Corbadda 0 Report post Posted August 29, 2013 It appears that one of my home computers has been hijacked by a virus. After Windows start up a screen appears claiming to have something to do with the "FBI" and "Cybercrime Division" stating something about sending money or face criminal arrest. This same screen appears even after booting into Safe Mode making it impossible to access any programs and files. It appears the computer became infected after opening an infected email. The computer runs Window 7 and was using the newest version of Ad-Aware 10. What would be the first step to getting rid of this thing? This has to be the most serious virus I have ever encountered! Share this post Link to post Share on other sites
blade81 3 Report post Posted August 29, 2013 Hi, For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options: Restart the computer. As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears. Use the arrow keys to select the Repair your computer menu item. Choose your language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account an click Next. To enter System Recovery Options by using Windows installation disc: Insert the installation disc. Restart your computer. If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings. Click Repair your computer. Choose your language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account and click Next. On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt Select Command Prompt In the command window type in notepad and press Enter. The notepad opens. Under File menu select Open. Select "Computer" and find your flash drive letter and close the notepad. In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press EnterNote: Replace letter e with the drive letter of your flash drive. The tool will start to run. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply. Share this post Link to post Share on other sites
Corbadda 0 Report post Posted August 29, 2013 Hello Blade81, I followed your instructions and successfully ran Farbar Recovery Scan Tool x64. Here is the log file as follows: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013Ran by SYSTEM on 28-08-2013 23:57:16Running from J:\Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: Recovery The current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [VizorHtmlDialog.exe] - C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1139992 2011-05-20] (Trend Micro Inc.)HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2011-05-20] (Trend Micro Inc.)HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [328400 2011-05-20] (Trend Micro Inc.)HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)HKLM-x32\...\Run: [] - [x]HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)HKLM-x32\...\Run: [EEventManager] - C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [98616 2008-04-17] (ArcSoft Inc.)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542104 2012-11-16] (Lavasoft)HKLM-x32\...\Run: [searchProtection] - C:\ProgramData\Search Protection\_run.bat [141 2012-12-13] ()HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]HKLM-x32\...\Run: [sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-07-01] (Sendori, Inc.)HKLM-x32\...\Run: [LWS] - C:\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)HKU\Bev\...\Winlogon: [shell] C:\Users\Bev\AppData\Roaming\dbu32.ocx,explorer.exe <==== ATTENTIONStartup: C:\Users\Bev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson scanner Registration.lnkShortcutTarget: Epson scanner Registration.lnk -> (No File)Startup: C:\Users\Bev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnkShortcutTarget: Logitech . Product Registration.lnk -> C:\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)Startup: C:\Users\Bev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Services (Whitelisted) ================= S2 24x7HelpSvc; C:\Program Files (x86)\24x7Help\App24x7Svc.exe [394392 2012-09-18] (PCRx.com, LLC)S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [102712 2008-04-17] (ArcSoft Inc.)S2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236368 2012-12-07] (Lavasoft Limited)S2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.)S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-13] (Secunia)S2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori)S2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [244440 2011-05-20] (Trend Micro Inc.)S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x] ==================== Drivers (Whitelisted) ==================== S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2012-12-13] (GFI Software)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90896 2011-05-21] (Trend Micro Inc.)S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144656 2011-05-21] (Trend Micro Inc.)S2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [69392 2011-05-21] (Trend Micro Inc.)S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2011-05-21] (Trend Micro Inc.)S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-28 12:48 - 2013-08-28 22:45 - 00003588 _____ C:\Windows\PFRO.log2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\yowfl.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\xtid.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\wobomg.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\vtaq.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\tpuge.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\qgmt.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\qcovne.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\pfwd.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\mdfjbha.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\ivgq.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\ghbtls.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\fyldo.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\edrsytb.exe2013-08-28 12:05 - 2013-08-28 12:08 - 00000000 ____D C:\ProgramData\fsil2013-08-28 08:45 - 2013-08-28 12:02 - 00000168 _____ C:\Windows\setupact.log2013-08-28 08:45 - 2013-08-28 08:45 - 00000000 _____ C:\Windows\setuperr.log2013-08-26 13:23 - 2013-08-26 13:23 - 00000000 ____D C:\JailhouseInn2013-08-26 09:25 - 2013-08-26 09:25 - 00000000 ____D C:\Users\Bev\AppData\Local\{AEBE6523-5364-4C9D-9977-FF34F0750DA0}2013-08-25 14:16 - 2013-08-25 14:17 - 00000000 ____D C:\Users\Bev\AppData\Local\{9961D5E6-8226-400E-A565-A339490931F3}2013-08-25 14:15 - 2013-08-25 14:15 - 00000000 ____D C:\Users\Bev\AppData\Local\{F5DA1F16-EE07-4407-B200-70051D4F9252}2013-08-25 10:49 - 2013-08-25 22:43 - 00000000 ____D C:\Users\Bev\Documents\FamilyHistoryToInput2013-08-24 16:09 - 2013-08-24 16:09 - 00000000 ____D C:\Users\Bev\AppData\Local\{B08E6515-B6E4-4D03-907A-D3216F212A26}2013-08-23 10:36 - 2013-08-23 10:36 - 00000000 ____D C:\MasonCD2013-08-23 09:23 - 2013-08-23 09:24 - 00000000 ____D C:\Users\Bev\AppData\Local\{D0142CBD-BE74-4355-9FCB-8E4FD09F89B6}2013-08-22 17:31 - 2013-08-22 17:31 - 00000000 ____D C:\Users\Bev\AppData\Local\{50F7AD71-6BC1-4E56-A85E-A7BB48ADF3ED}2013-08-22 17:28 - 2013-08-22 17:28 - 00000000 ____D C:\Users\Bev\AppData\Local\{D80B408D-9F90-4B58-B0C7-EA1A33021AA6}2013-08-22 17:28 - 2013-08-22 17:28 - 00000000 ____D C:\Users\Bev\AppData\Local\{A1C403F6-AF5A-427C-9D71-FE8AE3D8A504}2013-08-20 13:30 - 2013-08-20 13:31 - 00000000 ____D C:\MirandasPeople - Copy2013-08-19 13:41 - 2013-08-19 13:42 - 00000000 ____D C:\TitanicHistoricalSociety2013-08-18 21:46 - 2013-08-18 21:58 - 00000000 ____D C:\Users\Bev\Downloads\2013Aug18FILEthese2013-08-18 11:19 - 2013-08-18 11:19 - 00000000 ____D C:\Users\Bev\AppData\Local\{347D25BF-F641-4F1C-A6AB-AB0A8398686C}2013-08-17 15:18 - 2013-08-17 15:18 - 00000000 ____D C:\Users\Bev\AppData\Local\{704210BC-8AED-4805-9ED0-5A6AE6D79436}2013-08-16 22:13 - 2013-08-16 22:13 - 00000000 ____D C:\Users\Bev\AppData\Local\{B9DA97AC-5F08-43B2-B272-0781245D6804}2013-08-15 13:21 - 2013-08-15 13:21 - 00000000 ____D C:\Users\Bev\AppData\Local\{E0859346-9544-4CE0-A8CA-08C88AAC35BA}2013-08-14 20:48 - 2013-08-15 11:55 - 00000000 ____D C:\EnerBankUSA2013-08-11 19:28 - 2013-08-11 19:28 - 00000000 ____D C:\Users\Bev\AppData\Local\{8103DA18-FD3A-40DF-93FA-BA757B08D336}2013-08-11 15:30 - 2005-02-11 11:03 - 00230454 _____ C:\Users\Bev\Downloads\charlescamilla.bmp2013-08-10 21:39 - 2013-08-10 21:39 - 00000000 ____D C:\Users\Bev\Downloads\RogerCindy2013-08-08 16:18 - 2013-08-08 16:18 - 00000000 ____D C:\Users\Bev\AppData\Local\{BB22D809-001E-4121-B40C-4F19B706F384}2013-08-07 12:47 - 2013-08-07 12:47 - 00000000 ____D C:\Users\Bev\AppData\Local\{F1C2C93B-39F9-42C3-807B-BFA0D3568545}2013-08-06 11:39 - 2013-08-06 11:39 - 00000000 ____D C:\Users\Bev\AppData\Local\{120A8B27-81AE-422E-BEDF-F800619EE72D}2013-08-04 22:48 - 2013-05-28 22:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-08-04 22:48 - 2013-05-28 21:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-08-04 22:48 - 2013-05-28 21:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-08-04 22:48 - 2013-05-28 21:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-08-04 22:48 - 2013-05-28 21:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-08-04 22:48 - 2013-05-28 21:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2013-08-04 22:48 - 2013-05-28 21:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll2013-08-04 22:48 - 2013-05-28 21:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-08-04 22:48 - 2013-05-28 21:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-08-04 22:48 - 2013-05-28 21:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll2013-08-04 22:48 - 2013-05-28 21:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2013-08-04 22:48 - 2013-05-28 21:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-08-04 22:48 - 2013-05-28 21:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-08-04 22:48 - 2013-05-28 21:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-08-04 22:48 - 2013-05-28 21:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-08-04 22:48 - 2013-05-28 21:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-08-04 