masterrwong

Trojan.Dropper.BCminer

22 posts in this topic

Yup, stupid me, got infected. Google search with random ads. opening and redirect.

I use Win7 and FireFox. Google

Thanks for the help in advance. Read other posts and I must say I am impress with all the helpers.

So there it goes, my DDS logs:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Royce at 23:09:49 on 2012-06-19

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3959.1581 [GMT -7:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

C:\Program Files (x86)\KeePass Password Safe\KeePass.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\taskmgr.exe

C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.babylon.com/?affID=109935&tt=050412_30b&babsrc=HP_ss&mntrId=7c4e86d40000000000005cac4cf14fbe

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: PlayBryte BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

BHO: ActiveMail: {ef7aed5f-0c26-4820-a570-7da8b6d93f4a} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll

TB: {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No File

uRun: [KeePass Password Safe] "C:\Program Files (x86)\KeePass Password Safe\KeePass.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

StartupFolder: C:\Users\Royce\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.15.1

TCP: Interfaces\{D4B29D2F-B4AA-4CA0-8692-AB7ABDF32400} : DhcpNameServer = 192.168.15.1

TCP: Interfaces\{D4B29D2F-B4AA-4CA0-8692-AB7ABDF32400}\56078656D6562716C6D27657563747 : DhcpNameServer = 192.168.3.1

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll

BHO-X64: Babylon toolbar helper - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: PlayBryte BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

BHO-X64: ActiveMail: {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO.dll

BHO-X64: ActiveMail - No File

TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll

TB-X64: {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=050412_30b

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 7c4e86d40000000000005cac4cf14fbe

FF - user.js: extensions.BabylonToolbar_i.hardId - 7c4e86d40000000000005cac4cf14fbe

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15445

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:02:26

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-10-26 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-26 13336]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-18 654408]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-10-26 689472]

R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-6-2 1019328]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-26 2320920]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]

R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-2 257224]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== Created Last 30 ================

.

2012-06-20 05:12:34 110080 ----a-r- C:\Users\Royce\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconF7A21AF7.exe

2012-06-20 05:12:34 110080 ----a-r- C:\Users\Royce\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconD7F16134.exe

2012-06-20 05:12:34 110080 ----a-r- C:\Users\Royce\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\Icon1226A4C5.exe

2012-06-20 05:12:33 -------- d-----w- C:\sh4ldr

2012-06-20 05:12:33 -------- d-----w- C:\Program Files\Enigma Software Group

2012-06-20 05:11:34 -------- d-----w- C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP

2012-06-20 05:11:32 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2012-06-20 04:41:10 -------- d-----w- C:\Users\Royce\AppData\Local\Macromedia

2012-06-20 04:40:56 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2012-06-20 04:40:56 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

2012-06-20 04:11:49 -------- d-----w- C:\Users\Royce\AppData\Roaming\Malwarebytes

2012-06-20 04:01:17 -------- d-----w- C:\ProgramData\ActivePath

2012-06-20 04:01:05 -------- d-----w- C:\Program Files (x86)\Giant Savings

2012-06-20 04:00:27 -------- d-----w- C:\Program Files (x86)\Playbryte

2012-06-19 05:02:31 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-19 05:02:31 -------- d-----w- C:\ProgramData\Malwarebytes

2012-06-19 05:02:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-19 04:30:56 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-19 04:30:35 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-19 04:30:20 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-19 04:30:20 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-15 15:56:05 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-06-15 15:56:03 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-06-15 15:55:59 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-06-15 15:55:58 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-06-15 15:55:57 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-06-15 15:55:57 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-06-15 15:55:57 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-06-15 15:55:57 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-06-15 15:55:04 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-06-15 15:55:04 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-06-15 15:55:04 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-06-15 15:55:03 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-06-15 15:54:57 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-06-15 15:54:56 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-06-15 15:54:52 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-06-15 15:54:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-06-15 15:54:30 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-06-10 05:08:39 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-06-02 22:31:18 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-02 04:26:51 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B999A0D3-D8B3-428E-A732-D381D0F0A327}\mpengine.dll

2012-05-27 04:12:44 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-05-27 04:12:44 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll

2012-05-27 04:12:44 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2012-05-27 04:12:15 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2012-05-27 04:12:15 -------- d-----w- C:\Program Files\iTunes

2012-05-27 04:12:15 -------- d-----w- C:\Program Files\iPod

2012-05-27 04:12:15 -------- d-----w- C:\Program Files (x86)\iTunes

2012-05-27 04:10:51 -------- d-----w- C:\Program Files\Bonjour

2012-05-27 04:10:51 -------- d-----w- C:\Program Files (x86)\Bonjour

.

==================== Find3M ====================

.

2012-06-20 04:12:15 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-03-26 21:24:46 892928 ----a-w- C:\Windows\SysWow64\iconv.dll

2012-03-26 21:24:44 675840 ----a-w- C:\Windows\SysWow64\ac3filter.ax

2012-03-26 21:24:44 496640 ----a-w- C:\Windows\SysWow64\xvid.ax

.

============= FINISH: 23:10:15.14 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 3/10/2011 2:12:31 PM

System Uptime: 6/19/2012 9:32:32 PM (2 hours ago)

.

Motherboard: Dell Inc. | | 0G62V9

Processor: Intel® Core i3 CPU M 370 @ 2.40GHz | CPU 1 | 909/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 343.477 GiB free.

D: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&1292\9&2D793958&0&34159EA00887_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&1292\9&2D793958&0&34159EA00887_C00000000

Service:

.

==== System Restore Points ===================

.

RP75: 5/18/2012 9:18:26 PM - Windows Update

RP76: 5/19/2012 3:00:51 AM - Windows Update

RP77: 5/22/2012 9:14:08 PM - Windows Update

RP78: 5/26/2012 9:11:26 PM - Installed iTunes

RP79: 5/29/2012 9:34:14 PM - Windows Update

RP80: 6/11/2012 3:01:04 AM - Windows Update

RP81: 6/16/2012 3:00:46 AM - Windows Update

RP82: 6/18/2012 9:29:52 PM - Windows Update

RP83: 6/19/2012 10:11:40 PM - Installed SpyHunter

.

