Corbadda

Members
  • Content Count

    36
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Corbadda

  • Rank
    Advanced Member
  1. I reset system restore and uninstalled Combofix as instructed. The computer continues to run normally without any problems. Thank you again for all your help! I have already begun making sure everything is up to date and using Window's Update. Since this is my mother's computer I lectured her on the importance of keeping it updated, lol. Thanks again and you have a great day as well Blade!
  2. Hi Blade81! I had been avoiding using the system until you gave me the go ahead. After using it for a while today everything seems to be running normally with no problems or errors. Thank you for all your help in getting rid of this nasty virus! I have always been able to rely on the experts here! Is there anything further that needs to addressed? Or should I begin making sure all the programs are up to date?
  3. I ran ComboFix using the CFScript.txt as instructed. Here is the log as follows: ComboFix 13-09-02.02 - Bev 09/03/2013 0:18.3.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4009.2082 [GMT -7:00] Running from: c:\users\Bev\Desktop\ComboFix.exe Command switches used :: c:\users\Bev\Desktop\CFScript.txt AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902} FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC} SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A} SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\fsil c:\programdata\fsil\npphx.ocy c:\programdata\fsil\yjbj.qnj . . ((((((((((((((((((((((((( Files Created from 2013-08-03 to 2013-09-03 ))))))))))))))))))))))))))))))) . . 2013-09-03 07:26 . 2013-09-03 07:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-02 20:24 . 2013-09-02 20:24 -------- d-----w- c:\program files (x86)\ESET 2013-08-28 22:12 . 2013-08-28 22:12 -------- d-----w- C:\FRST 2013-08-26 21:23 . 2013-08-26 21:23 -------- d-----w- C:\JailhouseInn 2013-08-23 18:36 . 2013-08-23 18:36 -------- d-----w- C:\MasonCD 2013-08-20 21:30 . 2013-08-20 21:31 -------- d-----w- C:\MirandasPeople - Copy 2013-08-19 21:41 . 2013-08-19 21:42 -------- d-----w- C:\TitanicHistoricalSociety 2013-08-15 04:48 . 2013-08-15 19:55 -------- d-----w- C:\EnerBankUSA 2013-08-05 06:40 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-08-05 06:39 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2013-08-05 06:38 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-05 06:38 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-08-05 06:38 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-08-05 06:38 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-08-05 06:38 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-08-05 06:38 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe 2013-08-05 06:37 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2013-08-05 06:37 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll 2013-08-05 01:36 . 2013-08-05 01:36 -------- d-----w- C:\VideosMason . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-21 00:49 . 2013-02-26 23:49 17139080 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-07-01 16:49 . 2013-02-17 00:11 325920 ----a-w- c:\windows\SysWow64\Sendori.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{09942569-D515-42BE-9F5A-A439B20F91AB}] c:\program files (x86)\Unfriend Checker\uc.dll [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] 2012-11-16 21:41 87448 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{f0e59437-6148-4a98-b0a6-60d557ef57f4}] c:\program files (x86)\WhiteSmoke_B\prxtbWhit.dll [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-11-16 87448] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X] "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-11-16 542104] "SearchProtection"="c:\programdata\Search Protection\_run.bat" [2012-12-13 141] "Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-07-01 83232] "LWS"="c:\logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576] . c:\users\Bev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech . Product Registration.lnk - c:\logitech\Ereg\eReg.exe /remind /language=ENU /_WFM="." [2009-11-16 517384] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360] Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-13 291896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service] @="Ad-Aware Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x] R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] R3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x] R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x] S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x] S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x] S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x] S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x] S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe;c:\program files\Trend Micro\Titanium\TiMiniService.exe [x] S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 20:58] . 2013-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 20:58] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2011-05-21 1139992] "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-05-21 192520] "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2011-05-21 328400] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.12.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1 - c:\program files (x86)\24x7Help\unins000.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<ΦÚ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<ΦÚ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÔfÒ„] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÔfÒ„\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æÈrÂç] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æÈrÂç\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æHuÂç] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æHuÂç\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^“!XeÄ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^“!XeÄ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Pаú] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Pаú\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^#PãzzŸ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^#PãzzŸ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Q%HÛ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Q%HÛ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^XQ˜à]] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^XQ˜à]\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÀQILÃ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÀQILÃ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vRâf’Æ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vRâf’Æ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^2SºÂ&_] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^2SºÂ&_\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^uS¦¶°à] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^uS¦¶°à\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^T©È€] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^T©È€\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yTß­íØ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yTß­íØ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yT_¯íØ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yT_¯íØ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^–T‡ kÛ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^–T‡ kÛ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^U!Uê] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^U!Uê\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÙVF«hþ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÙVF«hþ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^gWd°â)] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^gWd°â)\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXÙ‚RÂ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXÙ‚RÂ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXY‡RÂ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXY‡RÂ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡YIÙS] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡YIÙS\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡Y JÙS] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡Y JÙS\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‘ZÜpÝJ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‘ZÜpÝJ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ì]¯Õ4] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ì]¯Õ4\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^ÚA¯Ÿ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^ÚA¯Ÿ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^edž¤] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^edž¤\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^I^ò ìÄ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^I^ò ìÄ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ _ã‚Q] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ _ã‚Q\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^B_9¤ÆP] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^B_9¤ÆP\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^g_0q¥Ô] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^g_0q¥Ô\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^u_*æ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^u_*æ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ï_©Ùw‘] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ï_©Ùw‘\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^§`Ðúõ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^§`Ðúõ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨`B-<] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨`B-<\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Raù\ö] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Raù\ö\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^|aßÍ# ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^|aßÍ# \OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¾aw™ý½] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¾aw™ý½\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÆaûIu] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÆaûIu\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Æa{Ku] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Æa{Ku\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ùa‰ap] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ùa‰ap\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*b¯…ï] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*b¯…ï\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Úb,¤çˆ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Úb,¤çˆ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<cØyN—] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<cØyN—\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^[cSQ—¯] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^[cSQ—¯\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨cŒÍ<p] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨cŒÍ<p\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]d-_] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]d-_\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vdàÁtà] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vdàÁtà\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^!eðË=] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^!eðË=\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]eê–] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]eê–\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Þezù!"] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Þezù!"\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*f–àPá] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*f–àPá\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^5WÂ%-™] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^5WÂ%-™\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^µcZœÅ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^µcZœÅ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ãtE¥ãt`^WeY9òü] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ãtE¥ãt`^WeY9òü\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥’uE¥’u`^ÿU¯NâŠ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥’uE¥’u`^ÿU¯NâŠ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥™uE¥™u`^že’•yâ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥™uE¥™u`^že’•yâ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥àuE¥àu`^ùe[a˜[] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥àuE¥àu`^ùe[a˜[\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^¨cŠ‘LÉ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^¨cŠ‘LÉ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©cLÔ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©cLÔ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©c› äâ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©c› äâ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^VaV#] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^VaV#\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^2UrÝÂb] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^2UrÝÂb\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FvE¥Fv`^æ`œetE] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FvE¥Fv`^æ`œetE\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ivE¥iv`^Ž[•C] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ivE¥iv`^Ž[•C\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥svE¥sv`^ÐhÆô‹¥] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥svE¥sv`^ÐhÆô‹¥\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÿvE¥ÿv`^raÚeS] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÿvE¥ÿv`^raÚeS\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FwE¥Fw`^5bLЭ¾] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FwE¥Fw`^5bLЭ¾\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^ŽU<Ü=] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^ŽU<Ü=\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^‹Y8ýŸî] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^‹Y8ýŸî\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Øt¨¯Øt`^¯bØc­] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Øt¨¯Øt`^¯bØc­\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^Þ]3siþ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^Þ]3siþ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaoK3] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaoK3\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaÿT3] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaÿT3\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^|aX¨šx] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^|aX¨šx\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^]hwéÛ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^]hwéÛ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^²Tgmû²] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^²Tgmû²\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^–UØGE!] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^–UØGE!\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^zY§wŠy] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^zY§wŠy\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^ªYtÏ·] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^ªYtÏ·\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^–R…³c8] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^–R…³c8\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^,VĘæÁ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^,VĘæÁ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^…^‹öv] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^…^‹öv\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯šu¨¯šu`^Z^³ìL] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯šu¨¯šu`^Z^³ìL\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯¡u¨¯¡u`^Šj`eÚ²] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯¡u¨¯¡u`^Šj`eÚ²\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^_ˆIÄ‹] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^_ˆIÄ‹\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^Ea²àX] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^Ea²àX\OpenWithList] @Class="Shell" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-09-03 00:28:03 ComboFix-quarantined-files.txt 2013-09-03 07:28 ComboFix2.txt 2013-09-02 20:09 ComboFix3.txt 2013-08-31 22:03 . Pre-Run: 38,104,883,200 bytes free Post-Run: 38,204,203,008 bytes free . - - End Of File - - 5B9A1F51935223AA03192019D9D3AED9 5C616939100B85E558DA92B899A0FC36
