BF2-AE78-4A18-9A27-E3A4EF0C6669} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - DefaultScope {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aol-chromesbox-en-us&tb_uuid=20100323133653742&tb_oid=23-03-2010&tb_mrud=24-06-2011
SearchScopes: HKCU - {053A3BF2-AE78-4A18-9A27-E3A4EF0C6669} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {260ED6E3-2E55-6908-9EF8-A818F9075963} URL = http://www.bing.com/search?q={searchTerms}&pc=Z211&form=ZGAIDF&install_date=20111121&iesrc={referrer:source}
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aol-chromesbox-en-us&tb_uuid=20100323133653742&tb_oid=23-03-2010&tb_mrud=24-06-2011
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={25D99A8D-853E-425F-B221-3FC6FAD554AB}&mid=377d47a3c3cbf0b2b24f6b573678ddbf-f39fbe528ad6a0039c512eff6c1b0a170ad1ab36&lang=us&ds=AVG&pr=fr&d=2011-12-11 08:48:03&v=9.0.0.18&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {98d8c683-126b-4a29-816d-853af6e31c3f} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Z6xdm002YYus&ptnrS=Z6xdm002YYus&si=CMnjx7DEprICFQhN4Aod7SgAaw&ptb=526852E6-909C-454A-9AE5-49536CE8D8CB&psa=&ind=2012090813&st=sb&n=77ee11bd&searchfor={searchTerms}
SearchScopes: HKCU - {9B97950D-482C-1D79-568F-FC7B9D40C785} URL = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20111001&iesrc={referrer:source}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80357&lng=en
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\jd4ubnk1.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @CelebSauce.com/Plugin - C:\Program Files (x86)\CelebSauce\bar\1.bin\NPkaStub.dll No File
FF Plugin-x32: @DictionaryBoss.com/Plugin - C:\Program Files (x86)\DictionaryBoss\bar\1.bin\NPv4Stub.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\jd4ubnk1.default\searchplugins\bing-zugo.xml
FF SearchPlugin: C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\jd4ubnk1.default\searchplugins\inbox-search.xml
FF Extension: CelebSauce - C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\jd4ubnk1.default\Extensions\kaffxtbr@CelebSauce.com [2014-02-27]
FF Extension: DictionaryBoss - C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\jd4ubnk1.default\Extensions\v4ffxtbr@DictionaryBoss.com [2014-02-27]
FF HKLM-x32\...\Firefox\Extensions: [kaffxtbr@CelebSauce.com] - C:\Program Files (x86)\CelebSauce\bar\1.bin

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchKeyword: isearch.avg.com
CHR DefaultSearchURL: http://isearch.avg.com/search?cid={6F5006E6-11C5-47C1-ACE4-0E369BEBFC99}&mid=377d47a3c3cbf0b2b24f6b573678ddbf-f39fbe528ad6a0039c512eff6c1b0a170ad1ab36&lang=en&ds=AVG&pr=fr&d=2013-04-13 11:56:51&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (HP Product Detection Plugin) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2013-07-04]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-22]

==================== Services (Whitelisted) =================

R2 lxdnCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe [29184 2009-04-28] (Lexmark International, Inc.)