==== Installed Programs ======================

.

ActiveMail

Adobe Flash Player 11 Plugin

Adobe Photoshop Elements 8.0

Adobe Reader 9.1

Advanced Audio FX Engine

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Software Update

Babylon toolbar on IE

BabylonObjectInstaller

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

ConverterLite 1.5.0

Cozi

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Dock

Dell Getting Started Guide

Dell Support Center (Support Software)

Dell Webcam Central

Giant Savings

GoToAssist 8.0.0.514

Intel® Control Center

Intel® Management Engine Components

Intel® Rapid Storage Technology

iSEEK AnswerWorks English Runtime

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

KeePass Password Safe 1.18

Live! Cam Avatar Creator

Malwarebytes Anti-Malware version 1.61.0.1400

McAfee Security Scan Plus

Microsoft Choice Guard

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Mozilla Firefox 11.0 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

PlayBryte

Quicken 2011

Quicken 2012

Roxio Burn

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Skype Toolbars

Skype™ 4.2

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

WildTangent Games

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

.

==== Event Viewer Messages From Past Week ========

.

6/19/2012 9:34:42 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

6/19/2012 9:34:42 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

6/19/2012 9:33:30 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

6/19/2012 9:33:29 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

6/19/2012 9:33:25 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

6/17/2012 4:30:40 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Hello masterrwong and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Everything will be fine, don't worry. :)

Step 1

Please uninstall the following applications:

Babylon toolbar on IE

BabylonObjectInstaller

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Share this post


Link to post
Share on other sites

Thanks for the response. Here are the logs from OTL.

OTL logfile created on: 6/20/2012 8:52:07 PM - Run 1

OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Royce\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 53.43% Memory free

7.73 Gb Paging File | 5.42 Gb Available in Paging File | 70.12% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 451.01 Gb Total Space | 343.31 Gb Free Space | 76.12% Space Free | Partition Type: NTFS

Drive D: | 1023.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HAYDEN-PC | User Name: Royce | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/20 20:50:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Royce\Desktop\OTL.exe

PRC - [2012/06/19 21:40:56 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012/06/19 21:12:15 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2010/09/01 10:21:44 | 000,787,456 | ---- | M] (Dominik Reichl) -- C:\Program Files (x86)\KeePass Password Safe\KeePass.exe

PRC - [2010/08/20 16:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

PRC - [2010/08/11 16:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

PRC - [2010/06/08 08:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/06/08 08:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/03/03 12:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/03/03 12:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/02/09 11:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009/12/29 12:19:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

PRC - [2009/10/15 01:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe

PRC - [2009/10/15 01:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

PRC - [2009/09/18 02:54:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

PRC - [2009/07/13 18:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE

PRC - [2009/06/24 14:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

PRC - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

PRC - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/19 21:40:56 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2012/06/19 21:12:15 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll

MOD - [2012/06/16 03:35:04 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll

MOD - [2012/06/16 03:34:32 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012/06/16 03:34:24 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012/05/19 03:40:45 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll

MOD - [2012/05/19 03:40:44 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\06269663e6482bc4ceeb48c2a7d1ad34\IAStorUtil.ni.dll

MOD - [2012/05/19 03:30:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll

MOD - [2012/05/19 03:29:37 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll

MOD - [2012/05/19 03:29:32 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a1a2e47980512815b030fce9a53cc4c8\System.Xml.ni.dll

MOD - [2012/05/19 03:29:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012/05/19 03:29:27 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/19 03:29:17 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/11/20 05:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL

MOD - [2010/11/20 05:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll

MOD - [2010/08/11 16:19:34 | 000,077,024 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll

MOD - [2010/08/11 16:19:32 | 000,109,792 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll

MOD - [2010/08/11 16:19:32 | 000,072,928 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll

MOD - [2010/08/11 16:19:30 | 000,232,672 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll

MOD - [2010/08/11 16:19:30 | 000,126,176 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll

MOD - [2010/08/11 16:19:30 | 000,119,008 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll

MOD - [2010/08/11 16:19:26 | 001,121,504 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll

MOD - [2010/08/11 16:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

MOD - [2010/02/09 11:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

MOD - [2010/02/09 11:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll

MOD - [2010/02/09 11:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll

MOD - [2010/02/09 11:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll

MOD - [2010/02/09 11:34:00 | 000,058,688 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll

MOD - [2010/02/09 11:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll

MOD - [2009/10/15 01:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe

MOD - [2009/10/15 01:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

MOD - [2009/10/15 01:10:16 | 000,588,272 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll

MOD - [2009/09/27 22:52:34 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/06/02 14:59:36 | 001,019,328 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)

SRV:64bit: - [2010/06/17 22:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)

SRV:64bit: - [2010/06/01 23:30:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/02/02 23:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)

SRV:64bit: - [2009/12/29 12:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV:64bit: - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)

SRV - [2012/06/19 21:12:15 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2010/10/26 01:42:49 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/10/26 01:32:29 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2010/08/20 16:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)

SRV - [2010/06/08 08:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/03 12:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2010/03/03 12:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/09/18 02:54:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/05 17:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/02 18:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)

DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/06/17 22:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2010/06/08 08:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/06/01 23:50:28 | 006,857,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2010/06/01 23:50:28 | 006,857,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/06/01 22:42:48 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/05/06 06:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2010/03/30 12:58:06 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2010/03/30 12:58:06 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2010/03/30 12:58:06 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)

DRV:64bit: - [2010/03/30 12:58:06 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2010/03/30 12:58:06 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2010/03/17 14:44:44 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/03/17 14:41:48 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/03/17 14:29:52 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/02/02 23:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)

DRV:64bit: - [2010/02/02 23:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)

DRV:64bit: - [2010/02/02 23:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2009/09/17 10:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/09 01:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/06/15 11:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)

DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2318586025-2754874566-3958745835-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=109935&tt=050412_30b&babsrc=HP_ss&mntrId=7c4e86d40000000000005cac4cf14fbe