  4. I ran ComboFix using the CFScript.txt as instructed. I also unistalled the old Adobe Reader and installed and updated Adobe Reader 11. I then went online and ran ESET as well as running DDS. Here are the log files as follows: C:\ComboFix.txt ComboFix 13-09-02.02 - Bev 09/02/2013 12:59:59.2.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4009.2358 [GMT -7:00] Running from: c:\users\Bev\Desktop\ComboFix.exe Command switches used :: c:\users\Bev\Desktop\CFScript.txt AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902} FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC} SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A} SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\PCDr\6280\AddOnDownloaded\3265cc37-1ae8-4a1d-b93a-d8a0d09ba823.dll c:\programdata\PCDr\6280\AddOnDownloaded\357a8a4f-74a2-42f1-aed0-bea5984fd709.dll c:\programdata\PCDr\6280\AddOnDownloaded\393c4795-5a95-448d-89c3-2d1321ae7575.dll c:\programdata\PCDr\6280\AddOnDownloaded\5737a9df-39af-4df3-b97d-07f556d679c5.dll c:\programdata\PCDr\6280\AddOnDownloaded\840b04b8-fb1e-4492-9645-97c163fb4348.dll c:\programdata\PCDr\6280\AddOnDownloaded\8aa95cb2-816d-4a9a-a370-962b815a3013.dll c:\programdata\PCDr\6280\AddOnDownloaded\97b26c73-ba78-4c33-81e8-2f3210990c0e.dll c:\programdata\PCDr\6280\AddOnDownloaded\9a29e1fb-664e-4651-a32c-e1ab34198ded.dll c:\programdata\PCDr\6280\AddOnDownloaded\ad3867bf-de78-4ebd-93f2-0811b275b627.dll c:\programdata\PCDr\6280\AddOnDownloaded\e2989224-3347-43ce-b7a2-533339a265b0.dll . . ((((((((((((((((((((((((( Files Created from 2013-08-02 to 2013-09-02 ))))))))))))))))))))))))))))))) . . 2013-09-02 20:07 . 2013-09-02 20:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-28 22:12 . 2013-08-28 22:12 -------- d-----w- C:\FRST 2013-08-28 20:05 . 2013-08-28 20:08 -------- d-----w- c:\programdata\fsil 2013-08-26 21:23 . 2013-08-26 21:23 -------- d-----w- C:\JailhouseInn 2013-08-23 18:36 . 2013-08-23 18:36 -------- d-----w- C:\MasonCD 2013-08-20 21:30 . 2013-08-20 21:31 -------- d-----w- C:\MirandasPeople - Copy 2013-08-19 21:41 . 2013-08-19 21:42 -------- d-----w- C:\TitanicHistoricalSociety 2013-08-15 04:48 . 2013-08-15 19:55 -------- d-----w- C:\EnerBankUSA 2013-08-05 06:40 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-08-05 06:39 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2013-08-05 06:38 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-05 06:38 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-08-05 06:38 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-08-05 06:38 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-08-05 06:38 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-08-05 06:38 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe 2013-08-05 06:37 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2013-08-05 06:37 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll 2013-08-05 01:36 . 2013-08-05 01:36 -------- d-----w- C:\VideosMason . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-21 00:49 . 2012-06-07 00:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-21 00:49 . 2012-06-07 00:24 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-08-21 00:49 . 2013-02-26 23:49 17139080 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-07-01 16:49 . 2013-02-17 00:11 325920 ----a-w- c:\windows\SysWow64\Sendori.dll . . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\programdata\fsil ---- . 2013-08-28 20:08 . 2013-08-29 06:50 67031 ----a-w- c:\programdata\fsil\npphx.ocy 2013-08-28 20:08 . 2013-08-28 20:08 229185 ----a-w- c:\programdata\fsil\yjbj.qnj . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{09942569-D515-42BE-9F5A-A439B20F91AB}] c:\program files (x86)\Unfriend Checker\uc.dll [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] 2012-11-16 21:41 87448 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{f0e59437-6148-4a98-b0a6-60d557ef57f4}] c:\program files (x86)\WhiteSmoke_B\prxtbWhit.dll [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-11-16 87448] "{f0e59437-6148-4a98-b0a6-60d557ef57f4}"= "c:\program files (x86)\WhiteSmoke_B\prxtbWhit.dll" [bU] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] . [HKEY_CLASSES_ROOT\clsid\{f0e59437-6148-4a98-b0a6-60d557ef57f4}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X] "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-11-16 542104] "SearchProtection"="c:\programdata\Search Protection\_run.bat" [2012-12-13 141] "Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-07-01 83232] "LWS"="c:\logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136] . c:\users\Bev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech . Product Registration.lnk - c:\logitech\Ereg\eReg.exe /remind /language=ENU /_WFM="." [2009-11-16 517384] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360] Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-13 291896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service] @="Ad-Aware Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x] R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] R3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x] R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x] S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x] S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x] S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x] S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x] S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe;c:\program files\Trend Micro\Titanium\TiMiniService.exe [x] S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\my dell\pcdsrvc_x64.pkms;c:\program files\my dell\pcdsrvc_x64.pkms [x] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - PCDSRVC{D3412D80-CF3B4A27-06020200}_0 . Contents of the 'Scheduled Tasks' folder . 2013-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 00:49] . 2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 20:58] . 2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 20:58] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2011-05-21 1139992] "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-05-21 192520] "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2011-05-21 328400] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.12.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1 - c:\program files (x86)\24x7Help\unins000.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{D3412D80-CF3B4A27-06020200}_0] "ImagePath"="\??\c:\program files\my dell\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<ΦÚ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<ΦÚ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÔfÒ„] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÔfÒ„\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æÈrÂç] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æÈrÂç\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æHuÂç] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æHuÂç\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^“!XeÄ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^“!XeÄ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Pаú] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Pаú\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^#PãzzŸ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^#PãzzŸ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Q%HÛ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Q%HÛ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^XQ˜à]] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^XQ˜à]\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÀQILÃ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÀQILÃ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vRâf’Æ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vRâf’Æ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^2SºÂ&_] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^2SºÂ&_\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^uS¦¶°à] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^uS¦¶°à\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^T©È€] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^T©È€\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yTß­íØ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yTß­íØ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yT_¯íØ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yT_¯íØ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^–T‡ kÛ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^–T‡ kÛ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^U!Uê] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^U!Uê\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÙVF«hþ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÙVF«hþ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^gWd°â)] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^gWd°â)\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXÙ‚RÂ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXÙ‚RÂ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXY‡RÂ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXY‡RÂ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡YIÙS] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡YIÙS\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡Y JÙS] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡Y JÙS\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‘ZÜpÝJ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‘ZÜpÝJ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ì]¯Õ4] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ì]¯Õ4\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^ÚA¯Ÿ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^ÚA¯Ÿ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^edž¤] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^edž¤\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^I^ò ìÄ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^I^ò ìÄ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ _ã‚Q] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ _ã‚Q\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^B_9¤ÆP] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^B_9¤ÆP\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^g_0q¥Ô] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^g_0q¥Ô\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^u_*æ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^u_*æ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ï_©Ùw‘] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ï_©Ùw‘\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^§`Ðúõ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^§`Ðúõ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨`B-<] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨`B-<\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Raù\ö] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Raù\ö\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^|aßÍ# ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^|aßÍ# \OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¾aw™ý½] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¾aw™ý½\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÆaûIu] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÆaûIu\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Æa{Ku] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Æa{Ku\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ùa‰ap] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ùa‰ap\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*b¯…ï] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*b¯…ï\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Úb,¤çˆ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Úb,¤çˆ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<cØyN—] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<cØyN—\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^[cSQ—¯] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^[cSQ—¯\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨cŒÍ<p] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨cŒÍ<p\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]d-_] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]d-_\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vdàÁtà] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vdàÁtà\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^!eðË=] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^!eðË=\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]eê–] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]eê–\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Þezù!"] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Þezù!"\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*f–àPá] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*f–àPá\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^5WÂ%-™] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^5WÂ%-™\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^µcZœÅ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^µcZœÅ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ãtE¥ãt`^WeY9òü] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ãtE¥ãt`^WeY9òü\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥’uE¥’u`^ÿU¯NâŠ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥’uE¥’u`^ÿU¯NâŠ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥™uE¥™u`^že’•yâ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥™uE¥™u`^že’•yâ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥àuE¥àu`^ùe[a˜[] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥àuE¥àu`^ùe[a˜[\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^¨cŠ‘LÉ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^¨cŠ‘LÉ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©cLÔ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©cLÔ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©c› äâ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©c› äâ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^VaV#] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^VaV#\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^2UrÝÂb] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^2UrÝÂb\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FvE¥Fv`^æ`œetE] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FvE¥Fv`^æ`œetE\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ivE¥iv`^Ž[•C] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ivE¥iv`^Ž[•C\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥svE¥sv`^ÐhÆô‹¥] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥svE¥sv`^ÐhÆô‹¥\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÿvE¥ÿv`^raÚeS] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÿvE¥ÿv`^raÚeS\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FwE¥Fw`^5bLЭ¾] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FwE¥Fw`^5bLЭ¾\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^ŽU<Ü=] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^ŽU<Ü=\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^‹Y8ýŸî] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^‹Y8ýŸî\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Øt¨¯Øt`^¯bØc­] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Øt¨¯Øt`^¯bØc­\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^Þ]3siþ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^Þ]3siþ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaoK3] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaoK3\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaÿT3] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaÿT3\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^|aX¨šx] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^|aX¨šx\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^]hwéÛ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^]hwéÛ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^²Tgmû²] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^²Tgmû²\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^–UØGE!] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^–UØGE!\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^zY§wŠy] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^zY§wŠy\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^ªYtÏ·] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^ªYtÏ·\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^–R…³c8] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^–R…³c8\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^,VĘæÁ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^,VĘæÁ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^…^‹öv] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^…^‹öv\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯šu¨¯šu`^Z^³ìL] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯šu¨¯šu`^Z^³ìL\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯¡u¨¯¡u`^Šj`eÚ²] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯¡u¨¯¡u`^Šj`eÚ²\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^_ˆIÄ‹] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^_ˆIÄ‹\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^Ea²àX] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^Ea²àX\OpenWithList] @Class="Shell" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-09-02 13:09:45 ComboFix-quarantined-files.txt 2013-09-02 20:09 ComboFix2.txt 2013-08-31 22:03 . Pre-Run: 37,339,172,864 bytes free Post-Run: 37,286,572,032 bytes free . - - End Of File - - 6A2D220CA9064CC94F80B566D0BF4398 5C616939100B85E558DA92B899A0FC36 ESET Report C:\FRST\Quarantine\edrsytb.exe a variant of Win32/Kryptik.BIYS trojan C:\FRST\Quarantine\fyldo.exe a variant of Win32/Kryptik.BIYS trojan C:\FRST\Quarantine\ghbtls.exe a variant of Win32/Kryptik.BIYS trojan C:\FRST\Quarantine\ivgq.exe a variant of Win32/Kryptik.BIYS trojan C:\FRST\Quarantine\mdfjbha.exe a variant of Win32/Kryptik.BIYS trojan C:\FRST\Quarantine\pfwd.exe a variant of Win32/Kryptik.BIYS trojan C:\FRST\Quarantine\qcovne.exe a variant of Win32/Kryptik.BIYS trojan C:\FRST\Quarantine\qgmt.exe a variant of Win32/Kryptik.BIYS trojan C:\FRST\Quarantine\tpuge.exe a variant of Win32/Kryptik.BIYS trojan C:\FRST\Quarantine\vtaq.exe a variant of Win32/Kryptik.BIYS trojan C:\FRST\Quarantine\wobomg.exe a variant of Win32/Kryptik.BIYS trojan C:\FRST\Quarantine\xtid.exe a variant of Win32/Kryptik.BIYS trojan C:\FRST\Quarantine\yowfl.exe a variant of Win32/Kryptik.BIYS trojan C:\Qoobox\Quarantine\C\Program Files (x86)\24x7Help\App24x7Help.exe.vir a variant of Win32/24x7Help.B application C:\Qoobox\Quarantine\C\Program Files (x86)\24x7Help\App24x7Hook.dll.vir Win32/24x7Help.A application C:\Qoobox\Quarantine\C\Program Files (x86)\24x7Help\App24x7Hook64.dll.vir Win64/24x7Help.A application C:\Qoobox\Quarantine\C\Program Files (x86)\24x7Help\App24x7Svc.exe.vir probably a variant of Win32/24x7Help.B application C:\Qoobox\Quarantine\C\Users\Bev\AppData\Roaming\dbu32.ocx.vir a variant of Win32/Kryptik.BIYS trojan DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16496 Run by Bev at 15:21:58 on 2013-09-02 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4009.2069 [GMT -7:00] . AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902} AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A} FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Secunia\PSI\PSIA.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files (x86)\Sendori\sndappv2.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Trend Micro\Titanium\TiMiniService.exe C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Sendori\SendoriSvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Sendori\SendoriUp.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\notepad.exe C:\Windows\explorer.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Sendori\Sendori.Service.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mURLSearchHooks: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} - BHO: Unfriend Checker: {09942569-D515-42BE-9F5A-A439B20F91AB} - BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} - TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll TB: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" mRun: [searchProtection] C:\ProgramData\Search Protection\_run.bat mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run mRun: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe" mRun: [LWS] C:\Logitech\LWS\Webcam Software\LWS.exe -hide mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" StartupFolder: C:\Users\Bev\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Logitech\Ereg\eReg.exe StartupFolder: C:\Users\Bev\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll TCP: NameServer = 192.168.12.1 TCP: Interfaces\{37314881-E905-46E4-9DB0-64917E6345A1} : DHCPNameServer = 192.168.12.