22:48 - 2013-05-28 17:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-08-04 22:48 - 2013-05-28 17:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-08-04 22:48 - 2013-05-28 17:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-08-04 22:48 - 2013-05-28 17:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2013-08-04 22:48 - 2013-05-28 17:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-08-04 22:48 - 2013-05-28 17:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-08-04 22:48 - 2013-05-28 17:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2013-08-04 22:48 - 2013-05-28 17:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-08-04 22:48 - 2013-05-28 17:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2013-08-04 22:48 - 2013-05-28 17:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2013-08-04 22:48 - 2013-05-28 17:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-08-04 22:48 - 2013-05-28 17:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-08-04 22:48 - 2013-05-28 17:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-08-04 22:48 - 2013-05-28 17:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-08-04 22:48 - 2013-05-28 17:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2013-08-04 22:48 - 2013-05-28 17:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-08-04 22:40 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys2013-08-04 22:40 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll2013-08-04 22:40 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2013-08-04 22:40 - 2013-05-12 21:51 - 01464320 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll2013-08-04 22:40 - 2013-05-12 21:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll2013-08-04 22:40 - 2013-05-12 21:51 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll2013-08-04 22:40 - 2013-05-12 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\certenc.dll2013-08-04 22:40 - 2013-05-12 20:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll2013-08-04 22:40 - 2013-05-12 20:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll2013-08-04 22:40 - 2013-05-12 20:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll2013-08-04 22:40 - 2013-05-12 19:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\System32\certutil.exe2013-08-04 22:40 - 2013-05-12 19:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe2013-08-04 22:40 - 2013-05-12 19:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll2013-08-04 22:40 - 2013-05-07 22:39 - 01910632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys2013-08-04 22:40 - 2013-04-25 21:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll2013-08-04 22:40 - 2013-04-25 20:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll2013-08-04 22:40 - 2013-04-09 22:01 - 00983400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys2013-08-04 22:40 - 2013-04-09 22:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys2013-08-04 22:40 - 2013-02-26 22:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe2013-08-04 22:40 - 2013-02-26 21:52 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll2013-08-04 22:40 - 2013-02-26 21:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll2013-08-04 22:40 - 2013-02-26 21:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll2013-08-04 22:40 - 2013-02-26 21:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\System32\appinfo.dll2013-08-04 22:40 - 2013-02-26 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2013-08-04 22:40 - 2013-02-26 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll2013-08-04 22:40 - 2013-02-26 20:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2013-08-04 22:40 - 2011-02-03 03:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\cdd.dll2013-08-04 22:39 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL2013-08-04 22:39 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL2013-08-04 22:39 - 2013-04-12 06:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys2013-08-04 22:38 - 2013-03-18 22:04 - 05550424 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe2013-08-04 22:38 - 2013-03-18 21:46 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll2013-08-04 22:38 - 2013-03-18 21:04 - 03968856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2013-08-04 22:38 - 2013-03-18 21:04 - 03913560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2013-08-04 22:38 - 2013-03-18 20:47 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll2013-08-04 22:38 - 2013-03-18 19:06 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe2013-08-04 22:37 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2013-08-04 22:37 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll2013-08-04 17:40 - 2013-08-04 17:40 - 00000000 ____D C:\Users\Bev\AppData\Local\{9C74A07D-0B4A-41AF-A7AB-585ECC484A01}2013-08-04 17:36 - 2013-08-04 17:36 - 00000000 ____D C:\VideosMason2013-08-03 15:46 - 2013-08-03 15:46 - 00000000 ____D C:\Users\Bev\AppData\Local\{4873C7AD-178C-4285-AF76-BF8CDAD27EFA}2013-08-02 15:47 - 2013-08-02 15:49 - 00000000 ____D C:\00012013-08-02 15:39 - 2013-08-02 15:39 - 00000000 ____D C:\Users\Bev\Downloads\0012013-08-01 13:35 - 2013-08-01 13:35 - 00000000 ____D C:\Users\Bev\AppData\Local\{00BB0257-C342-46A2-919B-8B2C2B6F4698}2013-08-01 11:57 - 2013-08-05 16:24 - 00000000 ____D C:\Insurance2013-08-01 11:27 - 2013-08-01 11:28 - 00000000 ____D C:\StateFarmInsurance2013-07-30 11:27 - 2013-07-30 11:27 - 00000000 ____D C:\Users\Bev\AppData\Local\{F86EBFB9-9794-4D9E-A505-30DF8F3FF882} ==================== One Month Modified Files and Folders ======= 2013-08-28 22:45 - 2013-08-28 12:48 - 00003588 _____ C:\Windows\PFRO.log2013-08-28 14:12 - 2013-08-28 14:12 - 00000000 ____D C:\FRST2013-08-28 12:38 - 2012-06-22 12:58 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-08-28 12:38 - 2012-06-06 18:18 - 01715083 _____ C:\Windows\WindowsUpdate.log2013-08-28 12:13 - 2009-07-13 20:45 - 00021312 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-08-28 12:13 - 2009-07-13 20:45 - 00021312 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\yowfl.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\xtid.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\wobomg.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\vtaq.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\tpuge.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\qgmt.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\qcovne.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\pfwd.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\mdfjbha.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\ivgq.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\ghbtls.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\fyldo.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\edrsytb.exe2013-08-28 12:08 - 2013-08-28 12:05 - 00000000 ____D C:\ProgramData\fsil2013-08-28 12:04 - 2013-02-16 16:11 - 00000000 ____D C:\ProgramData\Sendori2013-08-28 12:04 - 2012-06-17 11:31 - 00000000 ____D C:\Users\Bev\Documents\Outlook Files2013-08-28 12:03 - 2012-11-12 13:28 - 00001870 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk2013-08-28 12:03 - 2012-11-12 13:28 - 00001870 _____ C:\ProgramData\Desktop\Ad-Aware Antivirus.lnk2013-08-28 12:03 - 2012-06-22 12:58 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-08-28 12:03 - 2012-06-06 16:59 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks2013-08-28 12:03 - 2012-06-06 16:59 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks2013-08-28 12:03 - 2012-06-06 16:37 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup2013-08-28 12:02 - 2013-08-28 08:45 - 00000168 _____ C:\Windows\setupact.log2013-08-28 12:02 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-08-28 10:49 - 2012-06-06 16:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-08-28 08:45 - 2013-08-28 08:45 - 00000000 _____ C:\Windows\setuperr.log2013-08-27 12:11 - 2013-05-21 09:24 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask2013-08-26 23:24 - 2012-06-22 13:54 - 00000000 ___SD C:\WCHSBPA2013-08-26 15:18 - 2012-08-04 09:10 - 00000000 ____D C:\Health2013-08-26 15:17 - 2012-06-17 22:35 - 00000000 ____D C:\users\Bev2013-08-26 14:05 - 2012-06-26 22:22 - 00000000 ____D C:\MirandasPeople2013-08-26 13:23 - 2013-08-26 13:23 - 00000000 ____D C:\JailhouseInn2013-08-26 11:15 - 2012-06-18 15:19 - 00000000 ____D C:\Family Tree Maker2013-08-26 09:25 - 2013-08-26 09:25 - 00000000 ____D C:\Users\Bev\AppData\Local\{AEBE6523-5364-4C9D-9977-FF34F0750DA0}2013-08-26 08:48 - 2013-04-19 09:42 - 00000000 ____D C:\Users\Bev\Downloads\Dogs2013-08-26 08:15 - 2009-07-13 21:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT2013-08-25 22:43 - 2013-08-25 10:49 - 00000000 ____D C:\Users\Bev\Documents\FamilyHistoryToInput2013-08-25 14:17 - 2013-08-25 14:16 - 00000000 ____D C:\Users\Bev\AppData\Local\{9961D5E6-8226-400E-A565-A339490931F3}2013-08-25 14:16 - 2012-06-22 19:29 - 00000000 ____D C:\FamilyStuff2013-08-25 14:15 - 2013-08-25 14:15 - 00000000 ____D C:\Users\Bev\AppData\Local\{F5DA1F16-EE07-4407-B200-70051D4F9252}2013-08-25 14:06 - 2012-06-17 22:38 - 00000000 ____D C:\Users\Bev\AppData\Local\VirtualStore2013-08-25 12:08 - 2013-06-02 08:43 - 00000000 ____D C:\Users\Bev\Downloads\CoolStuff2013-08-24 16:09 - 2013-08-24 16:09 - 00000000 ____D C:\Users\Bev\AppData\Local\{B08E6515-B6E4-4D03-907A-D3216F212A26}2013-08-23 19:43 - 2013-02-18 15:02 - 00000000 ____D C:\Users\Bev\Downloads\HouseIdeas2013-08-23 10:43 - 2012-08-07 12:27 - 00000000 ____D C:\Facebook2013-08-23 10:36 - 2013-08-23 10:36 - 00000000 ____D C:\MasonCD2013-08-23 10:24 - 2012-09-20 13:32 - 00000000 ____D C:\Mason2013-08-23 09:24 - 2013-08-23 09:23 - 00000000 ____D C:\Users\Bev\AppData\Local\{D0142CBD-BE74-4355-9FCB-8E4FD09F89B6}2013-08-22 22:10 - 2013-02-16 16:15 - 00000000 ____D C:\Users\Bev\AppData\Roaming\Skype2013-08-22 17:31 - 2013-08-22 17:31 - 00000000 ____D C:\Users\Bev\AppData\Local\{50F7AD71-6BC1-4E56-A85E-A7BB48ADF3ED}2013-08-22 17:28 - 2013-08-22 17:28 - 00000000 ____D