IE - HKU\S-1-5-21-2318586025-2754874566-3958745835-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-2318586025-2754874566-3958745835-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109935&tt=050412_30b&babsrc=SP_ss&mntrId=7c4e86d40000000000005cac4cf14fbe

IE - HKU\S-1-5-21-2318586025-2754874566-3958745835-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.7

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/19 21:40:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/20 18:58:38 | 000,000,000 | ---D | M]

[2011/03/15 22:54:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Royce\AppData\Roaming\Mozilla\Extensions

[2012/06/19 22:24:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions

[2012/06/19 22:24:11 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp2258@crossrider.com

[2012/06/19 21:01:06 | 000,000,000 | ---D | M] ("Giant Savings") -- C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp4479@crossrider.com

[2012/02/20 18:58:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/06/19 21:40:56 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/02/16 22:17:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012/06/19 21:01:03 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2012/02/16 03:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/02/16 03:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (ActiveMail) - {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO64.dll (ActivePath Ltd.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (ActiveMail) - {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO.dll (ActivePath Ltd.)

O3 - HKLM\..\Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No CLSID value found.

O4:64bit: - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)

O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2318586025-2754874566-3958745835-1003..\Run: [KeePass Password Safe] C:\Program Files (x86)\KeePass Password Safe\KeePass.exe (Dominik Reichl)

O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\Hayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found

O4 - Startup: C:\Users\Royce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4B29D2F-B4AA-4CA0-8692-AB7ABDF32400}: DhcpNameServer = 192.168.15.1

O18:64bit: - Protocol\Handler\cozi - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/20 20:50:12 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Royce\Desktop\OTL.exe

[2012/06/19 23:08:31 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Royce\Desktop\dds.com

[2012/06/19 22:12:34 | 000,000,000 | ---D | C] -- C:\Users\Royce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter

[2012/06/19 22:12:33 | 000,000,000 | ---D | C] -- C:\sh4ldr

[2012/06/19 22:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2012/06/19 22:11:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

[2012/06/19 21:41:10 | 000,000,000 | ---D | C] -- C:\Users\Royce\AppData\Local\Macromedia

[2012/06/19 21:11:49 | 000,000,000 | ---D | C] -- C:\Users\Royce\AppData\Roaming\Malwarebytes

[2012/06/19 21:11:33 | 000,000,000 | ---D | C] -- C:\Users\Royce\AppData\Roaming\dvdcss

[2012/06/19 21:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\ActivePath

[2012/06/19 21:01:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Giant Savings

[2012/06/19 21:00:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Playbryte

[2012/06/18 22:02:31 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/06/18 22:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/06/18 22:02:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/06/18 22:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/06/11 09:52:23 | 000,000,000 | ---D | C] -- C:\Users\Royce\AppData\Roaming\Apple Computer

[2012/05/26 21:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/05/26 21:12:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE

[2012/05/26 21:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/05/26 21:12:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2012/05/26 21:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/05/26 21:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2012/05/26 21:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

[2012/05/26 21:11:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2012/05/26 21:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2012/05/26 21:10:51 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2012/05/26 21:10:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2012/05/26 21:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple

[2012/05/26 21:10:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/20 20:50:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Royce\Desktop\OTL.exe

[2012/06/20 20:49:03 | 000,000,025 | ---- | M] () -- C:\Users\Royce\Documents\KeePass Work Database.kdb.lock

[2012/06/20 20:44:55 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/06/20 20:44:55 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\ActiveMail Updater.job

[2012/06/20 20:44:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/06/19 23:08:31 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Royce\Desktop\dds.com

[2012/06/19 22:12:34 | 000,002,260 | ---- | M] () -- C:\Users\Royce\Desktop\SpyHunter.lnk

[2012/06/19 21:40:59 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/19 21:40:59 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/19 21:40:50 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/06/19 21:40:50 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/06/19 21:40:50 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/06/19 21:32:45 | 3113,234,432 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/19 21:02:26 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\ConverterLite.lnk

[2012/06/19 21:01:18 | 000,000,501 | ---- | M] () -- C:\user.js

[2012/06/18 22:02:31 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/16 03:31:13 | 000,271,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/05/31 11:06:16 | 000,435,388 | ---- | M] () -- C:\Users\Royce\Documents\KeePass Work Database.kdb

[2012/05/26 21:12:46 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/19 22:51:24 | 000,000,025 | ---- | C] () -- C:\Users\Royce\Documents\KeePass Work Database.kdb.lock

[2012/06/19 22:12:34 | 000,002,260 | ---- | C] () -- C:\Users\Royce\Desktop\SpyHunter.lnk

[2012/06/19 21:38:11 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000008.@

[2012/06/19 21:01:19 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\ActiveMail Updater.job

[2012/06/18 22:02:31 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/02 15:31:19 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/06/02 15:30:58 | 000,093,696 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000032.@

[2012/06/02 15:30:57 | 000,076,800 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000064.@

[2012/06/02 15:30:57 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\00000004.@

[2012/06/02 15:30:52 | 000,001,584 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\000000cb.@

[2012/06/02 15:30:49 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000000.@

[2012/06/02 15:30:48 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000004.@

[2012/05/26 21:12:46 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/05/26 21:11:22 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

[2012/01/10 22:12:37 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@

[2012/01/10 22:12:37 | 000,002,048 | -HS- | C] () -- C:\Users\Royce\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@

[2011/11/09 20:26:02 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI

[2011/04/29 18:17:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011/03/10 15:18:13 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/10/26 03:28:55 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2010/10/26 03:26:00 | 000,000,325 | ---- | C] () -- C:\Windows\Prelaunch.ini

[2010/10/26 03:26:00 | 000,000,271 | ---- | C] () -- C:\Windows\WisPriority.ini

[2010/10/26 03:26:00 | 000,000,035 | ---- | C] () -- C:\Windows\DELL_LANGCODE.ini