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_paid.html" "DEF" "DEF" "DEF" x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" x64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none" x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg.dll x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe . ============= SERVICES / DRIVERS =============== . R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2012-12-3 14456] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-6-6 55856] R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2012-11-12 57976] R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-12-7 1236368] R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-7-1 119072] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-12 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-12 701512] R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000] R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000] R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-13 994360] R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-7-1 22304] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-6-6 1695040] R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-7-1 3623200] R2 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2012-6-6 244440] R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2012-6-6 69392] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-6 317440] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-12 25928] R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-6 539240] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408] S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-6-6 267480] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752] S3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-9-21 24608] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520] S3 LVUVC64;Logitech HD Webcam C510(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2012-1-18 4763680] S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-12 19456] S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-12 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-12 30208] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-18 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-09-02 20:24:13 -------- d-----w- C:\Program Files (x86)\ESET 2013-09-02 20:09:49 -------- d-sh--w- C:\$RECYCLE.BIN 2013-08-31 21:40:32 98816 ----a-w- C:\Windows\sed.exe 2013-08-31 21:40:32 256000 ----a-w- C:\Windows\PEV.exe 2013-08-31 21:40:32 208896 ----a-w- C:\Windows\MBR.exe 2013-08-28 22:12:55 -------- d-----w- C:\FRST 2013-08-28 20:05:06 -------- d-----w- C:\ProgramData\fsil 2013-08-26 21:23:59 -------- d-----w- C:\JailhouseInn 2013-08-26 17:25:35 -------- d-----w- C:\Users\Bev\AppData\Local\{AEBE6523-5364-4C9D-9977-FF34F0750DA0} 2013-08-25 22:16:55 -------- d-----w- C:\Users\Bev\AppData\Local\{9961D5E6-8226-400E-A565-A339490931F3} 2013-08-25 22:15:54 -------- d-----w- C:\Users\Bev\AppData\Local\{F5DA1F16-EE07-4407-B200-70051D4F9252} 2013-08-25 00:09:10 -------- d-----w- C:\Users\Bev\AppData\Local\{B08E6515-B6E4-4D03-907A-D3216F212A26} 2013-08-23 18:36:19 -------- d-----w- C:\MasonCD 2013-08-23 17:23:53 -------- d-----w- C:\Users\Bev\AppData\Local\{D0142CBD-BE74-4355-9FCB-8E4FD09F89B6} 2013-08-23 01:31:07 -------- d-----w- C:\Users\Bev\AppData\Local\{50F7AD71-6BC1-4E56-A85E-A7BB48ADF3ED} 2013-08-23 01:28:51 -------- d-----w- C:\Users\Bev\AppData\Local\{D80B408D-9F90-4B58-B0C7-EA1A33021AA6} 2013-08-23 01:28:09 -------- d-----w- C:\Users\Bev\AppData\Local\{A1C403F6-AF5A-427C-9D71-FE8AE3D8A504} 2013-08-20 21:30:29 -------- d-----w- C:\MirandasPeople - Copy 2013-08-19 21:41:59 -------- d-----w- C:\TitanicHistoricalSociety 2013-08-18 19:19:10 -------- d-----w- C:\Users\Bev\AppData\Local\{347D25BF-F641-4F1C-A6AB-AB0A8398686C} 2013-08-17 23:18:01 -------- d-----w- C:\Users\Bev\AppData\Local\{704210BC-8AED-4805-9ED0-5A6AE6D79436} 2013-08-17 06:13:49 -------- d-----w- C:\Users\Bev\AppData\Local\{B9DA97AC-5F08-43B2-B272-0781245D6804} 2013-08-15 21:21:17 -------- d-----w- C:\Users\Bev\AppData\Local\{E0859346-9544-4CE0-A8CA-08C88AAC35BA} 2013-08-15 04:48:53 -------- d-----w- C:\EnerBankUSA 2013-08-12 03:28:24 -------- d-----w- C:\Users\Bev\AppData\Local\{8103DA18-FD3A-40DF-93FA-BA757B08D336} 2013-08-09 00:18:25 -------- d-----w- C:\Users\Bev\AppData\Local\{BB22D809-001E-4121-B40C-4F19B706F384} 2013-08-07 20:47:00 -------- d-----w- C:\Users\Bev\AppData\Local\{F1C2C93B-39F9-42C3-807B-BFA0D3568545} 2013-08-06 19:39:45 -------- d-----w- C:\Users\Bev\AppData\Local\{120A8B27-81AE-422E-BEDF-F800619EE72D} 2013-08-05 06:39:25 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2013-08-05 06:38:46 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-08-05 06:38:46 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-08-05 06:38:46 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-08-05 06:38:46 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-08-05 06:38:46 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-08-05 06:38:46 112640 ----a-w- C:\Windows\System32\smss.exe 2013-08-05 06:37:54 1643520 ----a-w- C:\Windows\System32\DWrite.dll 2013-08-05 06:37:54 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll 2013-08-05 01:40:07 -------- d-----w- C:\Users\Bev\AppData\Local\{9C74A07D-0B4A-41AF-A7AB-585ECC484A01} 2013-08-05 01:36:05 -------- d-----w- C:\VideosMason 2013-08-03 23:46:19 -------- d-----w- C:\Users\Bev\AppData\Local\{4873C7AD-178C-4285-AF76-BF8CDAD27EFA} . ==================== Find3M ==================== . 2013-08-21 00:49:19 17139080 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2013-07-01 16:49:06 325920 ----a-w- C:\Windows\SysWow64\Sendori.dll 2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 15:22:30.30 ===============
  5. I ran ComboFix and then reran DDS as instructed. Here are the log files as follows: C:\ComboFix.txt ComboFix 13-08-31.01 - Bev 08/31/2013 14:41:56.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4009.2533 [GMT -7:00] Running from: c:\users\Bev\Desktop\ComboFix.exe AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902} FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC} SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A} SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\24x7Help c:\program files (x86)\24x7Help\App24x7Help.exe c:\program files (x86)\24x7Help\App24x7Hook.dll c:\program files (x86)\24x7Help\App24x7Hook.exe c:\program files (x86)\24x7Help\App24x7Hook64.dll c:\program files (x86)\24x7Help\App24x7Hook64.exe c:\program files (x86)\24x7Help\App24x7Svc.exe c:\program files (x86)\24x7Help\Cfg24x7.exe c:\program files (x86)\24x7Help\unins000.dat c:\program files (x86)\24x7Help\unins000.exe c:\program files (x86)\24x7Help\unins000.msg c:\program files (x86)\Unfriend Checker\uc.Dll c:\programdata\Microsoft\Windows\Start Menu\Programs\24x7 Help c:\programdata\Microsoft\Windows\Start Menu\Programs\24x7 Help\24x7 Help.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\24x7 Help\24x7Help.org.url c:\programdata\Microsoft\Windows\Start Menu\Programs\24x7 Help\Uninstall 24x7 Help.lnk c:\programdata\PCDr\6280\AddOnDownloaded\3265cc37-1ae8-4a1d-b93a-d8a0d09ba823.dll c:\programdata\PCDr\6280\AddOnDownloaded\357a8a4f-74a2-42f1-aed0-bea5984fd709.dll c:\programdata\PCDr\6280\AddOnDownloaded\393c4795-5a95-448d-89c3-2d1321ae7575.dll c:\programdata\PCDr\6280\AddOnDownloaded\5737a9df-39af-4df3-b97d-07f556d679c5.dll c:\programdata\PCDr\6280\AddOnDownloaded\840b04b8-fb1e-4492-9645-97c163fb4348.dll c:\programdata\PCDr\6280\AddOnDownloaded\8aa95cb2-816d-4a9a-a370-962b815a3013.dll c:\programdata\PCDr\6280\AddOnDownloaded\97b26c73-ba78-4c33-81e8-2f3210990c0e.dll c:\programdata\PCDr\6280\AddOnDownloaded\9a29e1fb-664e-4651-a32c-e1ab34198ded.dll c:\programdata\PCDr\6280\AddOnDownloaded\ad3867bf-de78-4ebd-93f2-0811b275b627.dll c:\programdata\PCDr\6280\AddOnDownloaded\e2989224-3347-43ce-b7a2-533339a265b0.dll c:\users\Bev\AppData\Roaming\dbu32.ocx c:\users\Bev\AppData\Roaming\SearchProtect c:\users\Bev\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN c:\users\Public\Desktop\24x7 Help.lnk . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_24x7HelpSvc -------\Service_24x7HelpSvc . . ((((((((((((((((((((((((( Files Created from 2013-07-28 to 2013-08-31 ))))))))))))))))))))))))))))))) . . 2013-08-31 21:51 . 2013-08-31 21:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-28 22:12 . 2013-08-28 22:12 -------- d-----w- C:\FRST 2013-08-28 20:05 . 2013-08-28 20:08 -------- d-----w- c:\programdata\fsil 2013-08-26 21:23 . 2013-08-26 21:23 -------- d-----w- C:\JailhouseInn 2013-08-23 18:36 . 2013-08-23 18:36 -------- d-----w- C:\MasonCD 2013-08-20 21:30 . 2013-08-20 21:31 -------- d-----w- C:\MirandasPeople - Copy 2013-08-19 21:41 . 2013-08-19 21:42 -------- d-----w- C:\TitanicHistoricalSociety 2013-08-15 04:48 . 2013-08-15 19:55 -------- d-----w- C:\EnerBankUSA 2013-08-05 06:40 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-08-05 06:39 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2013-08-05 06:38 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-05 06:38 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-08-05 06:38 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-08-05 06:38 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-08-05 06:38 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-08-05 06:38 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe 2013-08-05 06:37 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2013-08-05 06:37 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll 2013-08-05 01:36 . 2013-08-05 01:36 -------- d-----w- C:\VideosMason 2013-08-02 23:47 . 2013-08-02 23:49 -------- d-----w- C:\0001 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-21 00:49 . 2012-06-07 00:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-21 00:49 . 2012-06-07 00:24 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-08-21 00:49 . 2013-02-26 23:49 17139080 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-07-01 16:49 . 2013-02-17 00:11 325920 ----a-w- c:\windows\SysWow64\Sendori.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] 2012-11-16 21:41 87448 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-11-16 87448] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X] "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-11-16 542104] "SearchProtection"="c:\programdata\Search Protection\_run.bat" [2012-12-13 141] "Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-07-01 83232] "LWS"="c:\logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136] . c:\users\Bev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech . Product Registration.lnk - c:\logitech\Ereg\eReg.exe /remind /language=ENU /_WFM="." [2009-11-16 517384] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360] Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-13 291896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service] @="Ad-Aware Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x] R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] R3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x] R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x] S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x] S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x] S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x] S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe;c:\program files\Trend Micro\Titanium\TiMiniService.exe [x] S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2013-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 00:49] . 2013-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 20:58] . 2013-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 20:58] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2011-05-21 1139992] "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-05-21 192520] "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2011-05-21 328400] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.12.1 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{f0e59437-6148-4a98-b0a6-60d557ef57f4} - c:\program files (x86)\WhiteSmoke_B\prxtbWhit.dll BHO-{09942569-D515-42BE-9F5A-A439B20F91AB} - c:\program files (x86)\Unfriend Checker\uc.dll BHO-{f0e59437-6148-4a98-b0a6-60d557ef57f4} - c:\program files (x86)\WhiteSmoke_B\prxtbWhit.dll Toolbar-Locked - (no file) Toolbar-{f0e59437-6148-4a98-b0a6-60d557ef57f4} - c:\program files (x86)\WhiteSmoke_B\prxtbWhit.dll Wow6432Node-HKLM-Run-<NO NAME> - (no file) Wow6432Node-HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe c:\users\Bev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson scanner Registration.lnk - d:\common\EpsonReg\V30\Ereg.exe /remind /language=ENU /PRNM="00873" HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) WebBrowser-{F0E59437-6148-4A98-B0A6-60D557EF57F4} - (no file) AddRemove-{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1 - c:\program files (x86)\24x7Help\unins000.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<ΦÚ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<ΦÚ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÔfÒ„] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÔfÒ„\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æÈrÂç] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æÈrÂç\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æHuÂç] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æHuÂç\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^“!XeÄ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^“!XeÄ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Pаú] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Pаú\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^#PãzzŸ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^#PãzzŸ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Q%HÛ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Q%HÛ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^XQ˜à]] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^XQ˜à]\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÀQILÃ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÀQILÃ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vRâf’Æ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vRâf’Æ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^2SºÂ&_] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^2SºÂ&_\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^uS¦¶°à] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^uS¦¶°à\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^T©È€] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^T©È€\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yTß­íØ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yTß­íØ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yT_¯íØ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yT_¯íØ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^–T‡ kÛ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^–T‡ kÛ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^U!Uê] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^U!Uê\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÙVF«hþ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÙVF«hþ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^gWd°â)] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^gWd°â)\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXÙ‚RÂ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXÙ‚RÂ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXY‡RÂ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXY‡RÂ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡YIÙS] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡YIÙS\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡Y JÙS] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡Y JÙS\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‘ZÜpÝJ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‘ZÜpÝJ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ì]¯Õ4] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ì]¯Õ4\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^ÚA¯Ÿ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^ÚA¯Ÿ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^edž¤] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^edž¤\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^I^ò ìÄ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^I^ò ìÄ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ _ã‚Q] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ _ã‚Q\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^B_9¤ÆP] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^B_9¤ÆP\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^g_0q¥Ô] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^g_0q¥Ô\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^u_*æ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^u_*æ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ï_©Ùw‘] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ï_©Ùw‘\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^§`Ðúõ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^§`Ðúõ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨`B-<] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨`B-<\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Raù\ö] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Raù\ö\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^|aßÍ# ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^|aßÍ# \OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¾aw™ý½] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¾aw™ý½\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÆaûIu] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÆaûIu\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Æa{Ku] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Æa{Ku\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ùa‰ap] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ùa‰ap\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*b¯…ï] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*b¯…ï\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Úb,¤çˆ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Úb,¤çˆ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<cØyN—] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<cØyN—\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^[cSQ—¯] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^[cSQ—¯\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨cŒÍ<p] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨cŒÍ<p\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]d-_] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]d-_\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vdàÁtà] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vdàÁtà\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^!eðË=] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^!eðË=\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]eê–] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]eê–\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Þezù!"] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Þezù!"\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*f–àPá] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*f–àPá\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^5WÂ%-™] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^5WÂ%-™\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^µcZœÅ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^µcZœÅ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ãtE¥ãt`^WeY9òü] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ãtE¥ãt`^WeY9òü\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥’uE¥’u`^ÿU¯NâŠ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥’uE¥’u`^ÿU¯NâŠ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥™uE¥™u`^že’•yâ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥™uE¥™u`^že’•yâ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥àuE¥àu`^ùe[a˜[] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥àuE¥àu`^ùe[a˜[\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^¨cŠ‘LÉ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^¨cŠ‘LÉ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©cLÔ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©cLÔ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©c› äâ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©c› äâ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^VaV#] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^VaV#\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^2UrÝÂb] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^2UrÝÂb\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FvE¥Fv`^æ`œetE] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FvE¥Fv`^æ`œetE\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ivE¥iv`^Ž[•C] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ivE¥iv`^Ž[•C\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥svE¥sv`^ÐhÆô‹¥] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥svE¥sv`^ÐhÆô‹¥\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÿvE¥ÿv`^raÚeS] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÿvE¥ÿv`^raÚeS\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FwE¥Fw`^5bLЭ¾] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FwE¥Fw`^5bLЭ¾\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^ŽU<Ü=] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^ŽU<Ü=\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^‹Y8ýŸî] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^‹Y8ýŸî\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Øt¨¯Øt`^¯bØc­] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Øt¨¯Øt`^¯bØc­\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^Þ]3siþ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^Þ]3siþ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaoK3] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaoK3\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaÿT3] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaÿT3\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^|aX¨šx] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^|aX¨šx\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^]hwéÛ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^]hwéÛ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^²Tgmû²] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^²Tgmû²\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^–UØGE!] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^–UØGE!\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^zY§wŠy] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^zY§wŠy\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^ªYtÏ·] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^ªYtÏ·\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^–R…³c8] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^–R…³c8\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^,VĘæÁ] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^,VĘæÁ\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^…^‹öv] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^…^‹öv\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯šu¨¯šu`^Z^³ìL] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯šu¨¯šu`^Z^³ìL\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯¡u¨¯¡u`^Šj`eÚ²] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯¡u¨¯¡u`^Šj`eÚ²\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^_ˆIÄ‹] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^_ˆIÄ‹\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^Ea²àX] @Class="Shell" . [HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^Ea²àX\OpenWithList] @Class="Shell" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe c:\program files (x86)\Sendori\SendoriUp.exe . ************************************************************************** . Completion time: 2013-08-31 15:03:12 - machine was rebooted ComboFix-quarantined-files.txt 2013-08-31 22:03 . Pre-Run: 36,610,011,136 bytes free Post-Run: 36,249,509,888 bytes free . - - End Of File - - 5114B074F6D07EFC8EA7F371C4D94C5E 5C616939100B85E558DA92B899A0FC36 DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16496 Run by Bev at 15:04:53 on 2013-08-31 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4009.2626 [GMT -7:00] . AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902} AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A} FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Secunia\PSI\PSIA.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files (x86)\Sendori\sndappv2.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Trend Micro\Titanium\TiMiniService.exe C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Sendori\SendoriSvc.exe C:\Program Files (x86)\Sendori\Sendori.Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Sendori\SendoriUp.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\explorer.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mURLSearchHooks: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} - BHO: Unfriend Checker: {09942569-D515-42BE-9F5A-A439B20F91AB} - BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} - TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll TB: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" mRun: [searchProtection] C:\ProgramData\Search Protection\_run.bat mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run mRun: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe" mRun: [LWS] C:\Logitech\LWS\Webcam Software\LWS.exe -hide StartupFolder: C:\Users\Bev\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Logitech\Ereg\eReg.exe StartupFolder: C:\Users\Bev\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll TCP: NameServer = 192.168.12.1 TCP: Interfaces\{37314881-E905-46E4-9DB0-64917E6345A1} : DHCPNameServer = 192.168.12.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_paid.html" "DEF" "DEF" "DEF" x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" x64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none" x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg.dll x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe . ============= SERVICES / DRIVERS =============== . R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2012-12-3 14456] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-6-6 55856] R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2012-11-12 57976] R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-12-7 1236368] R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-7-1 119072] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-12 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-12 701512] R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000] R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000] R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-13 994360] R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-7-1 22304] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-6-6 1695040] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008] R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-7-1 3623200] R2 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2012-6-6 244440] R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2012-6-6 69392] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-6 317440] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-12 25928] R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-6 539240] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408] S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-6-6 267480] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752] S3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-9-21 24608] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520] S3 LVUVC64;Logitech HD Webcam C510(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2012-1-18 4763680] S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-12 19456] S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-12 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-12 30208] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-18 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-08-31 21:54:05 -------- d-----w- C:\$RECYCLE.BIN 2013-08-31 21:40:32 98816 ----a-w- C:\Windows\sed.exe 2013-08-31 21:40:32 256000 ----a-w- C:\Windows\PEV.exe 2013-08-31 21:40:32 208896 ----a-w- C:\Windows\MBR.exe 2013-08-28 22:12:55 -------- d-----w- C:\FRST 2013-08-28 20:05:06 -------- d-----w- C:\ProgramData\fsil 2013-08-26 21:23:59 -------- d-----w- C:\JailhouseInn 2013-08-26 17:25:35 -------- d-----w- C:\Users\Bev\AppData\Local\{AEBE6523-5364-4C9D-9977-FF34F0750DA0} 2013-08-25 22:16:55 -------- d-----w- C:\Users\Bev\AppData\Local\{9961D5E6-8226-400E-A565-A339490931F3} 2013-08-25 22:15:54 -------- d-----w- C:\Users\Bev\AppData\Local\{F5DA1F16-EE07-4407-B200-70051D4F9252} 2013-08-25 00:09:10 -------- d-----w- C:\Users\Bev\AppData\Local\{B08E6515-B6E4-4D03-907A-D3216F212A26} 2013-08-23 18:36:19 -------- d-----w- C:\MasonCD 2013-08-23 17:23:53 -------- d-----w- C:\Users\Bev\AppData\Local\{D0142CBD-BE74-4355-9FCB-8E4FD09F89B6} 2013-08-23 01:31:07 -------- d-----w- C:\Users\Bev\AppData\Local\{50F7AD71-6BC1-4E56-A85E-A7BB48ADF3ED} 2013-08-23 01:28:51 -------- d-----w- C:\Users\Bev\AppData\Local\{D80B408D-9F90-4B58-B0C7-EA1A33021AA6} 2013-08-23 01:28:09 -------- d-----w- C:\Users\Bev\AppData\Local\{A1C403F6-AF5A-427C-9D71-FE8AE3D8A504} 2013-08-20 21:30:29 -------- d-----w- C:\MirandasPeople - Copy 2013-08-19 21:41:59 -------- d-----w- C:\TitanicHistoricalSociety 2013-08-18 19:19:10 -------- d-----w- C:\Users\Bev\AppData\Local\{347D25BF-F641-4F1C-A6AB-AB0A8398686C} 2013-08-17 23:18:01 -------- d-----w- C:\Users\Bev\AppData\Local\{704210BC-8AED-4805-9ED0-5A6AE6D79436} 2013-08-17 06:13:49 -------- d-----w- C:\Users\Bev\AppData\Local\{B9DA97AC-5F08-43B2-B272-0781245D6804} 2013-08-15 21:21:17 -------- d-----w- C:\Users\Bev\AppData\Local\{E0859346-9544-4CE0-A8CA-08C88AAC35BA} 2013-08-15 04:48:53 -------- d-----w- C:\EnerBankUSA 2013-08-12 03:28:24 -------- d-----w- C:\Users\Bev\AppData\Local\{8103DA18-FD3A-40DF-93FA-BA757B08D336} 2013-08-09 00:18:25 -------- d-----w- C:\Users\Bev\AppData\Local\{BB22D809-001E-4121-B40C-4F19B706F384} 2013-08-07 20:47:00 -------- d-----w- C:\Users\Bev\AppData\Local\{F1C2C93B-39F9-42C3-807B-BFA0D3568545} 2013-08-06 19:39:45 -------- d-----w- C:\Users\Bev\AppData\Local\{120A8B27-81AE-422E-BEDF-F800619EE72D} 2013-08-05 06:39:25 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2013-08-05 06:38:46 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-08-05 06:38:46 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-08-05 06:38:46 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-08-05 06:38:46 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-08-05 06:38:46 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-08-05 06:38:46 112640 ----a-w- C:\Windows\System32\smss.exe 2013-08-05 06:37:54 1643520 ----a-w- C:\Windows\System32\DWrite.dll 2013-08-05 06:37:54 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll 2013-08-05 01:40:07 -------- d-----w- C:\Users\Bev\AppData\Local\{9C74A07D-0B4A-41AF-A7AB-585ECC484A01} 2013-08-05 01:36:05 -------- d-----w- C:\VideosMason 2013-08-03 23:46:19 -------- d-----w- C:\Users\Bev\AppData\Local\{4873C7AD-178C-4285-AF76-BF8CDAD27EFA} 2013-08-02 23:47:32 -------- d-----w- C:\0001 . ==================== Find3M ==================== . 2013-08-21 00:49:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-21 00:49:22 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-08-21 00:49:19 17139080 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2013-07-01 16:49:06 325920 ----a-w- C:\Windows\SysWow64\Sendori.dll 2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll 2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll . ============= FINISH: 15:05:00.11 ===============
  6. Thanks for all the help! I ran downloaded and ran DDS as instructed. Here are the log files as follows: DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16496 Run by Bev at 3:23:25 on 2013-08-31 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4009.2113 [GMT -7:00] . AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902} AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A} FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\24x7Help\App24x7Svc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Windows\System32\igfxtray.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe C:\Program Files (x86)\Secunia\PSI\psi_tray.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Sendori\SendoriTray.exe C:\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files (x86)\Secunia\PSI\PSIA.exe C:\ProgramData\Search Protection\SearchProtection.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\PROGRA~2\AD-AWA~1\AdAware.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Trend Micro\Titanium\TiMiniService.exe C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Sendori\SendoriSvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Sendori\SendoriUp.exe C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe C:\Program Files (x86)\Sendori\sndappv2.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Sendori\Sendori.Service.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve uURLSearchHooks: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} - mURLSearchHooks: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} - mWinlogon: Userinit = userinit.exe, BHO: Unfriend Checker: {09942569-D515-42BE-9F5A-A439B20F91AB} - C:\Program Files (x86)\Unfriend Checker\uc.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} - TB: WhiteSmoke B Toolbar: {F0E59437-6148-4A98-B0A6-60D557EF57F4} - TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll TB: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" mRun: [searchProtection] C:\ProgramData\Search Protection\_run.bat mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run mRun: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe" mRun: [LWS] C:\Logitech\LWS\Webcam Software\LWS.exe -hide dRun: [searchProtect] \SearchProtect\bin\cltmng.exe StartupFolder: C:\Users\Bev\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EPSONS~1.LNK - D:\Common\EpsonReg\V30\Ereg.exe StartupFolder: C:\Users\Bev\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Logitech\Ereg\eReg.exe StartupFolder: C:\Users\Bev\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll LSP: C:\Windows\System32\Sendori.dll TCP: NameServer = 192.168.12.1 TCP: Interfaces\{37314881-E905-46E4-9DB0-64917E6345A1} : DHCPNameServer = 192.168.12.