R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )
R2 lxdn_device; C:\Windows\SysWOW64\lxdncoms.exe [589824 2007-11-28] ( )
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [218432 2010-12-02] ()

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-03-03] (AVG Technologies)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-02 06:00 - 2014-04-02 06:00 - 00013984 _____ () C:\Users\Melanie\Desktop\FRST.txt
2014-04-02 05:59 - 2014-04-02 06:00 - 00000000 ____D () C:\FRST
2014-04-02 05:59 - 2014-04-02 05:58 - 02157056 _____ (Farbar) C:\Users\Melanie\Desktop\FRST64.exe
2014-04-02 05:58 - 2014-04-02 05:58 - 02157056 _____ (Farbar) C:\Users\Melanie\Downloads\FRST64.exe
2014-04-01 22:40 - 2014-04-01 22:40 - 00016174 _____ () C:\ComboFix.txt
2014-04-01 21:58 - 2014-04-01 21:58 - 00000326 _____ () C:\Users\Melanie\Downloads\CFScript.txt
2014-04-01 20:24 - 2014-04-01 20:24 - 00016261 _____ () C:\ComboFix_OLD.txt
2014-04-01 18:53 - 2014-04-01 18:53 - 00006985 _____ () C:\Users\Melanie\Desktop\attach.txt
2014-04-01 18:53 - 2014-04-01 18:52 - 00010801 _____ () C:\Users\Melanie\Desktop\dds.txt
2014-04-01 16:59 - 2014-04-01 16:59 - 00000385 _____ () C:\Users\Wayne\Desktop\ESET_Scan.txt
2014-04-01 12:19 - 2014-04-01 12:19 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-01 11:59 - 2014-04-01 11:59 - 02347384 _____ (ESET) C:\Users\Wayne\Downloads\esetsmartinstaller_enu.exe
2014-04-01 05:40 - 2014-04-01 17:03 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForWayne.job
2014-04-01 05:40 - 2014-04-01 05:40 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForWayne
2014-03-31 22:21 - 2014-03-31 22:21 - 00015077 _____ () C:\Users\Wayne\Desktop\AdwCleaner[s0].txt
2014-03-31 22:15 - 2014-03-31 22:19 - 00000000 ____D () C:\AdwCleaner
2014-03-31 22:07 - 2014-03-31 22:07 - 00008160 _____ () C:\Users\Wayne\Desktop\JRT.txt
2014-03-31 21:57 - 2014-03-31 21:56 - 01950720 _____ () C:\Users\Wayne\Desktop\AdwCleaner.exe
2014-03-31 21:56 - 2014-03-31 21:56 - 01950720 _____ () C:\Users\Wayne\Downloads\AdwCleaner.exe
2014-03-31 21:56 - 2014-03-31 21:56 - 00000000 ____D () C:\Windows\ERUNT
2014-03-31 21:55 - 2014-03-31 21:55 - 01038974 _____ (Thisisu) C:\Users\Wayne\Downloads\JRT.exe
2014-03-31 21:55 - 2014-03-31 21:55 - 01038974 _____ (Thisisu) C:\Users\Wayne\Desktop\JRT.exe
2014-03-31 19:10 - 2014-03-31 19:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-31 17:06 - 2014-03-31 17:06 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-03-31 16:09 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-31 16:09 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-31 16:09 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-31 16:09 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-31 16:09 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-31 16:09 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-31 16:09 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-31 16:09 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-31 16:07 - 2014-04-01 22:40 - 00000000 ____D () C:\Qoobox
2014-03-31 16:07 - 2014-03-31 17:24 - 00000000 ____D () C:\Windows\erdnt
2014-03-31 16:05 - 2014-03-31 16:05 - 00166454 _____ () C:\Users\Wayne\Desktop\TDSSKiller.3.0.0.26_31.03.2014_14.04.42_log.zip
2014-03-31 16:00 - 2014-03-31 16:00 - 05192353 ____R (Swearware) C:\Users\Wayne\Downloads\ComboFix.exe
2014-03-31 14:17 - 2014-03-31 14:17 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-31 13:48 - 2014-03-31 13:48 - 00000000 ____D () C:\Users\Wayne\Downloads\tdsskiller
2014-03-31 13:45 - 2014-03-31 13:45 - 04113320 _____ () C:\Users\Wayne\Downloads\tdsskiller.zip
2014-03-31 13:45 - 2014-03-31 13:45 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Wayne\Downloads\tdsskiller.exe
2014-03-31 11:43 - 2014-03-31 11:43 - 00015549 _____ () C:\Users\Wayne\Desktop\attach.txt
2014-03-31 11:43 - 2014-03-31 11:43 - 00014601 _____ () C:\Users\Wayne\Desktop\dds.txt
2014-03-31 11:39 - 2014-03-31 11:39 - 00688992 ____R (Swearware) C:\Users\Wayne\Downloads\dds.com