C:\Users\Bev\AppData\Local\{D80B408D-9F90-4B58-B0C7-EA1A33021AA6}2013-08-22 17:28 - 2013-08-22 17:28 - 00000000 ____D C:\Users\Bev\AppData\Local\{A1C403F6-AF5A-427C-9D71-FE8AE3D8A504}2013-08-22 13:15 - 2009-07-13 21:13 - 00794642 _____ C:\Windows\System32\PerfStringBackup.INI2013-08-22 06:06 - 2013-02-16 16:15 - 00000000 ___RD C:\Program Files (x86)\Skype2013-08-20 16:49 - 2013-02-26 15:49 - 17139080 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe2013-08-20 16:49 - 2012-06-06 16:24 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-08-20 16:49 - 2012-06-06 16:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-08-20 16:49 - 2012-06-06 16:24 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2013-08-20 16:04 - 2013-05-22 21:41 - 00000000 ____D C:\Users\Bev\Downloads\Health2013-08-20 13:31 - 2013-08-20 13:30 - 00000000 ____D C:\MirandasPeople - Copy2013-08-19 13:42 - 2013-08-19 13:41 - 00000000 ____D C:\TitanicHistoricalSociety2013-08-18 21:58 - 2013-08-18 21:46 - 00000000 ____D C:\Users\Bev\Downloads\2013Aug18FILEthese2013-08-18 13:43 - 2013-03-19 21:54 - 00000000 ____D C:\Users\Bev\Downloads\Receipts2013-08-18 13:42 - 2012-08-18 17:20 - 00000000 ____D C:\ClipArtOldOffice2013-08-18 11:19 - 2013-08-18 11:19 - 00000000 ____D C:\Users\Bev\AppData\Local\{347D25BF-F641-4F1C-A6AB-AB0A8398686C}2013-08-18 11:16 - 2012-11-26 14:45 - 00000000 ____D C:\Scans2013-08-18 11:15 - 2012-06-24 15:03 - 00010882 _____ C:\Users\Bev\Sti_Trace.log2013-08-17 15:18 - 2013-08-17 15:18 - 00000000 ____D C:\Users\Bev\AppData\Local\{704210BC-8AED-4805-9ED0-5A6AE6D79436}2013-08-16 22:13 - 2013-08-16 22:13 - 00000000 ____D C:\Users\Bev\AppData\Local\{B9DA97AC-5F08-43B2-B272-0781245D6804}2013-08-16 15:45 - 2013-05-15 14:33 - 00000000 ____D C:\Users\Bev\Downloads\13142013-08-15 13:21 - 2013-08-15 13:21 - 00000000 ____D C:\Users\Bev\AppData\Local\{E0859346-9544-4CE0-A8CA-08C88AAC35BA}2013-08-15 11:55 - 2013-08-14 20:48 - 00000000 ____D C:\EnerBankUSA2013-08-15 10:15 - 2012-07-01 14:33 - 00000000 ____D C:\Dogs2013-08-14 22:12 - 2013-05-21 10:14 - 00000000 ____D C:\MirandasPeopleLOGO2013-08-11 22:54 - 2013-02-16 16:10 - 00000000 ____D C:\Program Files (x86)\WhiteSmoke_B2013-08-11 19:28 - 2013-08-11 19:28 - 00000000 ____D C:\Users\Bev\AppData\Local\{8103DA18-FD3A-40DF-93FA-BA757B08D336}2013-08-11 17:14 - 2013-02-16 16:10 - 00000000 ____D C:\Users\Bev\AppData\Roaming\SearchProtect2013-08-11 17:14 - 2013-02-16 16:10 - 00000000 ____D C:\Program Files (x86)\SearchProtect2013-08-10 21:39 - 2013-08-10 21:39 - 00000000 ____D C:\Users\Bev\Downloads\RogerCindy2013-08-08 16:18 - 2013-08-08 16:18 - 00000000 ____D C:\Users\Bev\AppData\Local\{BB22D809-001E-4121-B40C-4F19B706F384}2013-08-07 21:18 - 2012-07-06 20:08 - 00000000 ____D C:\Users\Bev\AppData\Local\CrashDumps2013-08-07 15:44 - 2013-05-23 11:29 - 00000000 ___SD C:\TeamESI2013-08-07 12:47 - 2013-08-07 12:47 - 00000000 ____D C:\Users\Bev\AppData\Local\{F1C2C93B-39F9-42C3-807B-BFA0D3568545}2013-08-07 11:59 - 2013-06-18 23:19 - 00000000 ____D C:\Users\Bev\Downloads\2013June192013-08-07 11:58 - 2013-04-24 11:38 - 00000000 ____D C:\Users\Bev\Downloads\Berra2013-08-06 22:12 - 2013-06-07 06:23 - 00000000 ____D C:\Users\Bev\Documents\Diary2013-08-06 12:29 - 2013-02-18 00:13 - 00039888 _____ C:\Windows\System32\lvcoinst.log2013-08-06 11:39 - 2013-08-06 11:39 - 00000000 ____D C:\Users\Bev\AppData\Local\{120A8B27-81AE-422E-BEDF-F800619EE72D}2013-08-05 16:24 - 2013-08-01 11:57 - 00000000 ____D C:\Insurance2013-08-05 07:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache2013-08-05 05:12 - 2012-06-17 22:38 - 00000000 ___RD C:\Users\Bev\Virtual Machines2013-08-05 05:11 - 2009-07-13 20:45 - 00731768 _____ C:\Windows\System32\FNTCACHE.DAT2013-08-05 05:10 - 2013-03-13 23:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-08-05 05:10 - 2013-03-13 23:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2013-08-04 23:10 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal2013-08-04 23:10 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender2013-08-04 23:10 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender2013-08-04 22:53 - 2012-06-17 10:43 - 00000000 ____D C:\ProgramData\Microsoft Help2013-08-04 17:40 - 2013-08-04 17:40 - 00000000 ____D C:\Users\Bev\AppData\Local\{9C74A07D-0B4A-41AF-A7AB-585ECC484A01}2013-08-04 17:36 - 2013-08-04 17:36 - 00000000 ____D C:\VideosMason2013-08-03 15:46 - 2013-08-03 15:46 - 00000000 ____D C:\Users\Bev\AppData\Local\{4873C7AD-178C-4285-AF76-BF8CDAD27EFA}2013-08-02 15:49 - 2013-08-02 15:47 - 00000000 ____D C:\00012013-08-02 15:39 - 2013-08-02 15:39 - 00000000 ____D C:\Users\Bev\Downloads\0012013-08-02 11:49 - 2012-06-22 21:44 - 00000000 ____D C:\AncestryStuff2013-08-01 13:35 - 2013-08-01 13:35 - 00000000 ____D C:\Users\Bev\AppData\Local\{00BB0257-C342-46A2-919B-8B2C2B6F4698}2013-08-01 11:28 - 2013-08-01 11:27 - 00000000 ____D C:\StateFarmInsurance2013-08-01 08:38 - 2013-04-25 19:41 - 00000000 ____D C:\Users\Bev\Downloads\MiscStuff2013-07-30 17:05 - 2012-07-21 19:09 - 00000000 ____D C:\Addresses2013-07-30 11:27 - 2013-07-30 11:27 - 00000000 ____D C:\Users\Bev\AppData\Local\{F86EBFB9-9794-4D9E-A505-30DF8F3FF882}2013-07-29 09:17 - 2012-08-19 16:12 - 00000000 ____D C:\Pending Files to move or delete:====================C:\ProgramData\edrsytb.exeC:\ProgramData\fyldo.exeC:\ProgramData\ghbtls.exeC:\ProgramData\ivgq.exeC:\ProgramData\mdfjbha.exeC:\ProgramData\pfwd.exeC:\ProgramData\qcovne.exeC:\ProgramData\qgmt.exeC:\ProgramData\tpuge.exeC:\ProgramData\vtaq.exeC:\ProgramData\wobomg.exeC:\ProgramData\xtid.exeC:\ProgramData\yowfl.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-07-31 14:55:23Restore point made on: 2013-08-04 22:41:36Restore point made on: 2013-08-12 15:19:50Restore point made on: 2013-08-20 12:44:26Restore point made on: 2013-08-28 10:30:25 ==================== Memory info =========================== Percentage of memory in use: 15%Total physical RAM: 4008.63 MBAvailable physical RAM: 3392.23 MBTotal Pagefile: 4006.83 MBAvailable Pagefile: 3391.1 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.89 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:441.57 GB) (Free:34.89 GB) NTFSDrive h: (RECOVERY) (Fixed) (Total:24.15 GB) (Free:16.75 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive j: () (Removable) (Total:7.44 GB) (Free:7.43 GB) FAT32Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 60721A77)Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)Partition 2: (Active) - (Size=24 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=442 GB) - (Type=07 NTFS) ========================================================Disk: 5 (Size: 7 GB) (Disk ID: 5FE8FA8E)Partition 1: (Not Active) - (Size=7 GB) - (Type=0B) LastRegBack: 2013-08-22 07:22 ==================== End Of Log ============================ Share this post Link to post Share on other sites
blade81 3 Report post Posted August 30, 2013 Hi,Important warning: In case after the fix the system booted don't run any scan or cleaning tool or you may loose some important functions. Please wait for the next instruction.Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt HKU\Bev\...\Winlogon: [Shell] C:\Users\Bev\AppData\Roaming\dbu32.ocx,explorer.exe <==== ATTENTION 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\yowfl.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\xtid.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\wobomg.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\vtaq.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\tpuge.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\qgmt.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\qcovne.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\pfwd.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\mdfjbha.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\ivgq.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\ghbtls.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\fyldo.exe 2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\edrsytb.exe NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemNow please enter System Recovery Options.Run FRST and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.Also restart and let the computer boot normally and tell me how it went. I'll provide next set of instructions after that. Share this post Link to post Share on other sites
Corbadda 0 Report post Posted August 30, 2013 I followed your instructions and ran FRST. I then booted the computer normally and it appeared to boot up without any problems. The desktop remained and no strange screens appeared. Here is the log from FRST: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-08-2013Ran by SYSTEM at 2013-08-30 12:00:02 Run:1Running from J:\Boot Mode: Recovery============================================== Content of fixlist:*****************HKU\Bev\...\Winlogon: [shell] C:\Users\Bev\AppData\Roaming\dbu32.ocx,explorer.exe <==== ATTENTION2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\yowfl.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\xtid.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\wobomg.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\vtaq.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\tpuge.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\qgmt.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\qcovne.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\pfwd.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\mdfjbha.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\ivgq.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\ghbtls.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\fyldo.exe2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\edrsytb.exe***************** HKU\Bev\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.C:\ProgramData\yowfl.exe => Moved successfully.C:\ProgramData\xtid.exe => Moved successfully.C:\ProgramData\wobomg.exe => Moved successfully.C:\ProgramData\vtaq.exe => Moved successfully.C:\ProgramData\tpuge.exe => Moved successfully.C:\ProgramData\qgmt.exe => Moved successfully.C:\ProgramData\qcovne.exe => Moved successfully.C:\ProgramData\pfwd.exe => Moved successfully.C:\ProgramData\mdfjbha.exe => Moved successfully.C:\ProgramData\ivgq.exe => Moved successfully.C:\ProgramData\ghbtls.exe => Moved successfully.C:\ProgramData\fyldo.exe => Moved successfully.C:\ProgramData\edrsytb.exe => Moved successfully. ==== End of Fixlog ==== Share this post Link to post Share on other sites