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_paid.html" "DEF" "DEF" "DEF" x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" x64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none" x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg.dll x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe . ============= SERVICES / DRIVERS =============== . R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2012-12-3 14456] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-6-6 55856] R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2012-11-12 57976] R2 24x7HelpSvc;24x7HelpService;C:\Program Files (x86)\24x7Help\App24x7Svc.exe [2013-2-16 394392] R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-12-7 1236368] R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-7-1 119072] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-12 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-12 701512] R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000] R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000] R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-13 994360] R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-7-1 22304] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-6-6 1695040] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008] R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-7-1 3623200] R2 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2012-6-6 244440] R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2012-6-6 69392] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-6 317440] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-12 25928] R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-6 539240] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408] S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-6-6 267480] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752] S3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-9-21 24608] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520] S3 LVUVC64;Logitech HD Webcam C510(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2012-1-18 4763680] S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-12 19456] S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-12 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-12 30208] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-18 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-08-28 22:12:55 -------- d-----w- C:\FRST 2013-08-28 20:05:06 -------- d-----w- C:\ProgramData\fsil 2013-08-26 21:23:59 -------- d-----w- C:\JailhouseInn 2013-08-26 17:25:35 -------- d-----w- C:\Users\Bev\AppData\Local\{AEBE6523-5364-4C9D-9977-FF34F0750DA0} 2013-08-25 22:16:55 -------- d-----w- C:\Users\Bev\AppData\Local\{9961D5E6-8226-400E-A565-A339490931F3} 2013-08-25 22:15:54 -------- d-----w- C:\Users\Bev\AppData\Local\{F5DA1F16-EE07-4407-B200-70051D4F9252} 2013-08-25 00:09:10 -------- d-----w- C:\Users\Bev\AppData\Local\{B08E6515-B6E4-4D03-907A-D3216F212A26} 2013-08-23 18:36:19 -------- d-----w- C:\MasonCD 2013-08-23 17:23:53 -------- d-----w- C:\Users\Bev\AppData\Local\{D0142CBD-BE74-4355-9FCB-8E4FD09F89B6} 2013-08-23 01:31:07 -------- d-----w- C:\Users\Bev\AppData\Local\{50F7AD71-6BC1-4E56-A85E-A7BB48ADF3ED} 2013-08-23 01:28:51 -------- d-----w- C:\Users\Bev\AppData\Local\{D80B408D-9F90-4B58-B0C7-EA1A33021AA6} 2013-08-23 01:28:09 -------- d-----w- C:\Users\Bev\AppData\Local\{A1C403F6-AF5A-427C-9D71-FE8AE3D8A504} 2013-08-20 21:30:29 -------- d-----w- C:\MirandasPeople - Copy 2013-08-19 21:41:59 -------- d-----w- C:\TitanicHistoricalSociety 2013-08-18 19:19:10 -------- d-----w- C:\Users\Bev\AppData\Local\{347D25BF-F641-4F1C-A6AB-AB0A8398686C} 2013-08-17 23:18:01 -------- d-----w- C:\Users\Bev\AppData\Local\{704210BC-8AED-4805-9ED0-5A6AE6D79436} 2013-08-17 06:13:49 -------- d-----w- C:\Users\Bev\AppData\Local\{B9DA97AC-5F08-43B2-B272-0781245D6804} 2013-08-15 21:21:17 -------- d-----w- C:\Users\Bev\AppData\Local\{E0859346-9544-4CE0-A8CA-08C88AAC35BA} 2013-08-15 04:48:53 -------- d-----w- C:\EnerBankUSA 2013-08-12 03:28:24 -------- d-----w- C:\Users\Bev\AppData\Local\{8103DA18-FD3A-40DF-93FA-BA757B08D336} 2013-08-09 00:18:25 -------- d-----w- C:\Users\Bev\AppData\Local\{BB22D809-001E-4121-B40C-4F19B706F384} 2013-08-07 20:47:00 -------- d-----w- C:\Users\Bev\AppData\Local\{F1C2C93B-39F9-42C3-807B-BFA0D3568545} 2013-08-06 19:39:45 -------- d-----w- C:\Users\Bev\AppData\Local\{120A8B27-81AE-422E-BEDF-F800619EE72D} 2013-08-05 06:39:25 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2013-08-05 06:38:46 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-08-05 06:38:46 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-08-05 06:38:46 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-08-05 06:38:46 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-08-05 06:38:46 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-08-05 06:38:46 112640 ----a-w- C:\Windows\System32\smss.exe 2013-08-05 06:37:54 1643520 ----a-w- C:\Windows\System32\DWrite.dll 2013-08-05 06:37:54 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll 2013-08-05 01:40:07 -------- d-----w- C:\Users\Bev\AppData\Local\{9C74A07D-0B4A-41AF-A7AB-585ECC484A01} 2013-08-05 01:36:05 -------- d-----w- C:\VideosMason 2013-08-03 23:46:19 -------- d-----w- C:\Users\Bev\AppData\Local\{4873C7AD-178C-4285-AF76-BF8CDAD27EFA} 2013-08-02 23:47:32 -------- d-----w- C:\0001 2013-08-01 21:35:33 -------- d-----w- C:\Users\Bev\AppData\Local\{00BB0257-C342-46A2-919B-8B2C2B6F4698} 2013-08-01 19:57:57 -------- d-----w- C:\Insurance 2013-08-01 19:27:54 -------- d-----w- C:\StateFarmInsurance . ==================== Find3M ==================== . 2013-08-21 00:49:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-21 00:49:22 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-08-21 00:49:19 17139080 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2013-07-01 16:49:06 325920 ----a-w- C:\Windows\SysWow64\Sendori.dll 2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll 2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll . ============= FINISH: 3:23:47.45 =============== Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 6/17/2012 11:35:23 PM System Uptime: 8/30/2013 12:04:22 PM (15 hours ago) . Motherboard: Dell Inc. | | 0GDG8Y Processor: Intel® Core i5-2400 CPU @ 3.10GHz | CPU 1 | 1581/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 442 GiB total, 34.634 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP118: 7/31/2013 3:55:11 PM - Scheduled Checkpoint RP119: 8/4/2013 11:41:24 PM - Windows Update RP120: 8/12/2013 4:19:38 PM - Scheduled Checkpoint RP121: 8/20/2013 1:44:14 PM - Scheduled Checkpoint RP122: 8/28/2013 11:30:16 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . 24x7 Help ABBYY FineReader 6.0 Sprint Accidental Damage Services Agreement Ad-Aware Antivirus Ad-Aware Security Add-on Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.5) Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft MediaImpression Ask Toolbar Banctec Service Agreement Bing Bar Bonjour CameraHelperMsi Canon RAW Image Task for ZoomBrowser EX Canon Utilities Digital Photo Professional 3.0 Canon Utilities EOS Utility Canon Utilities PhotoStitch Canon Utilities ZoomBrowser EX Catalina Savings Printer CCleaner Complete Care Business Service Agreement Conexant HD Audio Consumer In-Home Service Agreement Corel PaintShop Pro X4 Corel Uninstaller D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Edoc Viewer Dell Home Systems Service Agreement DesignPro 5 DirectX 9 Runtime Epson Copy Utility 3.5 Epson Event Manager EPSON Perfection V30/V300 Photo Scanner Driver Update EPSON Scan erLT Family Tree Maker 2010 Google Toolbar for Internet Explorer Google Update Helper ICA Intel® Processor Graphics Internet Explorer (Enable DEP) IPM_PSP_COM iTunes Junk Mail filter update Logitech Webcam Software LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Pictures And Video LWS Twitter LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Malwarebytes Anti-Malware version 1.75.0.1300 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft FrontPage 2002 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Business 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Primary Interoperability Assemblies 2005 Microsoft Publisher 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Store Download Manager Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft WSE 3.0 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) My Dell PhotoShowExpress PSPPContent PSPPHelp PSPPro64 QualxServ Service Agreement RBVirtualFolder64Inst Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio Express Labeler 3 Roxio File Backup Secunia PSI (2.0.0.4003) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Sendori Setup Skype Click to Call Skype™ 6.6 Sonic CinePlayer Decoder Pack Trend Micro Titanium Internet Security Unfriend Checker Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition WhiteSmoke B Toolbar Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Encoder 9 Series . ==== Event Viewer Messages From Past Week ======== . 8/31/2013 12:09:56 AM, Error: Service Control Manager [7031] - The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/30/2013 12:07:37 PM, Error: Service Control Manager [7034] - The sndappv2 service terminated unexpectedly. It has done this 1 time(s). 8/30/2013 12:07:36 PM, Error: Service Control Manager [7022] - The Service Sendori service hung on starting. 8/28/2013 11:50:33 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2013 11:46:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 8/28/2013 11:46:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 8/28/2013 11:46:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 8/28/2013 11:46:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 8/28/2013 11:46:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 8/28/2013 11:46:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 8/28/2013 11:46:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 8/28/2013 11:45:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 8/28/2013 11:45:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx tmtdi vpcnfltr vpcvmm Wanarpv6 WfpLwf ws2ifsl 8/28/2013 11:45:47 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 8/28/2013 11:45:47 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2013 11:45:47 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2013 11:45:47 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2013 11:45:47 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2013 11:45:44 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2013 11:45:44 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/28/2013 11:45:44 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 8/28/2013 11:45:44 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 8/28/2013 11:45:44 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/28/2013 1:49:59 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2013 1:48:49 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 8/28/2013 1:48:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr tmtdi vpcvmm Wanarpv6 8/28/2013 1:27:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Application Sendori service. 8/27/2013 6:30:04 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 8/27/2013 6:30:04 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 8/26/2013 3:10:28 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Bev7\Bev SID (S-1-5-21-776842778-1022910293-1919321215-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 8/26/2013 3:10:28 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user Bev7\Bev SID (S-1-5-21-776842778-1022910293-1919321215-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 8/26/2013 3:10:28 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Bev7\Bev SID (S-1-5-21-776842778-1022910293-1919321215-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. . ==== End Of File ===========================
  7. I followed your instructions and ran FRST. I then booted the computer normally and it appeared to boot up without any problems. The desktop remained and no strange screens appeared. Here is the log from FRST: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-08-2013 Ran by SYSTEM at 2013-08-30 12:00:02 Run:1 Running from J:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** HKU\Bev\...\Winlogon: [shell] C:\Users\Bev\AppData\Roaming\dbu32.ocx,explorer.exe <==== ATTENTION 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\yowfl.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\xtid.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\wobomg.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\vtaq.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\tpuge.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\qgmt.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\qcovne.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\pfwd.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\mdfjbha.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\ivgq.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\ghbtls.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\fyldo.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\edrsytb.exe ***************** HKU\Bev\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. C:\ProgramData\yowfl.exe => Moved successfully. C:\ProgramData\xtid.exe => Moved successfully. C:\ProgramData\wobomg.exe => Moved successfully. C:\ProgramData\vtaq.exe => Moved successfully. C:\ProgramData\tpuge.exe => Moved successfully. C:\ProgramData\qgmt.exe => Moved successfully. C:\ProgramData\qcovne.exe => Moved successfully. C:\ProgramData\pfwd.exe => Moved successfully. C:\ProgramData\mdfjbha.exe => Moved successfully. C:\ProgramData\ivgq.exe => Moved successfully. C:\ProgramData\ghbtls.exe => Moved successfully. C:\ProgramData\fyldo.exe => Moved successfully. C:\ProgramData\edrsytb.exe => Moved successfully. ==== End of Fixlog ====
  8. Hello Blade81, I followed your instructions and successfully ran Farbar Recovery Scan Tool x64. Here is the log file as follows: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013 Ran by SYSTEM on 28-08-2013 23:57:16 Running from J:\ Windows 7 Professional Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [VizorHtmlDialog.exe] - C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1139992 2011-05-20] (Trend Micro Inc.) HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2011-05-20] (Trend Micro Inc.) HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [328400 2011-05-20] (Trend Micro Inc.) HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] () HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated) HKLM-x32\...\Run: [EEventManager] - C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [98616 2008-04-17] (ArcSoft Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.) HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542104 2012-11-16] (Lavasoft) HKLM-x32\...\Run: [searchProtection] - C:\ProgramData\Search Protection\_run.bat [141 2012-12-13] () HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x] HKLM-x32\...\Run: [sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-07-01] (Sendori, Inc.) HKLM-x32\...\Run: [LWS] - C:\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) HKU\Bev\...\Winlogon: [shell] C:\Users\Bev\AppData\Roaming\dbu32.ocx,explorer.exe <==== ATTENTION Startup: C:\Users\Bev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson scanner Registration.lnk ShortcutTarget: Epson scanner Registration.lnk -> (No File) Startup: C:\Users\Bev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk ShortcutTarget: Logitech . Product Registration.lnk -> C:\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech) Startup: C:\Users\Bev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Services (Whitelisted) ================= S2 24x7HelpSvc; C:\Program Files (x86)\24x7Help\App24x7Svc.exe [394392 2012-09-18] (PCRx.com, LLC) S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [102712 2008-04-17] (ArcSoft Inc.) S2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236368 2012-12-07] (Lavasoft Limited) S2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software) S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-13] (Secunia) S2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori) S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori) S2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [244440 2011-05-20] (Trend Micro Inc.) S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x] ==================== Drivers (Whitelisted) ==================== S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2012-12-13] (GFI Software) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90896 2011-05-21] (Trend Micro Inc.) S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144656 2011-05-21] (Trend Micro Inc.) S2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [69392 2011-05-21] (Trend Micro Inc.) S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2011-05-21] (Trend Micro Inc.) S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-28 12:48 - 2013-08-28 22:45 - 00003588 _____ C:\Windows\PFRO.log 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\yowfl.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\xtid.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\wobomg.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\vtaq.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\tpuge.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\qgmt.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\qcovne.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\pfwd.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\mdfjbha.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\ivgq.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\ghbtls.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\fyldo.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\edrsytb.exe 2013-08-28 12:05 - 2013-08-28 12:08 - 00000000 ____D C:\ProgramData\fsil 2013-08-28 08:45 - 2013-08-28 12:02 - 00000168 _____ C:\Windows\setupact.log 2013-08-28 08:45 - 2013-08-28 08:45 - 00000000 _____ C:\Windows\setuperr.log 2013-08-26 13:23 - 2013-08-26 13:23 - 00000000 ____D C:\JailhouseInn 2013-08-26 09:25 - 2013-08-26 09:25 - 00000000 ____D C:\Users\Bev\AppData\Local\{AEBE6523-5364-4C9D-9977-FF34F0750DA0} 2013-08-25 14:16 - 2013-08-25 14:17 - 00000000 ____D C:\Users\Bev\AppData\Local\{9961D5E6-8226-400E-A565-A339490931F3} 2013-08-25 14:15 - 2013-08-25 14:15 - 00000000 ____D C:\Users\Bev\AppData\Local\{F5DA1F16-EE07-4407-B200-70051D4F9252} 2013-08-25 10:49 - 2013-08-25 22:43 - 00000000 ____D C:\Users\Bev\Documents\FamilyHistoryToInput 2013-08-24 16:09 - 2013-08-24 16:09 - 00000000 ____D C:\Users\Bev\AppData\Local\{B08E6515-B6E4-4D03-907A-D3216F212A26} 2013-08-23 10:36 - 2013-08-23 10:36 - 00000000 ____D C:\MasonCD 2013-08-23 09:23 - 2013-08-23 09:24 - 00000000 ____D C:\Users\Bev\AppData\Local\{D0142CBD-BE74-4355-9FCB-8E4FD09F89B6} 2013-08-22 17:31 - 2013-08-22 17:31 - 00000000 ____D C:\Users\Bev\AppData\Local\{50F7AD71-6BC1-4E56-A85E-A7BB48ADF3ED} 2013-08-22 17:28 - 2013-08-22 17:28 - 00000000 ____D C:\Users\Bev\AppData\Local\{D80B408D-9F90-4B58-B0C7-EA1A33021AA6} 2013-08-22 17:28 - 2013-08-22 17:28 - 00000000 ____D C:\Users\Bev\AppData\Local\{A1C403F6-AF5A-427C-9D71-FE8AE3D8A504} 2013-08-20 13:30 - 2013-08-20 13:31 - 00000000 ____D C:\MirandasPeople - Copy 2013-08-19 13:41 - 2013-08-19 13:42 - 00000000 ____D C:\TitanicHistoricalSociety 2013-08-18 21:46 - 2013-08-18 21:58 - 00000000 ____D C:\Users\Bev\Downloads\2013Aug18FILEthese 2013-08-18 11:19 - 2013-08-18 11:19 - 00000000 ____D C:\Users\Bev\AppData\Local\{347D25BF-F641-4F1C-A6AB-AB0A8398686C} 2013-08-17 15:18 - 2013-08-17 15:18 - 00000000 ____D C:\Users\Bev\AppData\Local\{704210BC-8AED-4805-9ED0-5A6AE6D79436} 2013-08-16 22:13 - 2013-08-16 22:13 - 00000000 ____D C:\Users\Bev\AppData\Local\{B9DA97AC-5F08-43B2-B272-0781245D6804} 2013-08-15 13:21 - 2013-08-15 13:21 - 00000000 ____D C:\Users\Bev\AppData\Local\{E0859346-9544-4CE0-A8CA-08C88AAC35BA} 2013-08-14 20:48 - 2013-08-15 11:55 - 00000000 ____D C:\EnerBankUSA 2013-08-11 19:28 - 2013-08-11 19:28 - 00000000 ____D C:\Users\Bev\AppData\Local\{8103DA18-FD3A-40DF-93FA-BA757B08D336} 2013-08-11 15:30 - 2005-02-11 11:03 - 00230454 _____ C:\Users\Bev\Downloads\charlescamilla.bmp 2013-08-10 21:39 - 2013-08-10 21:39 - 00000000 ____D C:\Users\Bev\Downloads\RogerCindy 2013-08-08 16:18 - 2013-08-08 16:18 - 00000000 ____D C:\Users\Bev\AppData\Local\{BB22D809-001E-4121-B40C-4F19B706F384} 2013-08-07 12:47 - 2013-08-07 12:47 - 00000000 ____D C:\Users\Bev\AppData\Local\{F1C2C93B-39F9-42C3-807B-BFA0D3568545} 2013-08-06 11:39 - 2013-08-06 11:39 - 00000000 ____D C:\Users\Bev\AppData\Local\{120A8B27-81AE-422E-BEDF-F800619EE72D} 2013-08-04 22:48 - 2013-05-28 22:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-08-04 22:48 - 2013-05-28 21:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-08-04 22:48 - 2013-05-28 21:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-08-04 22:48 - 2013-05-28 21:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-08-04 22:48 - 2013-05-28 21:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-08-04 22:48 - 2013-05-28 21:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-08-04 22:48 - 2013-05-28 21:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll 2013-08-04 22:48 - 2013-05-28 21:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-08-04 22:48 - 2013-05-28 21:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-08-04 22:48 - 2013-05-28 21:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-08-04 22:48 - 2013-05-28 21:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-08-04 22:48 - 2013-05-28 21:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-08-04 22:48 - 2013-05-28 21:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-08-04 22:48 - 2013-05-28 21:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-08-04 22:48 - 2013-05-28 21:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-08-04 22:48 - 2013-05-28 21:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-08-04 22:48 - 2013-05-28 17:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-04 22:48 - 2013-05-28 17:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-04 22:48 - 2013-05-28 17:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-04 22:48 - 2013-05-28 17:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-08-04 22:48 - 2013-05-28 17:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-04 22:48 - 2013-05-28 17:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-04 22:48 - 2013-05-28 17:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-08-04 22:48 - 2013-05-28 17:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-04 22:48 - 2013-05-28 17:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-08-04 22:48 - 2013-05-28 17:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-08-04 22:48 - 2013-05-28 17:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-04 22:48 - 2013-05-28 17:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-04 22:48 - 2013-05-28 17:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-04 22:48 - 2013-05-28 17:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-04 22:48 - 2013-05-28 17:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-08-04 22:48 - 2013-05-28 17:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-04 22:40 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-08-04 22:40 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll 2013-08-04 22:40 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-08-04 22:40 - 2013-05-12 21:51 - 01464320 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-08-04 22:40 - 2013-05-12 21:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-08-04 22:40 - 2013-05-12 21:51 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-08-04 22:40 - 2013-05-12 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-08-04 22:40 - 2013-05-12 20:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-04 22:40 - 2013-05-12 20:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-04 22:40 - 2013-05-12 20:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-04 22:40 - 2013-05-12 19:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-08-04 22:40 - 2013-05-12 19:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-08-04 22:40 - 2013-05-12 19:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-08-04 22:40 - 2013-05-07 22:39 - 01910632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-08-04 22:40 - 2013-04-25 21:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-08-04 22:40 - 2013-04-25 20:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-08-04 22:40 - 2013-04-09 22:01 - 00983400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-08-04 22:40 - 2013-04-09 22:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys 2013-08-04 22:40 - 2013-02-26 22:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-08-04 22:40 - 2013-02-26 21:52 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-08-04 22:40 - 2013-02-26 21:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-08-04 22:40 - 2013-02-26 21:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-08-04 22:40 - 2013-02-26 21:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-08-04 22:40 - 2013-02-26 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-08-04 22:40 - 2013-02-26 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-08-04 22:40 - 2013-02-26 20:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-08-04 22:40 - 2011-02-03 03:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\cdd.dll 2013-08-04 22:39 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL 2013-08-04 22:39 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-04 22:39 - 2013-04-12 06:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-08-04 22:38 - 2013-03-18 22:04 - 05550424 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-08-04 22:38 - 2013-03-18 21:46 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll 2013-08-04 22:38 - 2013-03-18 21:04 - 03968856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-04 22:38 - 2013-03-18 21:04 - 03913560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-04 22:38 - 2013-03-18 20:47 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-08-04 22:38 - 2013-03-18 19:06 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe 2013-08-04 22:37 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-08-04 22:37 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2013-08-04 17:40 - 2013-08-04 17:40 - 00000000 ____D C:\Users\Bev\AppData\Local\{9C74A07D-0B4A-41AF-A7AB-585ECC484A01} 2013-08-04 17:36 - 2013-08-04 17:36 - 00000000 ____D C:\VideosMason 2013-08-03 15:46 - 2013-08-03 15:46 - 00000000 ____D C:\Users\Bev\AppData\Local\{4873C7AD-178C-4285-AF76-BF8CDAD27EFA} 2013-08-02 15:47 - 2013-08-02 15:49 - 00000000 ____D C:\0001 2013-08-02 15:39 - 2013-08-02 15:39 - 00000000 ____D C:\Users\Bev\Downloads\001 2013-08-01 13:35 - 2013-08-01 13:35 - 00000000 ____D C:\Users\Bev\AppData\Local\{00BB0257-C342-46A2-919B-8B2C2B6F4698} 2013-08-01 11:57 - 2013-08-05 16:24 - 00000000 ____D C:\Insurance 2013-08-01 11:27 - 2013-08-01 11:28 - 00000000 ____D C:\StateFarmInsurance 2013-07-30 11:27 - 2013-07-30 11:27 - 00000000 ____D C:\Users\Bev\AppData\Local\{F86EBFB9-9794-4D9E-A505-30DF8F3FF882} ==================== One Month Modified Files and Folders ======= 2013-08-28 22:45 - 2013-08-28 12:48 - 00003588 _____ C:\Windows\PFRO.log 2013-08-28 14:12 - 2013-08-28 14:12 - 00000000 ____D C:\FRST 2013-08-28 12:38 - 2012-06-22 12:58 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-28 12:38 - 2012-06-06 18:18 - 01715083 _____ C:\Windows\WindowsUpdate.log 2013-08-28 12:13 - 2009-07-13 20:45 - 00021312 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-28 12:13 - 2009-07-13 20:45 - 00021312 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\yowfl.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\xtid.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\wobomg.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\vtaq.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\tpuge.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\qgmt.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\qcovne.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\pfwd.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\mdfjbha.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\ivgq.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\ghbtls.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\fyldo.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\edrsytb.exe 2013-08-28 12:08 - 2013-08-28 12:05 - 00000000 ____D C:\ProgramData\fsil 2013-08-28 12:04 - 2013-02-16 16:11 - 00000000 ____D C:\ProgramData\Sendori 2013-08-28 12:04 - 2012-06-17 11:31 - 00000000 ____D C:\Users\Bev\Documents\Outlook Files 2013-08-28 12:03 - 2012-11-12 13:28 - 00001870 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk 2013-08-28 12:03 - 2012-11-12 13:28 - 00001870 _____ C:\ProgramData\Desktop\Ad-Aware Antivirus.lnk 2013-08-28 12:03 - 2012-06-22 12:58 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-28 12:03 - 2012-06-06 16:59 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2013-08-28 12:03 - 2012-06-06 16:59 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2013-08-28 12:03 - 2012-06-06 16:37 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2013-08-28 12:02 - 2013-08-28 08:45 - 00000168 _____ C:\Windows\setupact.log 2013-08-28 12:02 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-28 10:49 - 2012-06-06 16:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-28 08:45 - 2013-08-28 08:45 - 00000000 _____ C:\Windows\setuperr.log 2013-08-27 12:11 - 2013-05-21 09:24 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask 2013-08-26 23:24 - 2012-06-22 13:54 - 00000000 ___SD C:\WCHSBPA 2013-08-26 15:18 - 2012-08-04 09:10 - 00000000 ____D C:\Health 2013-08-26 15:17 - 2012-06-17 22:35 - 00000000 ____D C:\users\Bev 2013-08-26 14:05 - 2012-06-26 22:22 - 00000000 ____D C:\MirandasPeople 2013-08-26 13:23 - 2013-08-26 13:23 - 00000000 ____D C:\JailhouseInn 2013-08-26 11:15 - 2012-06-18 15:19 - 00000000 ____D C:\Family Tree Maker 2013-08-26 09:25 - 2013-08-26 09:25 - 00000000 ____D C:\Users\Bev\AppData\Local\{AEBE6523-5364-4C9D-9977-FF34F0750DA0} 2013-08-26 08:48 - 2013-04-19 09:42 - 00000000 ____D C:\Users\Bev\Downloads\Dogs 2013-08-26 08:15 - 2009-07-13 21:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-08-25 22:43 - 2013-08-25 10:49 - 00000000 ____D C:\Users\Bev\Documents\FamilyHistoryToInput 2013-08-25 14:17 - 2013-08-25 14:16 - 00000000 ____D C:\Users\Bev\AppData\Local\{9961D5E6-8226-400E-A565-A339490931F3} 2013-08-25 14:16 - 2012-06-22 19:29 - 00000000 ____D C:\FamilyStuff 2013-08-25 14:15 - 2013-08-25 14:15 - 00000000 ____D C:\Users\Bev\AppData\Local\{F5DA1F16-EE07-4407-B200-70051D4F9252} 2013-08-25 14:06 - 2012-06-17 22:38 - 00000000 ____D C:\Users\Bev\AppData\Local\VirtualStore 2013-08-25 12:08 - 2013-06-02 08:43 - 00000000 ____D C:\Users\Bev\Downloads\CoolStuff 2013-08-24 16:09 - 2013-08-24 16:09 - 00000000 ____D C:\Users\Bev\AppData\Local\{B08E6515-B6E4-4D03-907A-D3216F212A26} 2013-08-23 19:43 - 2013-02-18 15:02 - 00000000 ____D C:\Users\Bev\Downloads\HouseIdeas 2013-08-23 10:43 - 2012-08-07 12:27 - 00000000 ____D C:\Facebook 2013-08-23 10:36 - 2013-08-23 10:36 - 00000000 ____D C:\MasonCD 2013-08-23 10:24 - 2012-09-20 13:32 - 00000000 ____D C:\Mason 2013-08-23 09:24 - 2013-08-23 09:23 - 00000000 ____D C:\Users\Bev\AppData\Local\{D0142CBD-BE74-4355-9FCB-8E4FD09F89B6} 2013-08-22 22:10 - 2013-02-16 16:15 - 00000000 ____D C:\Users\Bev\AppData\Roaming\Skype 2013-08-22 17:31 - 2013-08-22 17:31 - 00000000 ____D C:\Users\Bev\AppData\Local\{50F7AD71-6BC1-4E56-A85E-A7BB48ADF3ED} 2013-08-22 17:28 - 2013-08-22 17:28 - 00000000 ____D C:\Users\Bev\AppData\Local\{D80B408D-9F90-4B58-B0C7-EA1A33021AA6} 2013-08-22 17:28 - 2013-08-22 17:28 - 00000000 ____D C:\Users\Bev\AppData\Local\{A1C403F6-AF5A-427C-9D71-FE8AE3D8A504} 2013-08-22 13:15 - 2009-07-13 21:13 - 00794642 _____ C:\Windows\System32\PerfStringBackup.INI 2013-08-22 06:06 - 2013-02-16 16:15 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-08-20 16:49 - 2013-02-26 15:49 - 17139080 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-08-20 16:49 - 2012-06-06 16:24 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-20 16:49 - 2012-06-06 16:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-20 16:49 - 2012-06-06 16:24 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-20 16:04 - 2013-05-22 21:41 - 00000000 ____D C:\Users\Bev\Downloads\Health 2013-08-20 13:31 - 2013-08-20 13:30 - 00000000 ____D C:\MirandasPeople - Copy 2013-08-19 13:42 - 2013-08-19 13:41 - 00000000 ____D C:\TitanicHistoricalSociety 2013-08-18 21:58 - 2013-08-18 21:46 - 00000000 ____D C:\Users\Bev\Downloads\2013Aug18FILEthese 2013-08-18 13:43 - 2013-03-19 21:54 - 00000000 ____D C:\Users\Bev\Downloads\Receipts 2013-08-18 13:42 - 2012-08-18 17:20 - 00000000 ____D C:\ClipArtOldOffice 2013-08-18 11:19 - 2013-08-18 11:19 - 00000000 ____D C:\Users\Bev\AppData\Local\{347D25BF-F641-4F1C-A6AB-AB0A8398686C} 2013-08-18 11:16 - 2012-11-26 14:45 - 00000000 ____D C:\Scans 2013-08-18 11:15 - 2012-06-24 15:03 - 00010882 _____ C:\Users\Bev\Sti_Trace.log 2013-08-17 15:18 - 2013-08-17 15:18 - 00000000 ____D C:\Users\Bev\AppData\Local\{704210BC-8AED-4805-9ED0-5A6AE6D79436} 2013-08-16 22:13 - 2013-08-16 22:13 - 00000000 ____D C:\Users\Bev\AppData\Local\{B9DA97AC-5F08-43B2-B272-0781245D6804} 2013-08-16 15:45 - 2013-05-15 14:33 - 00000000 ____D C:\Users\Bev\Downloads\1314 2013-08-15 13:21 - 2013-08-15 13:21 - 00000000 ____D C:\Users\Bev\AppData\Local\{E0859346-9544-4CE0-A8CA-08C88AAC35BA} 2013-08-15 11:55 - 2013-08-14 20:48 - 00000000 ____D C:\EnerBankUSA 2013-08-15 10:15 - 2012-07-01 14:33 - 00000000 ____D C:\Dogs 2013-08-14 22:12 - 2013-05-21 10:14 - 00000000 ____D C:\MirandasPeopleLOGO 2013-08-11 22:54 - 2013-02-16 16:10 - 00000000 ____D C:\Program Files (x86)\WhiteSmoke_B 2013-08-11 19:28 - 2013-08-11 19:28 - 00000000 ____D C:\Users\Bev\AppData\Local\{8103DA18-FD3A-40DF-93FA-BA757B08D336} 2013-08-11 17:14 - 2013-02-16 16:10 - 00000000 ____D C:\Users\Bev\AppData\Roaming\SearchProtect 2013-08-11 17:14 - 2013-02-16 16:10 - 00000000 ____D C:\Program Files (x86)\SearchProtect 2013-08-10 21:39 - 2013-08-10 21:39 - 00000000 ____D C:\Users\Bev\Downloads\RogerCindy 2013-08-08 16:18 - 2013-08-08 16:18 - 00000000 ____D C:\Users\Bev\AppData\Local\{BB22D809-001E-4121-B40C-4F19B706F384} 2013-08-07 21:18 - 2012-07-06 20:08 - 00000000 ____D C:\Users\Bev\AppData\Local\CrashDumps 2013-08-07 15:44 - 2013-05-23 11:29 - 00000000 ___SD C:\TeamESI 2013-08-07 12:47 - 2013-08-07 12:47 - 00000000 ____D C:\Users\Bev\AppData\Local\{F1C2C93B-39F9-42C3-807B-BFA0D3568545} 2013-08-07 11:59 - 2013-06-18 23:19 - 00000000 ____D C:\Users\Bev\Downloads\2013June19 2013-08-07 11:58 - 2013-04-24 11:38 - 00000000 ____D C:\Users\Bev\Downloads\Berra 2013-08-06 22:12 - 2013-06-07 06:23 - 00000000 ____D C:\Users\Bev\Documents\Diary 2013-08-06 12:29 - 2013-02-18 00:13 - 00039888 _____ C:\Windows\System32\lvcoinst.log 2013-08-06 11:39 - 2013-08-06 11:39 - 00000000 ____D C:\Users\Bev\AppData\Local\{120A8B27-81AE-422E-BEDF-F800619EE72D} 2013-08-05 16:24 - 2013-08-01 11:57 - 00000000 ____D C:\Insurance 2013-08-05 07:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-08-05 05:12 - 2012-06-17 22:38 - 00000000 ___RD C:\Users\Bev\Virtual Machines 2013-08-05 05:11 - 2009-07-13 20:45 - 00731768 _____ C:\Windows\System32\FNTCACHE.DAT 2013-08-05 05:10 - 2013-03-13 23:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-08-05 05:10 - 2013-03-13 23:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-08-04 23:10 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal 2013-08-04 23:10 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-08-04 23:10 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-08-04 22:53 - 2012-06-17 10:43 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-08-04 17:40 - 2013-08-04 17:40 - 00000000 ____D C:\Users\Bev\AppData\Local\{9C74A07D-0B4A-41AF-A7AB-585ECC484A01} 2013-08-04 17:36 - 2013-08-04 17:36 - 00000000 ____D C:\VideosMason 2013-08-03 15:46 - 2013-08-03 15:46 - 00000000 ____D C:\Users\Bev\AppData\Local\{4873C7AD-178C-4285-AF76-BF8CDAD27EFA} 2013-08-02 15:49 - 2013-08-02 15:47 - 00000000 ____D C:\0001 2013-08-02 15:39 - 2013-08-02 15:39 - 00000000 ____D C:\Users\Bev\Downloads\001 2013-08-02 11:49 - 2012-06-22 21:44 - 00000000 ____D C:\AncestryStuff 2013-08-01 13:35 - 2013-08-01 13:35 - 00000000 ____D C:\Users\Bev\AppData\Local\{00BB0257-C342-46A2-919B-8B2C2B6F4698} 2013-08-01 11:28 - 2013-08-01 11:27 - 00000000 ____D C:\StateFarmInsurance 2013-08-01 08:38 - 2013-04-25 19:41 - 00000000 ____D C:\Users\Bev\Downloads\MiscStuff 2013-07-30 17:05 - 2012-07-21 19:09 - 00000000 ____D C:\Addresses 2013-07-30 11:27 - 2013-07-30 11:27 - 00000000 ____D C:\Users\Bev\AppData\Local\{F86EBFB9-9794-4D9E-A505-30DF8F3FF882} 2013-07-29 09:17 - 2012-08-19 16:12 - 00000000 ____D C:\Pending Files to move or delete: ==================== C:\ProgramData\edrsytb.exe C:\ProgramData\fyldo.exe C:\ProgramData\ghbtls.exe C:\ProgramData\ivgq.exe C:\ProgramData\mdfjbha.exe C:\ProgramData\pfwd.exe C:\ProgramData\qcovne.exe C:\ProgramData\qgmt.exe C:\ProgramData\tpuge.exe C:\ProgramData\vtaq.exe C:\ProgramData\wobomg.exe C:\ProgramData\xtid.exe C:\ProgramData\yowfl.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-07-31 14:55:23 Restore point made on: 2013-08-04 22:41:36 Restore point made on: 2013-08-12 15:19:50 Restore point made on: 2013-08-20 12:44:26 Restore point made on: 2013-08-28 10:30:25 ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 4008.63 MB Available physical RAM: 3392.23 MB Total Pagefile: 4006.83 MB Available Pagefile: 3391.1 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:441.57 GB) (Free:34.89 GB) NTFS Drive h: (RECOVERY) (Fixed) (Total:24.15 GB) (Free:16.75 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive j: () (Removable) (Total:7.44 GB) (Free:7.43 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 60721A77) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=24 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=442 GB) - (Type=07 NTFS) ======================================================== Disk: 5 (Size: 7 GB) (Disk ID: 5FE8FA8E) Partition 1: (Not Active) - (Size=7 GB) - (Type=0B) LastRegBack: 2013-08-22 07:22 ==================== End Of Log ============================
  9. It appears that one of my home computers has been hijacked by a virus. After Windows start up a screen appears claiming to have something to do with the "FBI" and "Cybercrime Division" stating something about sending money or face criminal arrest. This same screen appears even after booting into Safe Mode making it impossible to access any programs and files. It appears the computer became infected after opening an infected email. The computer runs Window 7 and was using the newest version of Ad-Aware 10. What would be the first step to getting rid of this thing? This has to be the most serious virus I have ever encountered!