2014-03-30 23:50 - 2014-03-30 23:50 - 00001128 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-03-30 23:50 - 2014-03-30 23:50 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-03-30 23:49 - 2014-03-30 23:49 - 06088072 _____ (TeamViewer GmbH) C:\Users\Wayne\Downloads\TeamViewer_Setup_en.exe
2014-03-30 23:25 - 2014-03-30 23:25 - 00049448 _____ () C:\Users\Wayne\Desktop\SophosVirusRemovalTool.txt
2014-03-30 23:06 - 2014-03-30 23:06 - 00008747 _____ () C:\Users\Wayne\Desktop\hijackthis.txt
2014-03-30 21:39 - 2014-03-30 21:39 - 00000000 ____D () C:\Users\Wayne\Downloads\lspfix
2014-03-30 21:38 - 2014-03-30 21:38 - 00201030 _____ () C:\Users\Wayne\Downloads\lspfix.zip
2014-03-30 20:57 - 2014-03-30 20:57 - 00002975 _____ () C:\Users\Wayne\Desktop\HiJackThis.lnk
2014-03-30 20:57 - 2014-03-30 20:57 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-03-30 20:57 - 2014-03-30 20:57 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-03-30 20:52 - 2014-03-30 20:52 - 01402880 _____ () C:\Users\Wayne\Downloads\HijackThis.msi
2014-03-30 17:34 - 2014-03-30 20:57 - 00000000 ____D () C:\Users\Wayne\AppData\Local\VirtualStore
2014-03-30 15:52 - 2014-03-30 15:52 - 00003205 _____ () C:\Users\Wayne\Desktop\Sophos Virus Removal Tool.lnk
2014-03-30 15:52 - 2014-03-30 15:52 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-03-30 15:52 - 2014-03-30 15:52 - 00000000 ____D () C:\ProgramData\Sophos
2014-03-30 15:51 - 2014-03-30 15:51 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-03-30 15:50 - 2014-03-30 15:50 - 90072576 _____ (Sophos Limited) C:\Users\Wayne\Downloads\Sophos Virus Removal Tool.exe
2014-03-30 15:44 - 2014-03-30 15:44 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-30 15:44 - 2014-03-30 15:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-30 15:44 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-30 15:44 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-30 15:44 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-30 14:56 - 2014-03-30 14:56 - 04471880 _____ (AVG Technologies) C:\Users\Wayne\Downloads\avg_free_stb_all_2014_4354_cnet.exe
2014-03-30 14:34 - 2014-04-01 18:12 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 14:33 - 2014-03-30 14:33 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Wayne\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-30 14:33 - 2014-03-30 14:33 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\Macromedia
2014-03-30 14:33 - 2014-03-30 14:33 - 00000000 ____D () C:\Users\Wayne\AppData\Local\Macromedia
2014-03-30 14:33 - 2014-03-30 14:33 - 00000000 ____D () C:\Users\Wayne\AppData\Local\CrashDumps
2014-03-30 14:32 - 2014-03-31 19:57 - 00000000 ____D () C:\Users\Wayne\AppData\Local\Mozilla
2014-03-30 14:32 - 2014-03-30 14:32 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\Mozilla
2014-03-30 14:23 - 2014-03-30 14:23 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\Adobe
2014-03-30 14:20 - 2014-03-30 14:21 - 00000000 ____D () C:\Users\Wayne\AppData\Local\Avg2013
2014-03-30 14:20 - 2014-03-30 14:20 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\TuneUp Software
2014-03-30 14:19 - 2014-03-30 14:19 - 00000000 ____D () C:\Users\Wayne\AppData\Local\MFAData
2014-03-30 14:18 - 2014-03-30 14:18 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\Malwarebytes
2014-03-30 14:15 - 2014-03-31 01:12 - 00089304 _____ () C:\Users\Wayne\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-30 14:15 - 2014-03-30 14:15 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\ATI
2014-03-30 14:15 - 2014-03-30 14:15 - 00000000 ____D () C:\Users\Wayne\AppData\Local\ATI
2014-03-30 14:14 - 2014-03-30 15:45 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\Hewlett-Packard
2014-03-30 14:14 - 2014-03-30 14:14 - 00001415 _____ () C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-03-30 14:14 - 2014-03-30 14:14 - 00001409 _____ () C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-30 14:14 - 2014-03-30 14:14 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\Apple Computer
2014-03-30 14:14 - 2014-03-30 14:14 - 00000000 ____D () C:\Users\Wayne\AppData\Local\AOL