[2010/10/26 03:26:00 | 000,000,033 | ---- | C] () -- C:\Windows\DELL_OSTYPE.ini

[2010/10/26 03:26:00 | 000,000,032 | ---- | C] () -- C:\Windows\WisHWDest.ini

[2010/10/26 03:26:00 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini

[2010/10/26 03:26:00 | 000,000,023 | ---- | C] () -- C:\Windows\WisSysInfo.ini

[2010/10/26 01:39:50 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin

[2010/10/26 00:43:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2012/06/19 21:00:36 | 000,000,000 | ---D | M] -- C:\Users\Hayden\AppData\Roaming\Babylon

[2012/06/19 21:01:37 | 000,000,000 | ---D | M] -- C:\Users\Hayden\AppData\Roaming\BabylonToolbar

[2012/06/19 21:08:18 | 000,000,000 | ---D | M] -- C:\Users\Hayden\AppData\Roaming\ConverterLite

[2011/03/16 10:47:24 | 000,000,000 | ---D | M] -- C:\Users\Hayden\AppData\Roaming\KeePass

[2012/04/15 12:04:05 | 000,000,000 | ---D | M] -- C:\Users\Hayden\AppData\Roaming\SoftGrid Client

[2011/03/10 15:19:01 | 000,000,000 | ---D | M] -- C:\Users\Hayden\AppData\Roaming\TP

[2012/04/15 11:01:56 | 000,000,000 | ---D | M] -- C:\Users\Royce\AppData\Roaming\Babylon

[2012/06/19 21:24:50 | 000,000,000 | ---D | M] -- C:\Users\Royce\AppData\Roaming\ConverterLite

[2011/07/31 11:49:31 | 000,000,000 | ---D | M] -- C:\Users\Royce\AppData\Roaming\KeePass

[2011/10/22 10:08:31 | 000,000,000 | ---D | M] -- C:\Users\Royce\AppData\Roaming\Windows Live Writer

[2012/04/15 10:54:29 | 000,000,000 | ---D | M] -- C:\Users\Royce\AppData\Roaming\Wondershare Video Converter Platinum

[2012/06/20 20:44:55 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\ActiveMail Updater.job

[2009/07/13 22:08:49 | 000,018,296 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 6/20/2012 8:52:15 PM - Run 1

OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Royce\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 53.43% Memory free

7.73 Gb Paging File | 5.42 Gb Available in Paging File | 70.12% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 451.01 Gb Total Space | 343.31 Gb Free Space | 76.12% Space Free | Partition Type: NTFS

Drive D: | 1023.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HAYDEN-PC | User Name: Royce | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2318586025-2754874566-3958745835-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htafile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htafile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0B591597-EE32-F353-ECAA-FB4F58474691}" = ATI AVIVO64 Codecs

"{18F97AF0-4F88-4494-AFE2-5A5702E142CC}" = SpyHunter

"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java 6 Update 20 (64-bit)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64

"{8F59A8AC-1D7B-8578-38F7-8F5166FA8580}" = ccc-utility64

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock

"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes

"{EF5745D9-C0A7-4D40-2900-AD093F232827}" = ATI Catalyst Install Manager

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"AF09E130E2FD4D1BEFD1B9132AE624BAE0364719" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501)

"DW WLAN Card Utility" = DW WLAN Card Utility

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012

"{0E42A955-54D0-49CB-9ABA-78B506F88436}" = ActiveMail

"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup

"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0

"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime

"{1B2BDFB3-3786-A62F-F498-83F9EE3FBD0F}" = CCC Help Japanese

"{20068980-5702-5CA7-F335-6592852F7F59}" = CCC Help Italian

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

"{3D6F16CA-13B8-6425-A71A-B91DB3E14F51}" = CCC Help Danish

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4DE43CB4-9FB5-82E1-780C-9D38E2F1391E}" = CCC Help Dutch

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{597BBBD5-8A69-CF88-2DE3-67194CE5C071}" = Catalyst Control Center Graphics Previews Common

"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding

"{7677040A-E5AA-998C-8810-59F0B5D3E0A8}" = Catalyst Control Center InstallProxy

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7CC90569-A7DB-5EA0-A9FE-0C5799A28B11}" = CCC Help Chinese Traditional

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8DEB7DD7-FC6D-76C6-712D-40968A736963}" = CCC Help Swedish

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{92531F24-21E5-C8EC-30E6-D56536FD61C7}" = CCC Help Finnish

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar

"{9BC422FB-175A-0191-C141-B8B453DAF06E}" = Catalyst Control Center Graphics Previews Vista

"{A1C21906-351B-685E-7263-A4C30DF381E0}" = CCC Help German

"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software

"{AB6EE148-B13E-C19D-2732-CD0EB23C39B8}" = CCC Help Portuguese

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1

"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BE6A55A2-C71F-57DD-E498-7B8F317C0E15}" = ccc-core-static

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D11D2A79-78FA-EA15-CC16-8F24817EAED2}" = CCC Help Korean

"{D165A6B1-6985-072E-969E-333D759D6777}" = CCC Help Spanish

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime

"{DF28B648-9636-5DE8-A072-54A5323B0CDA}" = CCC Help Norwegian

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{E8DEB138-8DAC-EB25-87CE-D38A2C1C35CE}" = CCC Help French

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F393B7C2-136F-2956-30A3-1099C8394B51}" = CCC Help Chinese Standard

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F6F4AF75-109A-638B-80D5-87283B00CD5E}" = Catalyst Control Center Localization All

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FB46EFDE-44F4-83F1-3044-68F5E95E3D4E}" = CCC Help English

"{FBCCCFB0-D89D-C91F-B9B1-8AB1760C1DD0}" = CCC Help Russian

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"ConverterLite" = ConverterLite 1.5.0

"Dell Dock" = Dell Dock

"Dell Webcam Central" = Dell Webcam Central

"Giant Savings" = Giant Savings

"GoToAssist" = GoToAssist 8.0.0.514

"KeePass Password Safe_is1" = KeePass Password Safe 1.18

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"McAfee Security Scan" = McAfee Security Scan Plus

"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"Playbryte" = PlayBryte

"WildTangent dell Master Uninstall" = WildTangent Games

"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 5/31/2012 8:37:11 PM | Computer Name = Hayden-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 5117