  10. Okay great! Finished the final steps and the computer seems to be running smoothly with no redirecting problems. I made sure everything is up to date so we should be good to go! Thank you so much Blade for taking the time and helping me out with this problem! I really appreciate it!
  11. No I haven’t been noticing any further problems so the system seems to be good now. However should something be done about the two trojans the ESET scan detected? Or will these be taken care of when we reset system restore? I just want to be sure before I continued with the next steps.
  12. I deleted the two files from the system and was finally able to run the ESET scan. Here are the results as well as a fresh DDS logs. The system seems to be running a lot better now and browser redirecting hasn’t seemed to be an issue anymore. ESET Results: C:\Qoobox\Quarantine\C\WINDOWS\system32\ms.dll.vir Win32/Bamital.DV trojan C:\System Volume Information\_restore{873C7E92-AC34-446B-A7FB-8EDA951B8E6A}\RP135\A0027181.dll Win32/Bamital.DV trojan . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26 Run by hmendez at 13:35:03 on 2011-09-06 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.370 [GMT -7:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Secunia\PSI\PSIA.exe C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Secunia\PSI\sua.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\NOTEPAD.EXE . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.live.com/ uInternet Settings,ProxyOverride = *.local mURLSearchHooks: H - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: {CE7C3CF0-4B15-11D1-ABED-709549C10000} - No File BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe" uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe mRun: [BatteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\hmendez\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.12.1 TCP: Interfaces\{B3053FA4-F099-414A-941B-FDAF135F081A} : DhcpNameServer = 192.168.12.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\hmendez\application data\mozilla\firefox\profiles\yu6yotsd.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query= FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\documents and settings\hmendez\application data\mozilla\firefox\profiles\yu6yotsd.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\program files\cambridgesoft\chemoffice2010\chemdrawmgh\NPCDPMGH32.DLL FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Move Media Player: [email protected] - %profile%\extensions\[email protected] FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true FF - user.js: browser.sessionstore.resume_from_crash - false . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-5-31 64512] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2011-8-31 21592] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-5-31 101720] R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2008-10-28 4300] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-8-31 74968] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-18 993848] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-18 399416] R2 SNM WLAN Service;SNM WLAN Service;c:\program files\samsung\samsung network manager\SNMWLANService.exe [2006-10-30 36864] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-2-15 24652] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2008-1-14 30208] R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2008-10-28 238464] S1 miemiwxc;miemiwxc;\??\c:\windows\system32\drivers\miemiwxc.sys --> c:\windows\system32\drivers\miemiwxc.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-29 2151640] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-4-29 15232] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-10-28 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-09-06 10:28:42 7152464 ------w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{44afd6a9-241e-4f94-9457-3684f89f0b6c}\mpengine.dll 2011-09-06 10:15:09 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-09-05 20:10:05 -------- d-sha-r- C:\cmdcons 2011-09-05 20:08:00 98816 ----a-w- c:\windows\sed.exe 2011-09-05 20:08:00 518144 ----a-w- c:\windows\SWREG.exe 2011-09-05 20:08:00 256000 ----a-w- c:\windows\PEV.exe 2011-09-05 20:08:00 208896 ----a-w- c:\windows\MBR.exe 2011-09-05 06:50:29 -------- d-----w- C:\tdsskiller 2011-09-04 09:52:30 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll 2011-09-04 09:52:30 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll 2011-09-01 02:09:54 74968 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2011-09-01 02:09:53 21592 ----a-w- c:\windows\system32\drivers\sbaphd.sys 2011-08-23 03:17:40 -------- d-----w- c:\program files\CambridgeSoft 2011-08-23 03:17:40 -------- d-----w- c:\documents and settings\all users\application data\CambridgeSoft 2011-08-11 06:50:55 -------- d-----w- c:\documents and settings\hmendez\local settings\application data\Sunbelt Software . ==================== Find3M ==================== . 2011-09-05 06:53:42 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys 2011-09-04 09:45:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 01:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-07-06 01:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-06-30 06:54:34 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll . ============= FINISH: 13:36:24.43 =============== [attachment=8947:attach.zip]
  13. Here is the link to the results: [url="http://www.virustotal.com/file-scan/report.html?id=caeeed45f6bab22f611b2200dc91e68426f169f5646247893cf3ac7efddd07b8-1315285349"]VirusTotal Results[/url]
  14. I downloaded and ran ComboFix as instructed. Here is the log along with the new DDS logs: ComboFix 11-09-05.05 - hmendez 09/05/2011 13:12:00.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.468 [GMT -7:00] Running from: c:\documents and settings\hmendez\Desktop\ComboFix.exe AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\hmendez\GoToAssistDownloadHelper.exe c:\documents and settings\hmendez\Local Settings\Application Data\ApplicationHistory c:\documents and settings\hmendez\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini c:\windows\system32\dll c:\windows\system32\ms.dll . c:\windows\system32\Version.dll . . . is infected!! . . ((((((((((((((((((((((((( Files Created from 2011-08-05 to 2011-09-05 ))))))))))))))))))))))))))))))) . . 2011-09-05 06:50 . 2011-09-05 06:51 -------- d-----w- C:\tdsskiller 2011-09-04 09:52 . 2011-08-03 22:49 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll 2011-09-04 09:52 . 2011-08-03 22:49 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll 2011-09-04 09:07 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{82769CC8-8A0E-4BE3-A1FA-78ADC030C927}\mpengine.dll 2011-09-01 02:09 . 2011-06-30 06:52 74968 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2011-09-01 02:09 . 2011-06-30 06:51 21592 ----a-w- c:\windows\system32\drivers\sbaphd.sys 2011-08-23 03:17 . 2011-08-23 03:17 -------- d-----w- c:\program files\CambridgeSoft 2011-08-23 03:17 . 2011-08-23 03:17 -------- d-----w- c:\documents and settings\All Users\Application Data\CambridgeSoft 2011-08-11 06:50 . 2011-08-11 06:50 -------- d-----w- c:\documents and settings\hmendez\Local Settings\Application Data\Sunbelt Software . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-05 06:53 . 2008-10-28 22:06 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys 2011-09-04 09:45 . 2011-07-07 04:35 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-12 02:44 . 2008-12-19 07:20 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2011-07-15 13:29 . 2008-10-28 22:05 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2008-10-28 22:05 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-07 02:52 . 2011-05-31 23:01 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 01:37 . 2011-07-06 01:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-07-06 01:37 . 2011-07-06 01:37 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-06-30 06:54 . 2011-06-01 06:21 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-24 14:10 . 2008-10-29 01:52 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:36 . 2008-10-28 22:06 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:36 . 2008-10-28 22:05 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 18:36 . 2008-10-28 22:05 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05 . 2008-10-28 22:05 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44 . 2008-10-28 22:06 293376 ----a-w- c:\windows\system32\winsrv.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480] "DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944] "BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-10-08 2768896] "MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] . c:\documents and settings\hmendez\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-18 291896] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/31/2011 11:13 PM 64512] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [8/31/2011 7:09 PM 21592] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [5/31/2011 11:21 PM 101720] R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [10/28/2008 7:00 PM 4300] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [8/31/2011 7:09 PM 74968] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/18/2011 11:44 PM 993848] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/18/2011 11:44 PM 399416] R2 SNM WLAN Service;SNM WLAN Service;c:\program files\Samsung\Samsung Network Manager\SNMWLANService.exe [10/30/2006 3:29 PM 36864] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/15/2009 9:43 PM 24652] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592] R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [1/14/2008 8:01 PM 30208] R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [10/28/2008 7:04 PM 238464] S1 miemiwxc;miemiwxc;\??\c:\windows\system32\drivers\miemiwxc.sys --> c:\windows\system32\drivers\miemiwxc.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4/29/2011 12:11 PM 2151640] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [4/29/2011 12:11 PM 15232] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 1:30 AM 15544] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [10/28/2008 3:06 PM 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Contents of the 'Scheduled Tasks' folder . 2011-09-05 c:\windows\Tasks\Ad-Aware Update (Daily 1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 22:33] . 2011-09-05 c:\windows\Tasks\Ad-Aware Update (Daily 2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 22:33] . 2011-09-05 c:\windows\Tasks\Ad-Aware Update (Daily 3).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 22:33] . 2011-09-05 c:\windows\Tasks\Ad-Aware Update (Daily 4).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 22:33] . 2011-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57] . 2010-03-01 c:\windows\Tasks\Install_NSS.job - c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2010-03-01 05:34] . 2011-09-05 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.live.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 192.168.12.1 FF - ProfilePath - c:\documents and settings\hmendez\Application Data\Mozilla\Firefox\Profiles\yu6yotsd.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query= FF - prefs.js: network.proxy.type - 4 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Move Media Player: [email protected] - %profile%\extensions\[email protected] FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - user.js: yahoo.homepage.dontask - true FF - user.js: browser.sessionstore.resume_from_crash - false . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) SafeBoot-98342021.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2011-09-05 13:21 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2204) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\progra~1\WINDOW~2\wmpband.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\en-us\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\ieframe.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\SearchIndexer.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\system32\igfxsrvc.exe c:\program files\SAMSUNG\MagicKBD\MagicKBD.exe c:\program files\Samsung\Easy Display Manager\dmhkcore.exe c:\program files\SAMSUNG\MagicKBD\PerformanceManager.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\windows\system32\igfxext.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2011-09-05 13:27:49 - machine was rebooted ComboFix-quarantined-files.txt 2011-09-05 20:27 . Pre-Run: 10,583,986,176 bytes free Post-Run: 10,656,858,112 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - F5F878AAFB1352E2AD8406019B3A7757 . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26 Run by hmendez at 13:37:11 on 2011-09-05 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.288 [GMT -7:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Secunia\PSI\PSIA.exe C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\WINDOWS\system32\igfxext.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Secunia\PSI\sua.exe C:\WINDOWS\explorer.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.live.com/ uInternet Settings,ProxyOverride = *.local mURLSearchHooks: H - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: {CE7C3CF0-4B15-11D1-ABED-709549C10000} - No File BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe" uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe mRun: [BatteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\hmendez\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.12.1 TCP: Interfaces\{B3053FA4-F099-414A-941B-FDAF135F081A} : DhcpNameServer = 192.168.12.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\hmendez\application data\mozilla\firefox\profiles\yu6yotsd.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query= FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\documents and settings\hmendez\application data\mozilla\firefox\profiles\yu6yotsd.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\program files\cambridgesoft\chemoffice2010\chemdrawmgh\NPCDPMGH32.DLL FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Move Media Player: [email protected] - %profile%\extensions\[email protected] FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true FF - user.js: browser.sessionstore.resume_from_crash - false . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-5-31 64512] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2011-8-31 21592] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-5-31 101720] R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2008-10-28 4300] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-29 2151640] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-8-31 74968] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-18 993848] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-18 399416] R2 SNM WLAN Service;SNM WLAN Service;c:\program files\samsung\samsung network manager\SNMWLANService.exe [2006-10-30 36864] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-2-15 24652] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2008-1-14 30208] R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2008-10-28 238464] S1 miemiwxc;miemiwxc;\??\c:\windows\system32\drivers\miemiwxc.sys --> c:\windows\system32\drivers\miemiwxc.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-4-29 15232] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-10-28 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-09-05 20:10:05 -------- d-sha-r- C:\cmdcons 2011-09-05 20:08:00 98816 ----a-w- c:\windows\sed.exe 2011-09-05 20:08:00 518144 ----a-w- c:\windows\SWREG.exe 2011-09-05 20:08:00 256000 ----a-w- c:\windows\PEV.exe 2011-09-05 20:08:00 208896 ----a-w- c:\windows\MBR.exe 2011-09-05 06:50:29 -------- d-----w- C:\tdsskiller 2011-09-04 09:52:30 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll 2011-09-04 09:52:30 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll 2011-09-04 09:07:01 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{82769cc8-8a0e-4be3-a1fa-78adc030c927}\mpengine.dll 2011-09-01 02:09:54 74968 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2011-09-01 02:09:53 21592 ----a-w- c:\windows\system32\drivers\sbaphd.sys 2011-08-23 03:17:40 -------- d-----w- c:\program files\CambridgeSoft 2011-08-23 03:17:40 -------- d-----w- c:\documents and settings\all users\application data\CambridgeSoft 2011-08-11 06:50:55 -------- d-----w- c:\documents and settings\hmendez\local settings\application data\Sunbelt Software . ==================== Find3M ==================== . 2011-09-05 06:53:42 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys 2011-09-04 09:45:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 01:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-07-06 01:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-06-30 06:54:34 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll . ============= FINISH: 13:39:50.03 =============== [attachment=8946:attach.zip]