2014-03-30 14:13 - 2014-04-01 05:40 - 00000000 ____D () C:\Users\Wayne\AppData\Local\Hewlett-Packard
2014-03-30 14:13 - 2014-03-30 14:14 - 00000000 ___RD () C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-30 14:13 - 2014-03-30 14:14 - 00000000 ___RD () C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-25 10:22 - 2014-03-25 10:22 - 00002966 _____ () C:\Windows\System32\Tasks\{97267662-1DD8-48AB-8227-DFB57AAEEFDE}
2014-03-25 10:21 - 2014-03-25 10:21 - 00002966 _____ () C:\Windows\System32\Tasks\{3D4AEE9A-C594-401C-95BE-FD7CFC33CFD2}
2014-03-24 14:33 - 2014-03-31 21:39 - 00000072 _____ () C:\Windows\system32\ozoi.xda
2014-03-24 14:22 - 2014-03-24 14:22 - 00000064 _____ () C:\Windows\system32\sflwj.dey
2014-03-24 14:22 - 2014-03-24 14:22 - 00000000 _____ () C:\Windows\system32\uhkq.mtu
2014-03-24 14:06 - 2014-03-24 14:06 - 00230894 ____S () C:\Windows\system32\boxn.xod

==================== One Month Modified Files and Folders =======

2014-04-02 06:00 - 2014-04-02 06:00 - 00013984 _____ () C:\Users\Melanie\Desktop\FRST.txt
2014-04-02 06:00 - 2014-04-02 05:59 - 00000000 ____D () C:\FRST
2014-04-02 05:58 - 2014-04-02 05:59 - 02157056 _____ (Farbar) C:\Users\Melanie\Desktop\FRST64.exe
2014-04-02 05:58 - 2014-04-02 05:58 - 02157056 _____ (Farbar) C:\Users\Melanie\Downloads\FRST64.exe
2014-04-02 05:43 - 2012-11-12 19:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-02 05:38 - 2010-01-26 15:21 - 01592678 _____ () C:\Windows\WindowsUpdate.log
2014-04-02 00:36 - 2011-07-24 15:09 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForMelanie.job
2014-04-01 22:40 - 2014-04-01 22:40 - 00016174 _____ () C:\ComboFix.txt
2014-04-01 22:40 - 2014-03-31 16:07 - 00000000 ____D () C:\Qoobox
2014-04-01 22:38 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-01 21:58 - 2014-04-01 21:58 - 00000326 _____ () C:\Users\Melanie\Downloads\CFScript.txt
2014-04-01 20:25 - 2010-03-22 21:47 - 00000000 ____D () C:\Users\Melanie\AppData\Local\CrashDumps
2014-04-01 20:24 - 2014-04-01 20:24 - 00016261 _____ () C:\ComboFix_OLD.txt
2014-04-01 18:53 - 2014-04-01 18:53 - 00006985 _____ () C:\Users\Melanie\Desktop\attach.txt
2014-04-01 18:52 - 2014-04-01 18:53 - 00010801 _____ () C:\Users\Melanie\Desktop\dds.txt
2014-04-01 18:12 - 2014-03-30 14:34 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-01 17:28 - 2010-03-25 12:36 - 00000000 ____D () C:\Users\Melanie\AppData\Local\Mozilla
2014-04-01 17:10 - 2010-03-22 20:50 - 00000000 ___RD () C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-01 17:10 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-01 17:10 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-01 17:09 - 2010-03-22 20:49 - 00089304 _____ () C:\Users\Melanie\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-01 17:07 - 2009-07-14 01:13 - 00783620 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-01 17:03 - 2014-04-01 05:40 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForWayne.job
2014-04-01 17:03 - 2012-09-03 16:03 - 00015295 _____ () C:\Windows\setupact.log
2014-04-01 17:03 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-01 17:02 - 2012-09-11 10:59 - 00153536 _____ () C:\Windows\PFRO.log
2014-04-01 16:59 - 2014-04-01 16:59 - 00000385 _____ () C:\Users\Wayne\Desktop\ESET_Scan.txt
2014-04-01 12:19 - 2014-04-01 12:19 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-01 11:59 - 2014-04-01 11:59 - 02347384 _____ (ESET) C:\Users\Wayne\Downloads\esetsmartinstaller_enu.exe
2014-04-01 05:40 - 2014-04-01 05:40 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForWayne
2014-04-01 05:40 - 2014-03-30 14:13 - 00000000 ____D () C:\Users\Wayne\AppData\Local\Hewlett-Packard
2014-03-31 22:21 - 2014-03-31 22:21 - 00015077 _____ () C:\Users\Wayne\Desktop\AdwCleaner[s0].txt
2014-03-31 22:20 - 2012-07-10 09:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-31 22:19 - 2014-03-31 22:15 - 00000000 ____D () C:\AdwCleaner
2014-03-31 22:07 - 2014-03-31 22:07 - 00008160 _____ () C:\Users\Wayne\Desktop\JRT.txt
2014-03-31 21:56 - 2014-03-31 21:57 - 01950720 _____ () C:\Users\Wayne\Desktop\AdwCleaner.exe