blade81 3 Report post Posted August 31, 2013 Good. Let's continue Download DDS and save it to your desktop from here or here or here.Disable any script blocker (disabling your antivirus protection should be enough), and then double click dds file to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txt Save both reports to your desktop. Include the contents of those reports to your post. Please, do not zip Attach.txt even if the message box says that. Share this post Link to post Share on other sites
Corbadda 0 Report post Posted August 31, 2013 Thanks for all the help! I ran downloaded and ran DDS as instructed. Here are the log files as follows: DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16496Run by Bev at 3:23:25 on 2013-08-31Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4009.2113 [GMT -7:00].AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\24x7Help\App24x7Svc.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Windows\System32\igfxtray.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exeC:\Program Files (x86)\Secunia\PSI\psi_tray.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exeC:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exeC:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exeC:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exeC:\Program Files (x86)\Sendori\SendoriTray.exeC:\Logitech\LWS\Webcam Software\LWS.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\ProgramData\Search Protection\SearchProtection.exeC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXEC:\PROGRA~2\AD-AWA~1\AdAware.exeC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exeC:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Trend Micro\Titanium\TiMiniService.exeC:\Program Files\Trend Micro\Titanium\TiResumeSrv.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Sendori\SendoriSvc.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files (x86)\Sendori\SendoriUp.exeC:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exeC:\Program Files (x86)\Sendori\sndappv2.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\System32\WUDFHost.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\wuauclt.exeC:\Program Files (x86)\Sendori\Sendori.Service.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exeC:\Windows\servicing\TrustedInstaller.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uSearch Bar = PreserveuURLSearchHooks: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} -mURLSearchHooks: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} -mWinlogon: Userinit = userinit.exe,BHO: Unfriend Checker: {09942569-D515-42BE-9F5A-A439B20F91AB} - C:\Program Files (x86)\Unfriend Checker\uc.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} -TB: WhiteSmoke B Toolbar: {F0E59437-6148-4A98-B0A6-60D557EF57F4} -TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -TB: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dllTB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dllTB: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} -TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllmRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exemRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exemRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"mRun: [searchProtection] C:\ProgramData\Search Protection\_run.batmRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-runmRun: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"mRun: [LWS] C:\Logitech\LWS\Webcam Software\LWS.exe -hidedRun: [searchProtect] \SearchProtect\bin\cltmng.exeStartupFolder: C:\Users\Bev\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EPSONS~1.LNK - D:\Common\EpsonReg\V30\Ereg.exeStartupFolder: C:\Users\Bev\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Logitech\Ereg\eReg.exeStartupFolder: C:\Users\Bev\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXEStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXEStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllLSP: C:\Windows\System32\Sendori.dllTCP: NameServer = 192.168.12.1TCP: Interfaces\{37314881-E905-46E4-9DB0-64917E6345A1} : DHCPNameServer = 192.168.12.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dllHandler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg32.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_paid.html" "DEF" "DEF" "DEF"x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"x64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none"x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dllx64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg.dllx64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe.============= SERVICES / DRIVERS ===============.R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2012-12-3 14456]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-6-6 55856]R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2012-11-12 57976]R2 24x7HelpSvc;24x7HelpService;C:\Program Files (x86)\24x7Help\App24x7Svc.exe [2013-2-16 394392]R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-12-7 1236368]R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-7-1 119072]R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-12 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-12 701512]R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-13 994360]R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-7-1 22304]R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-6-6 1695040]R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008]R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-7-1 3623200]R2 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2012-6-6 244440]R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2012-6-6 69392]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-6 317440]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-12 25928]R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-6 539240]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-6-6 267480]S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]S3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-9-21 24608]S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]S3 LVUVC64;Logitech HD Webcam C510(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2012-1-18 4763680]S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-12 19456]S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-12 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-12 30208]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-18 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2013-08-28 22:12:55 -------- d-----w- C:\FRST2013-08-28 20:05:06 -------- d-----w- C:\ProgramData\fsil2013-08-26 21:23:59 -------- d-----w- C:\JailhouseInn2013-08-26 17:25:35 -------- d-----w- C:\Users\Bev\AppData\Local\{AEBE6523-5364-4C9D-9977-FF34F0750DA0}2013-08-25 22:16:55 -------- d-----w- C:\Users\Bev\AppData\Local\{9961D5E6-8226-400E-A565-A339490931F3}2013-08-25 22:15:54 -------- d-----w- C:\Users\Bev\AppData\Local\{F5DA1F16-EE07-4407-B200-70051D4F9252}2013-08-25 00:09:10 -------- d-----w- C:\Users\Bev\AppData\Local\{B08E6515-B6E4-4D03-907A-D3216F212A26}2013-08-23 18:36:19 -------- d-----w- C:\MasonCD2013-08-23 17:23:53 -------- d-----w- C:\Users\Bev\AppData\Local\{D0142CBD-BE74-4355-9FCB-8E4FD09F89B6}2013-08-23 01:31:07 -------- d-----w- C:\Users\Bev\AppData\Local\{50F7AD71-6BC1-4E56-A85E-A7BB48ADF3ED}2013-08-23 01:28:51 -------- d-----w- C:\Users\Bev\AppData\Local\{D80B408D-9F90-4B58-B0C7-EA1A33021AA6}2013-08-23 01:28:09 -------- d-----w- C:\Users\Bev\AppData\Local\{A1C403F6-AF5A-427C-9D71-FE8AE3D8A504}2013-08-20 21:30:29 -------- d-----w- C:\MirandasPeople - Copy2013-08-19 21:41:59 -------- d-----w- C:\TitanicHistoricalSociety2013-08-18 19:19:10 -------- d-----w- C:\Users\Bev\AppData\Local\{347D25BF-F641-4F1C-A6AB-AB0A8398686C}2013-08-17 23:18:01 -------- d-----w- C:\Users\Bev\AppData\Local\{704210BC-8AED-4805-9ED0-5A6AE6D79436}2013-08-17 06:13:49 -------- d-----w- C:\Users\Bev\AppData\Local\{B9DA97AC-5F08-43B2-B272-0781245D6804}2013-08-15 21:21:17 -------- d-----w- C:\Users\Bev\AppData\Local\{E0859346-9544-4CE0-A8CA-08C88AAC35BA}2013-08-15 04:48:53 -------- d-----w- C:\EnerBankUSA2013-08-12 03:28:24 -------- d-----w- C:\Users\Bev\AppData\Local\{8103DA18-FD3A-40DF-93FA-BA757B08D336}2013-08-09 00:18:25 -------- d-----w- C:\Users\Bev\AppData\Local\{BB22D809-001E-4121-B40C-4F19B706F384}2013-08-07 20:47:00 -------- d-----w- C:\Users\Bev\AppData\Local\{F1C2C93B-39F9-42C3-807B-BFA0D3568545}2013-08-06 19:39:45 -------- d-----w- C:\Users\Bev\AppData\Local\{120A8B27-81AE-422E-BEDF-F800619EE72D}2013-08-05 06:39:25 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL2013-08-05 06:38:46 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll2013-08-05 06:38:46 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-08-05 06:38:46 43520 ----a-w- C:\Windows\System32\csrsrv.dll2013-08-05 06:38:46 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-08-05 06:38:46 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-08-05 06:38:46 112640 ----a-w- C:\Windows\System32\smss.exe2013-08-05 06:37:54 1643520 ----a-w- C:\Windows\System32\DWrite.dll2013-08-05 06:37:54 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll2013-08-05 01:40:07 -------- d-----w- C:\Users\Bev\AppData\Local\{9C74A07D-0B4A-41AF-A7AB-585ECC484A01}2013-08-05 01:36:05 -------- d-----w- C:\VideosMason2013-08-03 23:46:19 -------- d-----w- C:\Users\Bev\AppData\Local\{4873C7AD-178C-4285-AF76-BF8CDAD27EFA}2013-08-02 23:47:32 -------- d-----w- C:\00012013-08-01 21:35:33 -------- d-----w- C:\Users\Bev\AppData\Local\{00BB0257-C342-46A2-919B-8B2C2B6F4698}2013-08-01 19:57:57 -------- d-----w- C:\Insurance2013-08-01 19:27:54 -------- d-----w- C:\StateFarmInsurance.