  15. I downloaded and ran TDSSKiller as instructed. It found one threat which it cured. Here is the log file: 2011/09/04 23:51:44.0203 3520 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57 2011/09/04 23:51:44.0796 3520 ================================================================================ 2011/09/04 23:51:44.0796 3520 SystemInfo: 2011/09/04 23:51:44.0812 3520 2011/09/04 23:51:44.0812 3520 OS Version: 5.1.2600 ServicePack: 3.0 2011/09/04 23:51:44.0812 3520 Product type: Workstation 2011/09/04 23:51:44.0812 3520 ComputerName: FIZINYOPOCKET 2011/09/04 23:51:44.0812 3520 UserName: hmendez 2011/09/04 23:51:44.0812 3520 Windows directory: C:\WINDOWS 2011/09/04 23:51:44.0812 3520 System windows directory: C:\WINDOWS 2011/09/04 23:51:44.0812 3520 Processor architecture: Intel x86 2011/09/04 23:51:44.0812 3520 Number of processors: 2 2011/09/04 23:51:44.0812 3520 Page size: 0x1000 2011/09/04 23:51:44.0812 3520 Boot type: Normal boot 2011/09/04 23:51:44.0812 3520 ================================================================================ 2011/09/04 23:51:46.0343 3520 Initialize success 2011/09/04 23:51:56.0671 3388 ================================================================================ 2011/09/04 23:51:56.0671 3388 Scan started 2011/09/04 23:51:56.0671 3388 Mode: Manual; 2011/09/04 23:51:56.0671 3388 ================================================================================ 2011/09/04 23:51:57.0265 3388 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/09/04 23:51:57.0312 3388 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2011/09/04 23:51:57.0406 3388 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/09/04 23:51:57.0468 3388 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/09/04 23:51:57.0750 3388 AR5416 (6eacc829e76b1efdface633619a3db31) C:\WINDOWS\system32\DRIVERS\athw.sys 2011/09/04 23:51:57.0968 3388 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/09/04 23:51:58.0078 3388 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/09/04 23:51:58.0140 3388 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/09/04 23:51:58.0203 3388 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/09/04 23:51:58.0265 3388 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/09/04 23:51:58.0359 3388 btaudio (ecdc40cc54603c711e1a7a1c9255184a) C:\WINDOWS\system32\drivers\btaudio.sys 2011/09/04 23:51:58.0437 3388 BTDriver (58a49bd10e08d3d4333a60dedcb1ced8) C:\WINDOWS\system32\DRIVERS\btport.sys 2011/09/04 23:51:58.0593 3388 BTKRNL (885b6d0f826a216eee4c3ad883809012) C:\WINDOWS\system32\DRIVERS\btkrnl.sys 2011/09/04 23:51:58.0656 3388 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys 2011/09/04 23:51:58.0718 3388 btwmodem (8bcd7bfe9c70a8ff7444263435b18aa1) C:\WINDOWS\system32\DRIVERS\btwmodem.sys 2011/09/04 23:51:58.0750 3388 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys 2011/09/04 23:51:58.0796 3388 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/09/04 23:51:58.0859 3388 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/09/04 23:51:58.0937 3388 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/09/04 23:51:59.0062 3388 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/09/04 23:51:59.0093 3388 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/09/04 23:51:59.0203 3388 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/09/04 23:51:59.0250 3388 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/09/04 23:51:59.0421 3388 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/09/04 23:51:59.0531 3388 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/09/04 23:51:59.0609 3388 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/09/04 23:51:59.0656 3388 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/09/04 23:51:59.0734 3388 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/09/04 23:51:59.0890 3388 DNSeFilter (128ae3aedde1e3ae772c88320628fe7c) C:\WINDOWS\system32\drivers\SamsungEDS.sys 2011/09/04 23:51:59.0921 3388 DOSMEMIO (8a4cb9438571814b128b6dc30d698064) C:\WINDOWS\system32\MEMIO.SYS 2011/09/04 23:52:00.0015 3388 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/09/04 23:52:00.0109 3388 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/09/04 23:52:00.0296 3388 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/09/04 23:52:00.0343 3388 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/09/04 23:52:00.0375 3388 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/09/04 23:52:00.0421 3388 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/09/04 23:52:00.0484 3388 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/09/04 23:52:00.0531 3388 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/09/04 23:52:00.0578 3388 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/09/04 23:52:00.0656 3388 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/09/04 23:52:00.0718 3388 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/09/04 23:52:00.0781 3388 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/09/04 23:52:00.0890 3388 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/09/04 23:52:01.0031 3388 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/09/04 23:52:01.0328 3388 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 2011/09/04 23:52:01.0625 3388 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/09/04 23:52:01.0906 3388 IntcAzAudAddService (32915772ccd5bc2bf9762195c002a949) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/09/04 23:52:02.0125 3388 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/09/04 23:52:02.0171 3388 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/09/04 23:52:02.0203 3388 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/09/04 23:52:02.0250 3388 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/09/04 23:52:02.0296 3388 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/09/04 23:52:02.0390 3388 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/09/04 23:52:02.0437 3388 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/09/04 23:52:02.0515 3388 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/09/04 23:52:02.0546 3388 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/09/04 23:52:02.0609 3388 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/09/04 23:52:02.0656 3388 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/09/04 23:52:02.0734 3388 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 2011/09/04 23:52:02.0812 3388 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys 2011/09/04 23:52:02.0984 3388 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/09/04 23:52:03.0062 3388 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/09/04 23:52:03.0109 3388 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/09/04 23:52:03.0171 3388 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/09/04 23:52:03.0203 3388 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/09/04 23:52:03.0296 3388 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/09/04 23:52:03.0359 3388 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/09/04 23:52:03.0484 3388 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/09/04 23:52:03.0578 3388 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/09/04 23:52:03.0625 3388 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/09/04 23:52:03.0656 3388 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/09/04 23:52:03.0703 3388 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/09/04 23:52:03.0750 3388 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/09/04 23:52:03.0812 3388 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/09/04 23:52:03.0843 3388 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/09/04 23:52:03.0953 3388 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/09/04 23:52:04.0015 3388 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/09/04 23:52:04.0078 3388 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/09/04 23:52:04.0125 3388 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/09/04 23:52:04.0156 3388 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/09/04 23:52:04.0218 3388 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/09/04 23:52:04.0281 3388 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/09/04 23:52:04.0406 3388 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/09/04 23:52:04.0546 3388 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/09/04 23:52:04.0625 3388 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/09/04 23:52:04.0718 3388 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/09/04 23:52:04.0781 3388 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/09/04 23:52:04.0828 3388 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/09/04 23:52:04.0906 3388 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2011/09/04 23:52:04.0937 3388 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/09/04 23:52:04.0984 3388 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/09/04 23:52:05.0046 3388 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/09/04 23:52:05.0093 3388 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/09/04 23:52:05.0125 3388 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/09/04 23:52:05.0390 3388 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/09/04 23:52:05.0453 3388 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/09/04 23:52:05.0515 3388 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys 2011/09/04 23:52:05.0546 3388 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/09/04 23:52:05.0593 3388 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/09/04 23:52:05.0750 3388 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/09/04 23:52:05.0781 3388 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/09/04 23:52:05.0828 3388 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/09/04 23:52:05.0875 3388 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/09/04 23:52:05.0968 3388 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/09/04 23:52:06.0000 3388 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/09/04 23:52:06.0062 3388 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/09/04 23:52:06.0140 3388 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/09/04 23:52:06.0218 3388 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys 2011/09/04 23:52:06.0281 3388 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 2011/09/04 23:52:06.0359 3388 sbaphd (65a36563c0207824c8240662043c5304) C:\WINDOWS\system32\drivers\sbaphd.sys 2011/09/04 23:52:06.0437 3388 sbapifs (3d6ba67c758735918e323d4d6f64449a) C:\WINDOWS\system32\drivers\sbapifs.sys 2011/09/04 23:52:06.0500 3388 SBRE (0505da5d357f18a5d42fc5dede6bc9a0) C:\WINDOWS\system32\drivers\SBREdrv.sys 2011/09/04 23:52:06.0578 3388 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/09/04 23:52:06.0656 3388 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 2011/09/04 23:52:06.0750 3388 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/09/04 23:52:06.0843 3388 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/09/04 23:52:06.0937 3388 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/09/04 23:52:07.0125 3388 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/09/04 23:52:07.0218 3388 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/09/04 23:52:07.0296 3388 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/09/04 23:52:07.0343 3388 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/09/04 23:52:07.0375 3388 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/09/04 23:52:07.0562 3388 SynTP (ea447f6db6115e8a32352f9faffa824d) C:\WINDOWS\system32\DRIVERS\SynTP.sys 2011/09/04 23:52:07.0656 3388 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/09/04 23:52:07.0750 3388 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/09/04 23:52:07.0812 3388 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/09/04 23:52:07.0968 3388 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/09/04 23:52:08.0234 3388 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/09/04 23:52:08.0531 3388 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/09/04 23:52:08.0671 3388 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/09/04 23:52:08.0812 3388 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/09/04 23:52:08.0890 3388 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/09/04 23:52:08.0953 3388 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/09/04 23:52:09.0000 3388 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/09/04 23:52:09.0062 3388 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/09/04 23:52:09.0125 3388 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/09/04 23:52:09.0171 3388 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/09/04 23:52:09.0234 3388 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 2011/09/04 23:52:09.0312 3388 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 2011/09/04 23:52:09.0375 3388 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/09/04 23:52:09.0468 3388 VMC326 (4f101e48d060e318752fbc458a4b49f0) C:\WINDOWS\system32\Drivers\VMC326.sys 2011/09/04 23:52:09.0906 3388 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/09/04 23:52:09.0906 3388 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025 2011/09/04 23:52:09.0921 3388 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0) 2011/09/04 23:52:10.0031 3388 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/09/04 23:52:10.0078 3388 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys 2011/09/04 23:52:10.0187 3388 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/09/04 23:52:10.0468 3388 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/09/04 23:52:10.0531 3388 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/09/04 23:52:10.0578 3388 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/09/04 23:52:10.0656 3388 yukonwxp (849494d3f85a45231744ca7470246c71) C:\WINDOWS\system32\DRIVERS\yk51x86.sys 2011/09/04 23:52:10.0750 3388 MBR (0x1B8) (a0a345f7ab6f3bac008fb0de602e66cd) \Device\Harddisk0\DR0 2011/09/04 23:52:11.0109 3388 Boot (0x1200) (c9e7e729996ced260889118503f48895) \Device\Harddisk0\DR0\Partition0 2011/09/04 23:52:11.0156 3388 Boot (0x1200) (8dce16bc5577533ad9acace04c162fee) \Device\Harddisk0\DR0\Partition1 2011/09/04 23:52:11.0156 3388 ================================================================================ 2011/09/04 23:52:11.0156 3388 Scan finished 2011/09/04 23:52:11.0156 3388 ================================================================================ 2011/09/04 23:52:11.0187 2780 Detected object count: 1 2011/09/04 23:52:11.0187 2780 Actual detected object count: 1 2011/09/04 23:52:33.0703 2780 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/09/04 23:52:33.0703 2780 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025 2011/09/04 23:52:34.0843 2780 Backup copy found, using it.. 2011/09/04 23:52:34.0906 2780 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot 2011/09/04 23:52:34.0906 2780 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure 2011/09/04 23:52:52.0406 2332 Deinitialize success