Error - 5/31/2012 8:37:11 PM | Computer Name = Hayden-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 5117

Error - 5/31/2012 8:37:12 PM | Computer Name = Hayden-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/31/2012 8:37:12 PM | Computer Name = Hayden-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 6115

Error - 5/31/2012 8:37:12 PM | Computer Name = Hayden-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 6115

Error - 5/31/2012 8:37:13 PM | Computer Name = Hayden-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/31/2012 8:37:13 PM | Computer Name = Hayden-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 7113

Error - 5/31/2012 8:37:13 PM | Computer Name = Hayden-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 7113

Error - 5/31/2012 8:37:14 PM | Computer Name = Hayden-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/31/2012 8:37:14 PM | Computer Name = Hayden-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 8143

[ Broadcom Wireless LAN Events ]

Error - 6/19/2012 1:12:04 AM | Computer Name = Hayden-PC | Source = WLAN-Tray | ID = 0

Description = 22:12:00, Mon, Jun 18, 12 Error - Unable to gain access to user store

[ Dell Events ]

Error - 3/12/2011 12:55:18 AM | Computer Name = Hayden-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 3/15/2011 11:22:37 AM | Computer Name = Hayden-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 3/15/2011 11:22:37 AM | Computer Name = Hayden-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 4/27/2011 5:43:29 PM | Computer Name = Hayden-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 4/27/2011 5:43:29 PM | Computer Name = Hayden-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 5/7/2011 4:48:08 PM | Computer Name = Hayden-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 5/7/2011 4:48:08 PM | Computer Name = Hayden-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 6/9/2011 10:36:37 PM | Computer Name = Hayden-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 6/9/2011 10:36:37 PM | Computer Name = Hayden-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 1/31/2012 1:31:43 AM | Computer Name = Hayden-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

[ System Events ]

Error - 1/6/2012 6:30:19 AM | Computer Name = Hayden-PC | Source = BTHUSB | ID = 327697

Description = The local Bluetooth adapter has failed in an undetermined manner and

will not be used. The driver has been unloaded.

Error - 1/6/2012 2:33:01 PM | Computer Name = Hayden-PC | Source = BTHUSB | ID = 327697

Description = The local Bluetooth adapter has failed in an undetermined manner and

will not be used. The driver has been unloaded.

Error - 1/6/2012 5:43:32 PM | Computer Name = Hayden-PC | Source = BTHUSB | ID = 327697

Description = The local Bluetooth adapter has failed in an undetermined manner and

will not be used. The driver has been unloaded.

Error - 1/7/2012 12:22:31 PM | Computer Name = Hayden-PC | Source = BTHUSB | ID = 327697

Description = The local Bluetooth adapter has failed in an undetermined manner and

will not be used. The driver has been unloaded.

Error - 1/7/2012 11:59:46 PM | Computer Name = Hayden-PC | Source = BTHUSB | ID = 327697

Description = The local Bluetooth adapter has failed in an undetermined manner and

will not be used. The driver has been unloaded.

Error - 1/8/2012 6:45:19 PM | Computer Name = Hayden-PC | Source = BTHUSB | ID = 327697

Description = The local Bluetooth adapter has failed in an undetermined manner and

will not be used. The driver has been unloaded.

Error - 1/9/2012 12:49:27 AM | Computer Name = Hayden-PC | Source = BTHUSB | ID = 327697

Description = The local Bluetooth adapter has failed in an undetermined manner and

will not be used. The driver has been unloaded.

Error - 1/9/2012 3:38:03 AM | Computer Name = Hayden-PC | Source = BTHUSB | ID = 327697

Description = The local Bluetooth adapter has failed in an undetermined manner and

will not be used. The driver has been unloaded.

Error - 1/10/2012 1:17:37 AM | Computer Name = Hayden-PC | Source = BTHUSB | ID = 327697

Description = The local Bluetooth adapter has failed in an undetermined manner and

will not be used. The driver has been unloaded.

Error - 1/10/2012 5:51:13 AM | Computer Name = Hayden-PC | Source = BTHUSB | ID = 327697

Description = The local Bluetooth adapter has failed in an undetermined manner and

will not be used. The driver has been unloaded.

< End of report >

Share this post


Link to post
Share on other sites

Step 1

Please uninstall the following application: PlayBryte

Step 2

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKU\S-1-5-21-2318586025-2754874566-3958745835-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=109935&tt=050412_30b&babsrc=HP_ss&mntrId=7c4e86d40000000000005cac4cf14fbe
    IE - HKU\S-1-5-21-2318586025-2754874566-3958745835-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-2318586025-2754874566-3958745835-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109935&tt=050412_30b&babsrc=SP_ss&mntrId=7c4e86d40000000000005cac4cf14fbe
    [2012/06/19 22:24:11 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp2258@crossrider.com
    [2012/06/19 21:01:06 | 000,000,000 | ---D | M] ("Giant Savings") -- C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp4479@crossrider.com
    [2012/06/19 21:01:03 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    O3 - HKLM\..\Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No CLSID value found.
    [2012/06/19 21:38:11 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000008.@
    [2012/06/02 15:30:58 | 000,093,696 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000032.@
    [2012/06/02 15:30:57 | 000,076,800 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000064.@
    [2012/06/02 15:30:57 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\00000004.@
    [2012/06/02 15:30:52 | 000,001,584 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\000000cb.@
    [2012/06/02 15:30:49 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000000.@
    [2012/06/02 15:30:48 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000004.@
    [2012/01/10 22:12:37 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@
    [2012/01/10 22:12:37 | 000,002,048 | -HS- | C] () -- C:\Users\Royce\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@
    [2012/06/19 21:00:36 | 000,000,000 | ---D | M] -- C:\Users\Hayden\AppData\Roaming\Babylon
    [2012/06/19 21:01:37 | 000,000,000 | ---D | M] -- C:\Users\Hayden\AppData\Roaming\BabylonToolbar

    :files
    C:\Users\Royce\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
    C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • OTL Fix log
  • Malwarebytes' Anti-Malware log

Share this post


Link to post
Share on other sites

I tried but can't uninstall PlayBryte (300k) through Control Panel. The mouse icon spinned for couple seconds, that's all.