2014-03-31 21:56 - 2014-03-31 21:56 - 01950720 _____ () C:\Users\Wayne\Downloads\AdwCleaner.exe
2014-03-31 21:56 - 2014-03-31 21:56 - 00000000 ____D () C:\Windows\ERUNT
2014-03-31 21:55 - 2014-03-31 21:55 - 01038974 _____ (Thisisu) C:\Users\Wayne\Downloads\JRT.exe
2014-03-31 21:55 - 2014-03-31 21:55 - 01038974 _____ (Thisisu) C:\Users\Wayne\Desktop\JRT.exe
2014-03-31 21:39 - 2014-03-24 14:33 - 00000072 _____ () C:\Windows\system32\ozoi.xda
2014-03-31 19:57 - 2014-03-30 14:32 - 00000000 ____D () C:\Users\Wayne\AppData\Local\Mozilla
2014-03-31 19:11 - 2014-03-31 19:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-31 17:26 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-03-31 17:24 - 2014-03-31 16:07 - 00000000 ____D () C:\Windows\erdnt
2014-03-31 17:08 - 2013-04-13 11:37 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-31 17:06 - 2014-03-31 17:06 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-03-31 16:05 - 2014-03-31 16:05 - 00166454 _____ () C:\Users\Wayne\Desktop\TDSSKiller.3.0.0.26_31.03.2014_14.04.42_log.zip
2014-03-31 16:00 - 2014-03-31 16:00 - 05192353 ____R (Swearware) C:\Users\Wayne\Downloads\ComboFix.exe
2014-03-31 14:17 - 2014-03-31 14:17 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-31 13:48 - 2014-03-31 13:48 - 00000000 ____D () C:\Users\Wayne\Downloads\tdsskiller
2014-03-31 13:45 - 2014-03-31 13:45 - 04113320 _____ () C:\Users\Wayne\Downloads\tdsskiller.zip
2014-03-31 13:45 - 2014-03-31 13:45 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Wayne\Downloads\tdsskiller.exe
2014-03-31 11:43 - 2014-03-31 11:43 - 00015549 _____ () C:\Users\Wayne\Desktop\attach.txt
2014-03-31 11:43 - 2014-03-31 11:43 - 00014601 _____ () C:\Users\Wayne\Desktop\dds.txt
2014-03-31 11:39 - 2014-03-31 11:39 - 00688992 ____R (Swearware) C:\Users\Wayne\Downloads\dds.com
2014-03-31 10:00 - 2010-03-22 23:24 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-03-31 01:12 - 2014-03-30 14:15 - 00089304 _____ () C:\Users\Wayne\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-31 01:10 - 2009-07-14 00:45 - 00349416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-30 23:50 - 2014-03-30 23:50 - 00001128 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-03-30 23:50 - 2014-03-30 23:50 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-03-30 23:49 - 2014-03-30 23:49 - 06088072 _____ (TeamViewer GmbH) C:\Users\Wayne\Downloads\TeamViewer_Setup_en.exe
2014-03-30 23:49 - 2012-03-09 12:13 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-03-30 23:49 - 2012-03-09 12:13 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-03-30 23:25 - 2014-03-30 23:25 - 00049448 _____ () C:\Users\Wayne\Desktop\SophosVirusRemovalTool.txt
2014-03-30 23:06 - 2014-03-30 23:06 - 00008747 _____ () C:\Users\Wayne\Desktop\hijackthis.txt
2014-03-30 21:39 - 2014-03-30 21:39 - 00000000 ____D () C:\Users\Wayne\Downloads\lspfix
2014-03-30 21:38 - 2014-03-30 21:38 - 00201030 _____ () C:\Users\Wayne\Downloads\lspfix.zip
2014-03-30 20:57 - 2014-03-30 20:57 - 00002975 _____ () C:\Users\Wayne\Desktop\HiJackThis.lnk
2014-03-30 20:57 - 2014-03-30 20:57 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-03-30 20:57 - 2014-03-30 20:57 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-03-30 20:57 - 2014-03-30 17:34 - 00000000 ____D () C:\Users\Wayne\AppData\Local\VirtualStore
2014-03-30 20:52 - 2014-03-30 20:52 - 01402880 _____ () C:\Users\Wayne\Downloads\HijackThis.msi
2014-03-30 15:52 - 2014-03-30 15:52 - 00003205 _____ () C:\Users\Wayne\Desktop\Sophos Virus Removal Tool.lnk
2014-03-30 15:52 - 2014-03-30 15:52 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-03-30 15:52 - 2014-03-30 15:52 - 00000000 ____D () C:\ProgramData\Sophos
2014-03-30 15:51 - 2014-03-30 15:51 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-03-30 15:50 - 2014-03-30 15:50 - 90072576 _____ (Sophos Limited) C:\Users\Wayne\Downloads\Sophos Virus Removal Tool.exe
2014-03-30 15:45 - 2014-03-30 14:14 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\Hewlett-Packard