==================== Find3M ====================.2013-08-21 00:49:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-08-21 00:49:22 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-08-21 00:49:19 17139080 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe2013-07-01 16:49:06 325920 ----a-w- C:\Windows\SysWow64\Sendori.dll2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll.============= FINISH: 3:23:47.45 =============== Attach.txt .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 ProfessionalBoot Device: \Device\HarddiskVolume2Install Date: 6/17/2012 11:35:23 PMSystem Uptime: 8/30/2013 12:04:22 PM (15 hours ago).Motherboard: Dell Inc. | | 0GDG8Y Processor: Intel® Core i5-2400 CPU @ 3.10GHz | CPU 1 | 1581/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 442 GiB total, 34.634 GiB free.D: is CDROM ()E: is RemovableF: is RemovableG: is RemovableH: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP118: 7/31/2013 3:55:11 PM - Scheduled CheckpointRP119: 8/4/2013 11:41:24 PM - Windows UpdateRP120: 8/12/2013 4:19:38 PM - Scheduled CheckpointRP121: 8/20/2013 1:44:14 PM - Scheduled CheckpointRP122: 8/28/2013 11:30:16 AM - Scheduled Checkpoint.==== Installed Programs ======================.24x7 HelpABBYY FineReader 6.0 SprintAccidental Damage Services AgreementAd-Aware AntivirusAd-Aware Security Add-onAdobe Flash Player 11 ActiveXAdobe Reader X (10.1.5)Apple Application SupportApple Mobile Device SupportApple Software UpdateArcSoft MediaImpressionAsk ToolbarBanctec Service AgreementBing BarBonjourCameraHelperMsiCanon RAW Image Task for ZoomBrowser EXCanon Utilities Digital Photo Professional 3.0Canon Utilities EOS UtilityCanon Utilities PhotoStitchCanon Utilities ZoomBrowser EXCatalina Savings PrinterCCleanerComplete Care Business Service AgreementConexant HD AudioConsumer In-Home Service AgreementCorel PaintShop Pro X4Corel UninstallerD3DX10Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDell DataSafe Local BackupDell DataSafe Local Backup - Support SoftwareDell DataSafe OnlineDell Edoc ViewerDell Home Systems Service AgreementDesignPro 5DirectX 9 RuntimeEpson Copy Utility 3.5Epson Event ManagerEPSON Perfection V30/V300 Photo Scanner Driver UpdateEPSON ScanerLTFamily Tree Maker 2010Google Toolbar for Internet ExplorerGoogle Update HelperICAIntel® Processor GraphicsInternet Explorer (Enable DEP)IPM_PSP_COMiTunesJunk Mail filter updateLogitech Webcam SoftwareLWS FacebookLWS GalleryLWS Help_mainLWS LauncherLWS Pictures And VideoLWS TwitterLWS Webcam SoftwareLWS WLM PluginLWS YouTube PluginMalwarebytes Anti-Malware version 1.75.0.1300Mesh RuntimeMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft FrontPage 2002Microsoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Home and Business 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Word MUI (English) 2010Microsoft Primary Interoperability Assemblies 2005Microsoft Publisher 2010Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Store Download ManagerMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Microsoft WSE 3.0MSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB2758694)My DellPhotoShowExpressPSPPContentPSPPHelpPSPPro64QualxServ Service AgreementRBVirtualFolder64InstRoxio Activation ModuleRoxio BackOnTrackRoxio BurnRoxio Creator StarterRoxio Express Labeler 3Roxio File BackupSecunia PSI (2.0.0.4003)Security Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit EditionSecurity Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687501) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 32-Bit EditionSecurity Update for Microsoft OneNote 2010 (KB2760600) 32-Bit EditionSecurity Update for Microsoft Publisher 2010 (KB2553147) 32-Bit EditionSecurity Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit EditionSecurity Update for Microsoft Word 2010 (KB2760410) 32-Bit EditionSendoriSetupSkype Click to CallSkype™ 6.6Sonic CinePlayer Decoder PackTrend Micro Titanium Internet SecurityUnfriend CheckerUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553378) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598242) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687503) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687509) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2767886) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2597090) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687623) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2598240) 32-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit EditionWhiteSmoke B ToolbarWindows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows Media Encoder 9 Series.==== Event Viewer Messages From Past Week ========.8/31/2013 12:09:56 AM, Error: Service Control Manager [7031] - The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.8/30/2013 12:07:37 PM, Error: Service Control Manager [7034] - The sndappv2 service terminated unexpectedly. It has done this 1 time(s).8/30/2013 12:07:36 PM, Error: Service Control Manager [7022] - The Service Sendori service hung on starting.8/28/2013 11:50:33 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.8/28/2013 11:46:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}8/28/2013 11:46:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}8/28/2013 11:46:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}8/28/2013 11:46:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}8/28/2013 11:46:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}8/28/2013 11:46:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}8/28/2013 11:46:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}8/28/2013 11:45:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}8/28/2013 11:45:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx tmtdi vpcnfltr vpcvmm Wanarpv6 WfpLwf ws2ifsl8/28/2013 11:45:47 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.8/28/2013 11:45:47 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.8/28/2013 11:45:47 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.8/28/2013 11:45:47 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.8/28/2013 11:45:47 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.8/28/2013 11:45:44 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.8/28/2013 11:45:44 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.8/28/2013 11:45:44 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.8/28/2013 11:45:44 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.8/28/2013 11:45:44 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.8/28/2013 1:49:59 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.8/28/2013 1:48:49 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.8/28/2013 1:48:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr tmtdi vpcvmm Wanarpv68/28/2013 1:27:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Application Sendori service.8/27/2013 6:30:04 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.8/27/2013 6:30:04 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.8/26/2013 3:10:28 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Bev7\Bev SID (S-1-5-21-776842778-1022910293-1919321215-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.8/26/2013 3:10:28 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user Bev7\Bev SID (S-1-5-21-776842778-1022910293-1919321215-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.8/26/2013 3:10:28 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Bev7\Bev SID (S-1-5-21-776842778-1022910293-1919321215-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool..==== End Of File =========================== Share this post Link to post Share on other sites
blade81 3 Report post Posted August 31, 2013 Hi, Please visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully first.Please continue as follows: Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, linkRemember to re-enable them afterwards. Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew dds log.A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use. Share this post Link to post Share on other sites
Corbadda 0 Report post Posted August 31, 2013 I ran ComboFix and then reran DDS as instructed. Here are the log files as follows: C:\ComboFix.txt ComboFix 13-08-31.01 - Bev 08/31/2013 14:41:56.1.4 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4009.2533 [GMT -7:00]Running from: c:\users\Bev\Desktop\ComboFix.exeAV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\24x7Helpc:\program files (x86)\24x7Help\App24x7Help.exec:\program files (x86)\24x7Help\App24x7Hook.dllc:\program files (x86)\24x7Help\App24x7Hook.exec:\program files (x86)\24x7Help\App24x7Hook64.dllc:\program files (x86)\24x7Help\App24x7Hook64.exec:\program files (x86)\24x7Help\App24x7Svc.exec:\program files (x86)\24x7Help\Cfg24x7.exec:\program files (x86)\24x7Help\unins000.datc:\program files (x86)\24x7Help\unins000.exec:\program files (x86)\24x7Help\unins000.msgc:\program files (x86)\Unfriend Checker\uc.Dllc:\programdata\Microsoft\Windows\Start Menu\Programs\24x7 Helpc:\programdata\Microsoft\Windows\Start Menu\Programs\24x7 Help\24x7 Help.lnkc:\programdata\Microsoft\Windows\Start Menu\Programs\24x7 Help\24x7Help.org.urlc:\programdata\Microsoft\Windows\Start Menu\Programs\24x7 Help\Uninstall 24x7 Help.lnkc:\programdata\PCDr\6280\AddOnDownloaded\3265cc37-1ae8-4a1d-b93a-d8a0d09ba823.dllc:\programdata\PCDr\6280\AddOnDownloaded\357a8a4f-74a2-42f1-aed0-bea5984fd709.dllc:\programdata\PCDr\6280\AddOnDownloaded\393c4795-5a95-448d-89c3-2d1321ae7575.dllc:\programdata\PCDr\6280\AddOnDownloaded\5737a9df-39af-4df3-b97d-07f556d679c5.dllc:\programdata\PCDr\6280\AddOnDownloaded\840b04b8-fb1e-4492-9645-97c163fb4348.dllc:\programdata\PCDr\6280\AddOnDownloaded\8aa95cb2-816d-4a9a-a370-962b815a3013.dllc:\programdata\PCDr\6280\AddOnDownloaded\97b26c73-ba78-4c33-81e8-2f3210990c0e.dllc:\programdata\PCDr\6280\AddOnDownloaded\9a29e1fb-664e-4651-a32c-e1ab34198ded.dllc:\programdata\PCDr\6280\AddOnDownloaded\ad3867bf-de78-4ebd-93f2-0811b275b627.dllc:\programdata\PCDr\6280\AddOnDownloaded\e2989224-3347-43ce-b7a2-533339a265b0.dllc:\users\Bev\AppData\Roaming\dbu32.ocxc:\users\Bev\AppData\Roaming\SearchProtectc:\users\Bev\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\ENc:\users\Public\Desktop\24x7 Help.lnk..