Awaiting for you next suggestion. Thanks again.

Share this post


Link to post
Share on other sites

Leave it, my script will take care for it.

Share this post


Link to post
Share on other sites

Here are the OTL and Malwarebytes' Anti-Malware logs. Seems promising, Malwarebytes' Anti-Malware didn't detect anything. Keeping my fingers cross! Thanks for the help again, awaiting for your reply.

All processes killed

========== OTL ==========

HKU\S-1-5-21-2318586025-2754874566-3958745835-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKEY_USERS\S-1-5-21-2318586025-2754874566-3958745835-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-2318586025-2754874566-3958745835-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp2258@crossrider.com\skin folder moved successfully.

C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp2258@crossrider.com\locale\en-US folder moved successfully.

C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp2258@crossrider.com\locale folder moved successfully.

C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp2258@crossrider.com\defaults\preferences folder moved successfully.

C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp2258@crossrider.com\defaults folder moved successfully.

C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib folder moved successfully.

C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp2258@crossrider.com\chrome\content folder moved successfully.

C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp2258@crossrider.com\chrome folder moved successfully.

C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp2258@crossrider.com folder moved successfully.

C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp4479@crossrider.com\skin folder moved successfully.

C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp4479@crossrider.com\locale\en-US folder moved successfully.

C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp4479@crossrider.com\locale folder moved successfully.

C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp4479@crossrider.com\defaults\preferences folder moved successfully.

C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp4479@crossrider.com\defaults folder moved successfully.

C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp4479@crossrider.com\chrome\content\lib folder moved successfully.

C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp4479@crossrider.com\chrome\content folder moved successfully.

C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp4479@crossrider.com\chrome folder moved successfully.

C:\Users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\extensions\crossriderapp4479@crossrider.com folder moved successfully.

C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{b278d9f8-0fa9-465e-9938-0c392605d8e3} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b278d9f8-0fa9-465e-9938-0c392605d8e3}\ not found.

C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000008.@ moved successfully.

C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000032.@ moved successfully.

C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000064.@ moved successfully.

C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\00000004.@ moved successfully.

C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\000000cb.@ moved successfully.

C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000000.@ moved successfully.

C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000004.@ moved successfully.

C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@ moved successfully.

C:\Users\Royce\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@ moved successfully.

C:\Users\Hayden\AppData\Roaming\Babylon folder moved successfully.

C:\Users\Hayden\AppData\Roaming\BabylonToolbar\Shared folder moved successfully.

C:\Users\Hayden\AppData\Roaming\BabylonToolbar\IE folder moved successfully.

C:\Users\Hayden\AppData\Roaming\BabylonToolbar\FF folder moved successfully.

C:\Users\Hayden\AppData\Roaming\BabylonToolbar\CR folder moved successfully.

C:\Users\Hayden\AppData\Roaming\BabylonToolbar folder moved successfully.

========== FILES ==========

C:\Users\Royce\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U folder moved successfully.

C:\Users\Royce\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L folder moved successfully.

C:\Users\Royce\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} folder moved successfully.

C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U folder moved successfully.

C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L folder moved successfully.

Folder move failed. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} scheduled to be moved on reboot.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Royce\Desktop\cmd.bat deleted successfully.

C:\Users\Royce\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Hayden

->Temp folder emptied: 14405801818 bytes

->Temporary Internet Files folder emptied: 152076950 bytes

->Java cache emptied: 290617 bytes

->FireFox cache emptied: 90661928 bytes

->Flash cache emptied: 1816 bytes

User: Public

User: Royce

->Temp folder emptied: 206973414 bytes

->Temporary Internet Files folder emptied: 4536375 bytes

->Java cache emptied: 16527 bytes

->FireFox cache emptied: 47679815 bytes

->Flash cache emptied: 14772 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 189872 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 429950085 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36062897 bytes

RecycleBin emptied: 68899254 bytes

Total Files Cleaned = 14,728.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.50.0 log created on 06222012_204455

Files\Folders moved on Reboot...

C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U folder moved successfully.

C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} folder moved successfully.

C:\Users\Royce\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.23.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Royce :: HAYDEN-PC [administrator]

Protection: Enabled

6/22/2012 8:59:06 PM

mbam-log-2012-06-22 (20-59-06).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 225808

Time elapsed: 2 minute(s), 31 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Share this post


Link to post
Share on other sites

Uh O! I ran combofix, but after it rebooted the machine, I wan't able to start any of my applications, including Firefox, Notepad, Window Explorer, etc. Can't even run "cmd". All resulted in "Illegal operation attempted on a registry key that has been marked as deletion." HELP!!!!

I am not sure if this is the combofix.txt (and I don't know a way to get to it since my Window Explorer is not working), but this is the log file that poped up after reboot.

ComboFix 12-06-24.03 - Royce 06/24/2012 21:23:06.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3959.1960 [GMT -7:00]

Running from: c:\users\Royce\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

.

.

((((((((((((((((((((((((( Files Created from 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))))

.

.

2012-06-23 20:45 . 2012-06-23 20:45 -------- d-----w- c:\users\Hayden\AppData\Local\Macromedia

2012-06-23 03:55 . 2012-06-23 03:56 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP

2012-06-23 03:44 . 2012-06-23 03:44 -------- d-----w- C:\_OTL

2012-06-20 05:12 . 2012-06-23 03:56 -------- d-----w- C:\sh4ldr

2012-06-20 05:12 . 2012-06-20 05:12 -------- d-----w- c:\program files\Enigma Software Group

2012-06-20 05:11 . 2012-06-20 05:11 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-06-20 04:41 . 2012-06-20 04:41 -------- d-----w- c:\users\Royce\AppData\Local\Macromedia

2012-06-20 04:40 . 2012-06-20 04:40 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-06-20 04:40 . 2012-06-20 04:40 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-06-20 04:11 . 2012-06-20 04:11 -------- d-----w- c:\users\Royce\AppData\Roaming\Malwarebytes