2014-03-30 15:44 - 2014-03-30 15:44 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-30 15:44 - 2014-03-30 15:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-30 15:27 - 2010-03-23 22:31 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\WinBatch
2014-03-30 15:27 - 2010-03-23 09:37 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\AOL
2014-03-30 14:56 - 2014-03-30 14:56 - 04471880 _____ (AVG Technologies) C:\Users\Wayne\Downloads\avg_free_stb_all_2014_4354_cnet.exe
2014-03-30 14:33 - 2014-03-30 14:33 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Wayne\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-30 14:33 - 2014-03-30 14:33 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\Macromedia
2014-03-30 14:33 - 2014-03-30 14:33 - 00000000 ____D () C:\Users\Wayne\AppData\Local\Macromedia
2014-03-30 14:33 - 2014-03-30 14:33 - 00000000 ____D () C:\Users\Wayne\AppData\Local\CrashDumps
2014-03-30 14:33 - 2013-07-04 14:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-30 14:32 - 2014-03-30 14:32 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\Mozilla
2014-03-30 14:25 - 2012-06-29 11:25 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-30 14:23 - 2014-03-30 14:23 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\Adobe
2014-03-30 14:21 - 2014-03-30 14:20 - 00000000 ____D () C:\Users\Wayne\AppData\Local\Avg2013
2014-03-30 14:20 - 2014-03-30 14:20 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\TuneUp Software
2014-03-30 14:19 - 2014-03-30 14:19 - 00000000 ____D () C:\Users\Wayne\AppData\Local\MFAData
2014-03-30 14:18 - 2014-03-30 14:18 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\Malwarebytes
2014-03-30 14:15 - 2014-03-30 14:15 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\ATI
2014-03-30 14:15 - 2014-03-30 14:15 - 00000000 ____D () C:\Users\Wayne\AppData\Local\ATI
2014-03-30 14:14 - 2014-03-30 14:14 - 00001415 _____ () C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-03-30 14:14 - 2014-03-30 14:14 - 00001409 _____ () C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-30 14:14 - 2014-03-30 14:14 - 00000000 ____D () C:\Users\Wayne\AppData\Roaming\Apple Computer
2014-03-30 14:14 - 2014-03-30 14:14 - 00000000 ____D () C:\Users\Wayne\AppData\Local\AOL
2014-03-30 14:14 - 2014-03-30 14:13 - 00000000 ___RD () C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-30 14:14 - 2014-03-30 14:13 - 00000000 ___RD () C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-30 14:13 - 2012-03-09 12:21 - 00000000 ____D () C:\Users\Wayne
2014-03-30 12:17 - 2013-03-14 06:49 - 00000055 _____ () C:\Users\Melanie\AppData\Roaming\mbam.context.scan
2014-03-25 10:22 - 2014-03-25 10:22 - 00002966 _____ () C:\Windows\System32\Tasks\{97267662-1DD8-48AB-8227-DFB57AAEEFDE}
2014-03-25 10:21 - 2014-03-25 10:21 - 00002966 _____ () C:\Windows\System32\Tasks\{3D4AEE9A-C594-401C-95BE-FD7CFC33CFD2}
2014-03-24 23:46 - 2010-03-22 20:41 - 00000000 ____D () C:\Users\Melanie
2014-03-24 23:46 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-03-24 23:44 - 2011-02-22 20:45 - 00000000 ____D () C:\Program Files (x86)\AOL Desktop 9.6
2014-03-24 23:44 - 2009-07-14 03:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-24 23:44 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-03-24 14:22 - 2014-03-24 14:22 - 00000064 _____ () C:\Windows\system32\sflwj.dey
2014-03-24 14:22 - 2014-03-24 14:22 - 00000000 _____ () C:\Windows\system32\uhkq.mtu
2014-03-24 14:06 - 2014-03-24 14:06 - 00230894 ____S () C:\Windows\system32\boxn.xod
2014-03-19 20:25 - 2013-02-05 22:57 - 00000000 ____D () C:\Users\Melanie\AppData\Local\DictionaryBoss
2014-03-19 20:21 - 2012-09-08 13:50 - 00000000 ____D () C:\Users\Melanie\AppData\Local\CelebSauce
2014-03-17 16:01 - 2014-01-30 20:07 - 00011862 _____ () C:\Users\Melanie\Documents\Walgreens credit sheet.xlr
2014-03-17 16:01 - 2014-01-10 16:24 - 00017750 _____ () C:\Users\Melanie\Documents\Wd0000022.wps
2014-03-17 16:01 - 2013-06-12 17:17 - 00000000 ____D () C:\Users\Melanie\Downloads\Careers Center - Wellness Ambassador_files
2014-03-17 16:01 - 2012-10-19 19:40 - 00000000 ____D () C:\Users\Melanie\Documents\Trail camera pic