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_24x7HelpSvc-------\Service_24x7HelpSvc..((((((((((((((((((((((((( Files Created from 2013-07-28 to 2013-08-31 )))))))))))))))))))))))))))))))..2013-08-31 21:51 . 2013-08-31 21:51 -------- d-----w- c:\users\Default\AppData\Local\temp2013-08-28 22:12 . 2013-08-28 22:12 -------- d-----w- C:\FRST2013-08-28 20:05 . 2013-08-28 20:08 -------- d-----w- c:\programdata\fsil2013-08-26 21:23 . 2013-08-26 21:23 -------- d-----w- C:\JailhouseInn2013-08-23 18:36 . 2013-08-23 18:36 -------- d-----w- C:\MasonCD2013-08-20 21:30 . 2013-08-20 21:31 -------- d-----w- C:\MirandasPeople - Copy2013-08-19 21:41 . 2013-08-19 21:42 -------- d-----w- C:\TitanicHistoricalSociety2013-08-15 04:48 . 2013-08-15 19:55 -------- d-----w- C:\EnerBankUSA2013-08-05 06:40 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll2013-08-05 06:39 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL2013-08-05 06:38 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe2013-08-05 06:38 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll2013-08-05 06:38 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-08-05 06:38 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-08-05 06:38 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll2013-08-05 06:38 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe2013-08-05 06:37 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll2013-08-05 06:37 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll2013-08-05 01:36 . 2013-08-05 01:36 -------- d-----w- C:\VideosMason2013-08-02 23:47 . 2013-08-02 23:49 -------- d-----w- C:\0001...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-08-21 00:49 . 2012-06-07 00:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-08-21 00:49 . 2012-06-07 00:24 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-08-21 00:49 . 2013-02-26 23:49 17139080 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe2013-07-01 16:49 . 2013-02-17 00:11 325920 ----a-w- c:\windows\SysWow64\Sendori.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]2012-11-16 21:41 87448 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-11-16 87448].[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1][HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd].[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-11-16 542104]"SearchProtection"="c:\programdata\Search Protection\_run.bat" [2012-12-13 141]"Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-07-01 83232]"LWS"="c:\logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136].c:\users\Bev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk - c:\logitech\Ereg\eReg.exe /remind /language=ENU /_WFM="." [2009-11-16 517384]OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-13 291896].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]@="Ad-Aware Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]@="Service".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]R3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x]S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x]S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x]S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe;c:\program files\Trend Micro\Titanium\TiMiniService.exe [x]S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]..Contents of the 'Scheduled Tasks' folder.2013-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 00:49].2013-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 20:58].2013-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 20:58]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2011-05-21 1139992]"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-05-21 192520]"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2011-05-21 328400]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 192.168.12.1.- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{f0e59437-6148-4a98-b0a6-60d557ef57f4} - c:\program files (x86)\WhiteSmoke_B\prxtbWhit.dllBHO-{09942569-D515-42BE-9F5A-A439B20F91AB} - c:\program files (x86)\Unfriend Checker\uc.dllBHO-{f0e59437-6148-4a98-b0a6-60d557ef57f4} - c:\program files (x86)\WhiteSmoke_B\prxtbWhit.dllToolbar-Locked - (no file)Toolbar-{f0e59437-6148-4a98-b0a6-60d557ef57f4} - c:\program files (x86)\WhiteSmoke_B\prxtbWhit.dllWow6432Node-HKLM-Run-<NO NAME> - (no file)Wow6432Node-HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exec:\users\Bev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson scanner Registration.lnk - d:\common\EpsonReg\V30\Ereg.exe /remind /language=ENU /PRNM="00873"HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)WebBrowser-{F0E59437-6148-4A98-B0A6-60D557EF57F4} - (no file)AddRemove-{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1 - c:\program files (x86)\24x7Help\unins000.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<ΦÚ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<ΦÚ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÔfÒ„]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÔfÒ„\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æÈrÂç]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æÈrÂç\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æHuÂç]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æHuÂç\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^“!XeÄ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^“!XeÄ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Pаú]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Pаú\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^#PãzzŸ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^#PãzzŸ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Q%HÛ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Q%HÛ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^XQ˜à]]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^XQ˜à]\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÀQILÃ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÀQILÃ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vRâf’Æ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vRâf’Æ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^2SºÂ&_]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^2SºÂ&_\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^uS¦¶°à]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^uS¦¶°à\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^T©È€]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^T©È€\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yTßíØ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yTßíØ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yT_¯íØ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yT_¯íØ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^–T‡kÛ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^–T‡kÛ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^U!Uê]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^U!Uê\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÙVF«hþ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÙVF«hþ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^gWd°â)]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^gWd°â)\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXÙ‚RÂ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXÙ‚RÂ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXY‡RÂ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXY‡RÂ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡YIÙS]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡YIÙS\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡YJÙS]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡YJÙS\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‘ZÜpÝJ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‘ZÜpÝJ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ì]¯Õ4]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ì]¯Õ4\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^ÚA¯Ÿ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^ÚA¯Ÿ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^edž¤]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^edž¤\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^I^òìÄ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^I^òìÄ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^_ã‚Q]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^_ã‚Q\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^B_9¤ÆP]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^B_9¤ÆP\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^g_0q¥Ô]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^g_0q¥Ô\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^u_*æ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^u_*æ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ï_©Ùw‘]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ï_©Ùw‘\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^§`Ðúõ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^§`Ðúõ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨`B-<]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨`B-<\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Raù\ö]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Raù\ö\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^|aßÍ#]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^|aßÍ#\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¾aw™ý½]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¾aw™ý½\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÆaûIu]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÆaûIu\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Æa{Ku]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Æa{Ku\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ùa‰ap]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ùa‰ap\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*b¯…ï]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*b¯…ï\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Úb,¤çˆ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Úb,¤çˆ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<cØyN—]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<cØyN—\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^[cSQ—¯]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^[cSQ—¯\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨cŒÍ<p]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨cŒÍ<p\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]d-_]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]d-_\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vdàÁtà]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vdàÁtà\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^!eðË=]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^!eðË=\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]eê–]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]eê–\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Þezù!"]