2012-06-20 04:11 . 2012-06-20 04:11 -------- d-----w- c:\users\Royce\AppData\Roaming\dvdcss

2012-06-20 04:03 . 2012-06-20 04:03 -------- d-----w- c:\users\Hayden\AppData\Roaming\dvdcss

2012-06-20 04:02 . 2012-06-20 04:08 -------- d-----w- c:\users\Hayden\AppData\Roaming\ConverterLite

2012-06-20 04:01 . 2012-06-20 04:01 -------- d-----w- c:\programdata\ActivePath

2012-06-20 04:01 . 2012-06-20 04:01 -------- d-----w- c:\users\Hayden\AppData\Local\Google

2012-06-20 04:01 . 2012-06-20 04:01 -------- d-----w- c:\users\Hayden\AppData\Local\Giant Savings

2012-06-20 04:01 . 2012-06-20 04:20 -------- d-----w- c:\program files (x86)\Giant Savings

2012-06-20 04:00 . 2012-06-20 04:00 -------- d-----w- c:\program files (x86)\Playbryte

2012-06-19 05:02 . 2012-06-19 05:02 -------- d-----w- c:\users\Hayden\AppData\Roaming\Malwarebytes

2012-06-19 05:02 . 2012-06-19 05:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-19 05:02 . 2012-06-19 05:02 -------- d-----w- c:\programdata\Malwarebytes

2012-06-19 05:02 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-19 04:30 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-19 04:30 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-19 04:30 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-19 04:30 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-19 04:30 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-19 04:30 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-19 04:30 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-19 04:30 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-19 04:30 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-15 15:56 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-15 15:56 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-15 15:55 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-15 15:55 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-15 15:55 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-15 15:55 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-15 15:55 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-15 15:55 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-15 15:55 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-15 15:55 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-15 15:55 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-15 15:55 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-15 15:54 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-15 15:54 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-15 15:54 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-15 15:54 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-06-15 15:54 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-11 16:52 . 2012-06-11 16:52 -------- d-----w- c:\users\Royce\AppData\Roaming\Apple Computer

2012-06-02 22:31 . 2012-06-23 04:08 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-02 04:26 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B999A0D3-D8B3-428E-A732-D381D0F0A327}\mpengine.dll

2012-05-27 04:12 . 2012-05-27 04:16 -------- d-----w- c:\users\Hayden\AppData\Roaming\Apple Computer

2012-05-27 04:12 . 2012-05-27 04:12 -------- d-----w- c:\users\Hayden\AppData\Local\Apple Computer

2012-05-27 04:12 . 2009-05-18 20:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-05-27 04:12 . 2008-04-17 19:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-05-27 04:10 . 2012-05-27 04:11 -------- d-----w- c:\programdata\Apple

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-23 04:08 . 2011-06-04 00:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-30 11:35 . 2012-05-12 19:55 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KeePass Password Safe"="c:\program files (x86)\KeePass Password Safe\KeePass.exe" [2010-09-01 787456]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-02 98304]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-11 163040]

.

c:\users\Hayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

c:\users\Royce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - IPNAT

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-25 c:\windows\Tasks\ActiveMail Updater.job

- c:\programdata\ActivePath\ActiveMail\UpdateClient.exe [2012-06-20 17:23]

.

2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-02 04:08]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-01-06 3179288]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page =

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.15.1

FF - ProfilePath - c:\users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=050412_30b

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 7c4e86d40000000000005cac4cf14fbe

FF - user.js: extensions.BabylonToolbar_i.hardId - 7c4e86d40000000000005cac4cf14fbe

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15445

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:02

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-Wondershare Helper Compact.exe - c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe

.

**************************************************************************

.

Completion time: 2012-06-24 21:46:19 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-25 04:46

.

Pre-Run: 383,851,311,104 bytes free

Post-Run: 386,556,145,664 bytes free

.

- - End Of File - - 56FAA1EC0FB8215009CE2B82BB82AF30

Share this post


Link to post
Share on other sites

Reboot your PC and everything will be fine.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FireFox::
FF - ProfilePath - c:\users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=050412_30b
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 7c4e86d40000000000005cac4cf14fbe
FF - user.js: extensions.BabylonToolbar_i.hardId - 7c4e86d40000000000005cac4cf14fbe
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15445
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:02
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Share this post


Link to post
Share on other sites

Great, rebooted and all shortcuts are working as usual.

Here is comboxfix.txt

ComboFix 12-06-25.05 - Royce 06/25/2012 20:58:08.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3959.2523 [GMT -7:00]

Running from: c:\users\Royce\Desktop\ComboFix.exe

Command switches used :: c:\users\Royce\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-05-26 to 2012-06-26 )))))))))))))))))))))))))))))))

.

.

2012-06-26 04:07 . 2012-06-26 04:07 -------- d-----w- c:\users\Hayden\AppData\Local\temp

2012-06-26 04:07 . 2012-06-26 04:07 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-26 03:51 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D8D2C03E-AE74-4644-949A-D15915EA29B2}\mpengine.dll

2012-06-23 20:45 . 2012-06-23 20:45 -------- d-----w- c:\users\Hayden\AppData\Local\Macromedia

2012-06-23 03:55 . 2012-06-23 03:56 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP

2012-06-23 03:44 . 2012-06-23 03:44 -------- d-----w- C:\_OTL

2012-06-20 05:12 . 2012-06-23 03:56 -------- d-----w- C:\sh4ldr

2012-06-20 05:12 . 2012-06-20 05:12 -------- d-----w- c:\program files\Enigma Software Group

2012-06-20 05:11 . 2012-06-20 05:11 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-06-20 04:41 . 2012-06-20 04:41 -------- d-----w- c:\users\Royce\AppData\Local\Macromedia

2012-06-20 04:40 . 2012-06-20 04:40 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-06-20 04:40 . 2012-06-20 04:40 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-06-20 04:11 . 2012-06-20 04:11 -------- d-----w- c:\users\Royce\AppData\Roaming\Malwarebytes

2012-06-20 04:11 . 2012-06-20 04:11 -------- d-----w- c:\users\Royce\AppData\Roaming\dvdcss