2014-03-17 16:01 - 2012-10-19 19:39 - 06597462 _____ () C:\Users\Melanie\Documents\SUNP0029.zip
2014-03-17 16:01 - 2012-08-16 22:59 - 00000000 ____D () C:\Users\Melanie\Documents\to type letter JSC letterhead
2014-03-17 16:01 - 2011-10-31 10:15 - 00000000 ____D () C:\Users\Melanie\Documents\Slide3
2014-03-17 16:01 - 2011-09-11 20:36 - 00000000 ____D () C:\Users\Melanie\Downloads\Morrisville Kitchen makeover
2014-03-17 16:01 - 2011-09-11 20:22 - 00000000 ____D () C:\Users\Melanie\Downloads\Morrisville Bathroom redue
2014-03-17 16:00 - 2014-02-21 16:40 - 00299606 _____ () C:\Users\Melanie\Documents\LiveDatabaseArea.zip
2014-03-17 16:00 - 2014-02-21 16:40 - 00000000 ____D () C:\Users\Melanie\Documents\LiveDatabaseArea
2014-03-17 16:00 - 2014-01-28 20:32 - 00014166 _____ () C:\Users\Melanie\Documents\Bills resume 2013.wps
2014-03-17 16:00 - 2014-01-15 12:39 - 00010326 _____ () C:\Users\Melanie\Documents\michaels address.wps
2014-03-17 16:00 - 2013-01-20 14:54 - 00011350 _____ () C:\Users\Melanie\Documents\Channel list for Fios.wps
2014-03-17 16:00 - 2012-12-25 20:59 - 05112406 _____ () C:\Users\Melanie\Documents\Christmas at the Sweeneys 2012.zip
2014-03-17 16:00 - 2012-12-25 20:59 - 00000000 ____D () C:\Users\Melanie\Documents\IMG_0382
2014-03-17 16:00 - 2012-12-01 13:47 - 00010838 _____ () C:\Users\Melanie\Documents\michaels sayings.wps
2014-03-17 16:00 - 2012-05-20 06:13 - 01364054 _____ () C:\Users\Melanie\Documents\DSC00005.zip
2014-03-17 16:00 - 2012-02-06 20:17 - 00052566 _____ () C:\Users\Melanie\Documents\New est template for 2012.wps
2014-03-17 16:00 - 2011-10-17 07:24 - 00000000 ____D () C:\Users\Melanie\Documents\MELS STUFF
2014-03-17 16:00 - 2011-10-15 13:24 - 00020054 _____ () C:\Users\Melanie\Documents\2011 2012 Books for JSC.xlr
2014-03-17 16:00 - 2011-10-01 15:35 - 00012630 _____ () C:\Users\Melanie\Documents\JSC Flyer.wps
2014-03-17 16:00 - 2011-08-12 13:23 - 02341462 _____ () C:\Users\Melanie\Documents\ALReportFormInstructions.zip
2014-03-17 16:00 - 2011-08-12 13:23 - 00000000 ____D () C:\Users\Melanie\Documents\Angies List Review Form
2014-03-17 16:00 - 2011-04-16 14:29 - 00016214 _____ () C:\Users\Melanie\Documents\Jones and Sons Letter for angies list.wps
2014-03-17 16:00 - 2010-03-23 09:58 - 00024918 _____ () C:\Users\Melanie\Documents\Estimates for 2011.wps
2014-03-17 15:58 - 2014-02-27 21:21 - 00000000 ____D () C:\Users\Melanie\AppData\Local\AZFworks
2014-03-17 15:58 - 2012-06-08 19:14 - 00000000 ____D () C:\ProgramData\{80E49840-FEC9-4009-B2F2-83DD9B68A990}
2014-03-17 15:57 - 2011-06-03 17:00 - 00000000 ____D () C:\ProgramData\Recovery
2014-03-17 15:52 - 2011-10-29 14:47 - 00000000 ____D () C:\Program Files (x86)\Stamps.com Internet Postage
2014-03-17 15:51 - 2012-07-27 08:49 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-17 15:51 - 2009-11-13 02:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-03-17 15:48 - 2010-08-23 20:08 - 00000000 ____D () C:\Program Files (x86)\Lexmark 2600 Series
2014-03-17 15:46 - 2012-07-27 08:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-17 15:44 - 2009-11-13 01:33 - 00000000 ____D () C:\Program Files (x86)\hp
2014-03-17 15:26 - 2011-10-01 12:22 - 00000000 ____D () C:\Program Files (x86)\Easy Flyer Creator 3.0
2014-03-17 15:02 - 2009-11-13 01:35 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-03-17 15:01 - 2010-03-23 09:35 - 00000000 ____D () C:\Program Files (x86)\AOL 9.5
2014-03-17 15:00 - 2009-11-13 01:58 - 00000000 ____D () C:\Program Files\PC-Doctor for Windows
2014-03-17 14:58 - 2012-07-27 08:53 - 00000000 ____D () C:\Program Files\iPod
2014-03-16 17:54 - 2011-10-30 21:47 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-16 17:54 - 2010-05-12 09:30 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-03-14 18:36 - 2011-07-24 15:09 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMelanie
2014-03-12 04:43 - 2012-11-12 19:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 04:43 - 2012-11-12 19:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 04:43 - 2011-06-03 17:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-06 19:28 - 2010-03-23 22:31 - 00000854 _____ () C:\FINIS_IT.TXT
2014-03-06 13:51 - 2010-03-22 20:56 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Adobe
2014-03-05 09:26 - 2014-03-30 15:44 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-30 15:44 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-30 15:44 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-03 01:22 - 2013-04-13 11:56 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys

Alureon:
C:\Users\Melanie\AppData\Local\Temp\sbbsapw\ssnvdpb\wow.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-31 02:42

==================== End Of Log ============================

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Melanie at 2014-04-02 06:00:41
Running from C:\Users\Melanie\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader 9.4.6 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.6 - Adobe Systems Incorporated)
AMD USB Filter Driver (x32 Version: 1.0.11.86 - Advanced Micro Devices, Inc.) Hidden
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{EFAE7CBC-804C-6E01-ABD2-EB2127C23D4E}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0729.2227.38498 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help English (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help French (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help German (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
ccc-utility64 (Version: 2009.0729.2227.38498 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2115 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
Easy Flyer Creator 3.0 (HKLM-x32\...\{B07CB2BA-819B-41C5-BBE0-484A4C23972E}) (Version: 3.0.0 - Peridot Technologies)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 3.1.3317 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3601 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 3.1.3601 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.2219 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 3.1.2219 - Hewlett-Packard) Hidden
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Product Detection (HKLM-x32\...\{ACAA0152-96A4-4D93-92F5-1B4728C3D984}) (Version: 11.15.0008 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Remote Solution (x32 Version: 1.1.11.0 - Hewlett-Packard) Hidden
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
Lexmark 2600 Series (HKLM\...\Lexmark 2600 Series) (Version: - Lexmark International, Inc.)
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
LogMeIn (HKLM-x32\...\{2BFDA78F-39F7-4537-9995-71424CFA88BB}) (Version: 4.1.2138 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL Inc.) Hidden
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL LLC) Hidden
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MotoHelper 2.0.40 Driver 4.8.0 (HKLM-x32\...\MotoHelper) (Version: 2.0.40 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 4.8.0 (Version: 4.8.0 - Motorola Inc.) Hidden
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3405 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3405 - CyberLink Corp.) Hidden
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5932 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.4 - Sophos Limited)
Stamps.com (HKLM-x32\...\Stamps.com) (Version: - Stamps.com, Inc.)
Stamps.com (x32 Version: 9.5.4.2264 - Stamps.com, Inc.) Hidden
Stamps.com Address Book Support for Common Harmony (x32 Version: 6.2.0.1488 - Stamps.com, Inc.) Hidden
Stamps.com Address Book Support for Outlook Express, Works, IE (x32 Version: 6.2.0.1488 - Stamps.com, Inc.) Hidden
Stamps.com support for Harmony (HKLM-x32\...\Stamps.com support for Harmony) (Version: - Stamps.com, Inc.)
Stamps.com support for Outlook Express, Works, IE (HKLM-x32\...\Stamps.com support for Outlook Express, Works, IE) (Version: - Stamps.com, Inc.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27339 - TeamViewer)
Uninstall AOL Emergency Connect Utility 1.0 (HKLM-x32\...\AOL Emergency Connect Utility 1.0) (Version: - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.14 - WildTangent)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...