2012-06-20 04:03 . 2012-06-20 04:03 -------- d-----w- c:\users\Hayden\AppData\Roaming\dvdcss

2012-06-20 04:02 . 2012-06-20 04:08 -------- d-----w- c:\users\Hayden\AppData\Roaming\ConverterLite

2012-06-20 04:01 . 2012-06-20 04:01 -------- d-----w- c:\programdata\ActivePath

2012-06-20 04:01 . 2012-06-20 04:01 -------- d-----w- c:\users\Hayden\AppData\Local\Google

2012-06-20 04:01 . 2012-06-20 04:01 -------- d-----w- c:\users\Hayden\AppData\Local\Giant Savings

2012-06-20 04:01 . 2012-06-20 04:20 -------- d-----w- c:\program files (x86)\Giant Savings

2012-06-20 04:00 . 2012-06-20 04:00 -------- d-----w- c:\program files (x86)\Playbryte

2012-06-19 05:02 . 2012-06-19 05:02 -------- d-----w- c:\users\Hayden\AppData\Roaming\Malwarebytes

2012-06-19 05:02 . 2012-06-19 05:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-19 05:02 . 2012-06-19 05:02 -------- d-----w- c:\programdata\Malwarebytes

2012-06-19 05:02 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-19 04:30 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-19 04:30 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-19 04:30 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-19 04:30 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-19 04:30 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-19 04:30 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-19 04:30 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-19 04:30 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-19 04:30 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-15 15:56 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-15 15:56 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-15 15:55 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-15 15:55 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-15 15:55 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-15 15:55 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-15 15:55 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-15 15:55 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-15 15:55 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-15 15:55 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-15 15:55 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-15 15:55 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-15 15:54 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-15 15:54 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-15 15:54 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-15 15:54 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-06-15 15:54 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-11 16:52 . 2012-06-11 16:52 -------- d-----w- c:\users\Royce\AppData\Roaming\Apple Computer

2012-06-02 22:31 . 2012-06-23 04:08 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-27 04:12 . 2012-05-27 04:16 -------- d-----w- c:\users\Hayden\AppData\Roaming\Apple Computer

2012-05-27 04:12 . 2012-05-27 04:12 -------- d-----w- c:\users\Hayden\AppData\Local\Apple Computer

2012-05-27 04:12 . 2009-05-18 20:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-05-27 04:12 . 2008-04-17 19:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-05-27 04:10 . 2012-05-27 04:11 -------- d-----w- c:\programdata\Apple

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-23 04:08 . 2011-06-04 00:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-30 11:35 . 2012-05-12 19:55 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-06-25_04.36.31 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-06-26 03:43 . 2012-06-26 03:43 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

- 2012-06-25 04:34 . 2012-06-25 04:34 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

+ 2009-04-29 12:31 . 2012-06-25 04:37 38722 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-06-26 03:46 31984 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-03-14 03:00 . 2012-06-26 03:43 4866 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2011-04-30 19:33 . 2012-06-26 03:46 4038 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2318586025-2754874566-3958745835-1003_UserData.bin

- 2012-06-25 04:35 . 2012-06-25 04:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-26 03:44 . 2012-06-26 03:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-26 03:44 . 2012-06-26 03:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-06-25 04:35 . 2012-06-25 04:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 04:54 . 2012-06-26 03:47 294912 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-06-25 04:12 294912 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-03-10 22:44 . 2012-06-25 09:19 415090 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 02:36 . 2012-06-26 03:51 624864 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-06-23 03:56 624864 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-06-23 03:56 106950 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-06-26 03:51 106950 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2012-06-25 04:34 232148 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-06-26 03:43 232148 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 04:54 . 2012-06-25 04:12 3375104 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-06-26 03:47 3375104 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-06-25 04:12 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-06-26 03:47 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KeePass Password Safe"="c:\program files (x86)\KeePass Password Safe\KeePass.exe" [2010-09-01 787456]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-02 98304]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-11 163040]

.

c:\users\Hayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

c:\users\Royce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-26 c:\windows\Tasks\ActiveMail Updater.job

- c:\programdata\ActivePath\ActiveMail\UpdateClient.exe [2012-06-20 17:23]

.

2012-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-02 04:08]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page =

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.15.1

FF - ProfilePath - c:\users\Royce\AppData\Roaming\Mozilla\Firefox\Profiles\gg3npvqr.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-06-25 21:19:57

ComboFix-quarantined-files.txt 2012-06-26 04:19

ComboFix2.txt 2012-06-25 04:46

.

Pre-Run: 386,345,947,136 bytes free

Post-Run: 386,061,443,072 bytes free

.

- - End Of File - - 0ACD98E99E5B14427590F68B2C650125

Share this post


Link to post
Share on other sites

Good! :)

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Share this post


Link to post
Share on other sites

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

Share this post


Link to post
Share on other sites

Hi Maniac,

Sorry for the late update, life has been beyond busy.

After the scan was completed, I couldn't find C:\Program Files\EsetOnlineScanner\log.txt

I found this instead C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt, and here is its content:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

That's it, 3 lines.

Thanks for the help as always.

Share this post


Link to post
Share on other sites

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Share this post


Link to post
Share on other sites

I downloaded KVRT Version 11 (11.0.0.1245) but it wouldn't install. I saw the splash screen of it extracting some files to my temp directory, then the screen/window close and nothing. Thoughts?

Share this post


Link to post
Share on other sites

Thanks! Here is the threads report from AVP.

Status: Deleted (events: 1)

7/7/2012 3:32:48 PM Deleted Trojan program Backdoor.Win32.ZAccess.mbs C:\_OTL\MovedFiles\06222012_204455\C_Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\000000cb.@ High

Share this post


Link to post
Share on other sites

Thanks!

How is your system now?

Share this post


Link to post
Share on other sites

I have another user profile on the machine, that profile's firefox was sill pointing to babylon search, I deleted some unknow add-ons and change the home page URL in firefox, so far so good. All in all, my machine is running fine. Any more tips or things I need to do.

Thanks!!!

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.