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Þezù!"\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*f–àPá]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*f–àPá\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^5WÂ%-™]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^5WÂ%-™\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^µcZœÅ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^µcZœÅ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ãtE¥ãt`^WeY9òü]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ãtE¥ãt`^WeY9òü\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥’uE¥’u`^ÿU¯NâŠ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥’uE¥’u`^ÿU¯NâŠ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥™uE¥™u`^že’•yâ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥™uE¥™u`^že’•yâ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥àuE¥àu`^ùe[a˜[]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥àuE¥àu`^ùe[a˜[\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^¨cŠ‘LÉ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^¨cŠ‘LÉ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©cLÔ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©cLÔ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©c› äâ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©c› äâ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^VaV#]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^VaV#\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^2UrÝÂb]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^2UrÝÂb\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FvE¥Fv`^æ`œetE]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FvE¥Fv`^æ`œetE\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ivE¥iv`^Ž[•C]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ivE¥iv`^Ž[•C\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥svE¥sv`^ÐhÆô‹¥]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥svE¥sv`^ÐhÆô‹¥\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÿvE¥ÿv`^raÚeS]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÿvE¥ÿv`^raÚeS\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FwE¥Fw`^5bLо]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FwE¥Fw`^5bLо\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^ŽU<Ü=]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^ŽU<Ü=\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^‹Y8ýŸî]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^‹Y8ýŸî\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Øt¨¯Øt`^¯bØc]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Øt¨¯Øt`^¯bØc\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^Þ]3siþ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^Þ]3siþ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaoK3]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaoK3\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaÿT3]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaÿT3\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^|aX¨šx]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^|aX¨šx\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^]hwéÛ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^]hwéÛ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^²Tgmû²]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^²Tgmû²\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^–UØGE!]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^–UØGE!\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^zY§wŠy]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^zY§wŠy\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^ªYtÏ·]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^ªYtÏ·\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^–R…³c8]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^–R…³c8\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^,VĘæÁ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^,VĘæÁ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^…^‹öv]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^…^‹öv\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯šu¨¯šu`^Z^³ìL]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯šu¨¯šu`^Z^³ìL\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯¡u¨¯¡u`^Šj`eÚ²]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯¡u¨¯¡u`^Šj`eÚ²\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^_ˆIÄ‹]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^_ˆIÄ‹\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^Ea²àX]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^Ea²àX\OpenWithList]@Class="Shell".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exec:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exec:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exec:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXEc:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEc:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exec:\program files (x86)\Sendori\SendoriUp.exe.**************************************************************************.Completion time: 2013-08-31 15:03:12 - machine was rebootedComboFix-quarantined-files.txt 2013-08-31 22:03.Pre-Run: 36,610,011,136 bytes freePost-Run: 36,249,509,888 bytes free.- - End Of File - - 5114B074F6D07EFC8EA7F371C4D94C5E5C616939100B85E558DA92B899A0FC36 DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16496Run by Bev at 15:04:53 on 2013-08-31Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4009.2626 [GMT -7:00].AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\system32\Dwm.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exeC:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\Program Files (x86)\Sendori\sndappv2.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Trend Micro\Titanium\TiMiniService.exeC:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXEC:\Program Files\Trend Micro\Titanium\TiResumeSrv.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEC:\Program Files (x86)\Sendori\SendoriSvc.exeC:\Program Files (x86)\Sendori\Sendori.Service.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files (x86)\Sendori\SendoriUp.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\WUDFHost.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\wuauclt.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\explorer.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mURLSearchHooks: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} -BHO: Unfriend Checker: {09942569-D515-42BE-9F5A-A439B20F91AB} -BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} -TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -TB: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dllTB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dllTB: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} -TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllmRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exemRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exemRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"mRun: [searchProtection] C:\ProgramData\Search Protection\_run.batmRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-runmRun: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"mRun: [LWS] C:\Logitech\LWS\Webcam Software\LWS.exe -hideStartupFolder: C:\Users\Bev\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Logitech\Ereg\eReg.exeStartupFolder: C:\Users\Bev\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXEStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXEStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exeuPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllTCP: NameServer = 192.168.12.1TCP: Interfaces\{37314881-E905-46E4-9DB0-64917E6345A1} : DHCPNameServer = 192.168.12.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dllHandler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg32.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_paid.html" "DEF" "DEF" "DEF"x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"x64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none"x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dllx64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg.dllx64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe.============= SERVICES / DRIVERS ===============.R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2012-12-3 14456]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-6-6 55856]R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2012-11-12 57976]R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-12-7 1236368]R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-7-1 119072]R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-12 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-12 701512]R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-13 994360]R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-7-1 22304]R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-6-6 1695040]R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008]R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-7-1 3623200]R2 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2012-6-6 244440]R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2012-6-6 69392]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-6 317440]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-12 25928]R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-6 539240]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-6-6 267480]S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]S3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-9-21 24608]S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]S3 LVUVC64;Logitech HD Webcam C510(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2012-1-18 4763680]S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-12 19456]S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-12 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-12 30208]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-18 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2013-08-31 21:54:05 -------- d-----w- C:\$RECYCLE.BIN2013-08-31 21:40:32 98816 ----a-w- C:\Windows\sed.exe2013-08-31 21:40:32 256000 ----a-w- C:\Windows\PEV.exe2013-08-31 21:40:32 208896 ----a-w- C:\Windows\MBR.exe2013-08-28 22:12:55 -------- d-----w- C:\FRST2013-08-28 20:05:06 -------- d-----w- C:\ProgramData\fsil2013-08-26 21:23:59 -------- d-----w- C:\JailhouseInn2013-08-26 17:25:35 -------- d-----w- C:\Users\Bev\AppData\Local\{AEBE6523-5364-4C9D-9977-FF34F0750DA0}2013-08-25 22:16:55 -------- d-----w- C:\Users\Bev\AppData\Local\{9961D5E6-8226-400E-A565-A339490931F3}2013-08-25 22:15:54 -------- d-----w- C:\Users\Bev\AppData\Local\{F5DA1F16-EE07-4407-B200-70051D4F9252}2013-08-25 00:09:10 -------- d-----w- C:\Users\Bev\AppData\Local\{B08E6515-B6E4-4D03-907A-D3216F212A26}2013-08-23 18:36:19 -------- d-----w- C:\MasonCD2013-08-23 17:23:53 -------- d-----w- C:\Users\Bev\AppData\Local\{D0142CBD-BE74-4355-9FCB-8E4FD09F89B6}2013-08-23 01:31:07 -------- d-----w- C:\Users\Bev\AppData\Local\{50F7AD71-6BC1-4E56-A85E-A7BB48ADF3ED}2013-08-23 01:28:51 -------- d-----w- C:\Users\Bev\AppData\Local\{D80B408D-9F90-4B58-B0C7-EA1A33021AA6}2013-08-23 01:28:09 -------- d-----w- C:\Users\Bev\AppData\Local\{A1C403F6-AF5A-427C-9D71-FE8AE3D8A504}2013-08-20 21:30:29 -------- d-----w- C:\MirandasPeople - Copy2013-08-19 21:41:59 -------- d-----w- C:\TitanicHistoricalSociety2013-08-18 19:19:10 -------- d-----w- C:\Users\Bev\AppData\Local\{347D25BF-F641-4F1C-A6AB-AB0A8398686C}2013-08-17 23:18:01 -------- d-----w- C:\Users\Bev\AppData\Local\{704210BC-8AED-4805-9ED0-5A6AE6D79436}2013-08-17 06:13:49 -------- d-----w- C:\Users\Bev\AppData\Local\{B9DA97AC-5F08-43B2-B272-0781245D6804}2013-08-15 21:21:17 -------- d-----w- C:\Users\Bev\AppData\Local\{E0859346-9544-4CE0-A8CA-08C88AAC35BA}2013-08-15 04:48:53 -------- d-----w- C:\EnerBankUSA2013-08-12 03:28:24 -------- d-----w- C:\Users\Bev\AppData\Local\{8103DA18-FD3A-40DF-93FA-BA757B08D336}2013-08-09 00:18:25 -------- d-----w- C:\Users\Bev\AppData\Local\{BB22D809-001E-4121-B40C-4F19B706F384}2013-08-07 20:47:00 -------- d-----w- C:\Users\Bev\AppData\Local\{F1C2C93B-39F9-42C3-807B-BFA0D3568545}2013-08-06 19:39:45 -------- d-----w- C:\Users\Bev\AppData\Local\{120A8B27-81AE-422E-BEDF-F800619EE72D}2013-08-05 06:39:25 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL2013-08-05 06:38:46 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll2013-08-05 06:38:46 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-08-05 06:38:46 43520 ----a-w- C:\Windows\System32\csrsrv.dll2013-08-05 06:38:46 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-08-05 06:38:46 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-08-05 06:38:46 112640 ----a-w- C:\Windows\System32\smss.exe2013-08-05 06:37:54 1643520 ----a-w- C:\Windows\System32\DWrite.dll2013-08-05 06:37:54 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll2013-08-05 01:40:07 -------- d-----w- C:\Users\Bev\AppData\Local\{9C74A07D-0B4A-41AF-A7AB-585ECC484A01}2013-08-05 01:36:05 -------- d-----w- C:\VideosMason2013-08-03 23:46:19 -------- d-----w- C:\Users\Bev\AppData\Local\{4873C7AD-178C-4285-AF76-BF8CDAD27EFA}2013-08-02 23:47:32 -------- d-----w- C:\0001.==================== Find3M ====================.2013-08-21 00:49:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-08-21 00:49:22 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-08-21 00:49:19 17139080 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe2013-07-01 16:49:06 325920 ----a-w- C:\Windows\SysWow64\Sendori.dll2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll.============= FINISH: 15:05:00.11 =============== Share this post Link to post Share on other sites
blade81 3 Report post Posted September 2, 2013 Hi again,Open notepad and copy/paste the text in the quotebox below into it: DirLook:: C:\ProgramData\fsil Save this asCFScriptA word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).Then post the resultant log.Uninstall old Adobe Reader versions and get Adobe Reader 11.0 here and update 11.0.03 for it or get Foxit Reader here. Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here.* Go here to run an online scanner from ESET. Note: You will need to use Internet explorer for this scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Click Start Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked. Click Scan Wait for the scan to finish. Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. Share this post Link to post Share on other sites
Corbadda 0 Report post Posted September 2, 2013 I ran ComboFix using the CFScript.txt as instructed. I also unistalled the old Adobe Reader and installed and updated Adobe Reader 11. I then went online and ran ESET as well as running DDS. Here are the log files as follows: C:\ComboFix.txt ComboFix 13-09-02.02 - Bev 09/02/2013 12:59:59.2.4 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4009.2358 [GMT -7:00]Running from: c:\users\Bev\Desktop\ComboFix.exeCommand switches used :: c:\users\Bev\Desktop\CFScript.txtAV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\PCDr\6280\AddOnDownloaded\3265cc37-1ae8-4a1d-b93a-d8a0d09ba823.dllc:\programdata\PCDr\6280\AddOnDownloaded\357a8a4f-74a2-42f1-aed0-bea5984fd709.dllc:\programdata\PCDr\6280\AddOnDownloaded\393c4795-5a95-448d-89c3-2d1321ae7575.dllc:\programdata\PCDr\6280\AddOnDownloaded\5737a9df-39af-4df3-b97d-07f556d679c5.dllc:\programdata\PCDr\6280\AddOnDownloaded\840b04b8-fb1e-4492-9645-97c163fb4348.dllc:\programdata\PCDr\6280\AddOnDownloaded\8aa95cb2-816d-4a9a-a370-962b815a3013.dllc:\programdata\PCDr\6280\AddOnDownloaded\97b26c73-ba78-4c33-81e8-2f3210990c0e.dllc:\programdata\PCDr\6280\AddOnDownloaded\9a29e1fb-664e-4651-a32c-e1ab34198ded.dllc:\programdata\PCDr\6280\AddOnDownloaded\ad3867bf-de78-4ebd-93f2-0811b275b627.dllc:\programdata\PCDr\6280\AddOnDownloaded\e2989224-3347-43ce-b7a2-533339a265b0.dll..((((((((((((((((((((((((( Files Created from 2013-08-02 to 2013-09-02 )))))))))))))))))))))))))))))))..2013-09-02 20:07 . 2013-09-02 20:07 -------- d-----w- c:\users\Default\AppData\Local\temp2013-08-28 22:12 . 2013-08-28 22:12 -------- d-----w- C:\FRST2013-08-28 20:05 . 2013-08-28 20:08 -------- d-----w- c:\programdata\fsil2013-08-26 21:23 . 2013-08-26 21:23 -------- d-----w- C:\JailhouseInn2013-08-23 18:36 . 2013-08-23 18:36 -------- d-----w- C:\MasonCD2013-08-20 21:30 . 2013-08-20 21:31 -------- d-----w- C:\MirandasPeople - Copy2013-08-19 21:41 . 2013-08-19 21:42 -------- d-----w- C:\TitanicHistoricalSociety2013-08-15 04:48 . 2013-08-15 19:55 -------- d-----w- C:\EnerBankUSA2013-08-05 06:40 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll2013-08-05 06:39 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL2013-08-05 06:38 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe2013-08-05 06:38 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll2013-08-05 06:38 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-08-05 06:38 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-08-05 06:38 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll2013-08-05 06:38 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe2013-08-05 06:37 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll2013-08-05 06:37 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll2013-08-05 01:36 . 2013-08-05 01:36 -------- d-----w- C:\VideosMason...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-08-21 00:49 . 2012-06-07 00:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-08-21 00:49 . 2012-06-07 00:24 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-08-21 00:49 . 2013-02-26 23:49 17139080 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe2013-07-01 16:49 . 2013-02-17 00:11 325920 ----a-w- c:\windows\SysWow64\Sendori.dll..(((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))).---- Directory of c:\programdata\fsil ----.2013-08-28 20:08 . 2013-08-29 06:50 67031 ----a-w- c:\programdata\fsil\npphx.ocy2013-08-28 20:08 . 2013-08-28 20:08 229185 ----a-w- c:\programdata\fsil\yjbj.qnj..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{09942569-D515-42BE-9F5A-A439B20F91AB}]c:\program files (x86)\Unfriend Checker\uc.dll [bU].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]2012-11-16 21:41 87448 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{f0e59437-6148-4a98-b0a6-60d557ef57f4}]c:\program files (x86)\WhiteSmoke_B\prxtbWhit.dll [bU].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-11-16 87448]"{f0e59437-6148-4a98-b0a6-60d557ef57f4}"= "c:\program files (x86)\WhiteSmoke_B\prxtbWhit.dll" [bU].[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1][HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd].[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}].[HKEY_CLASSES_ROOT\clsid\{f0e59437-6148-4a98-b0a6-60d557ef57f4}].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-11-16 542104]"SearchProtection"="c:\programdata\Search Protection\_run.bat" [2012-12-13 141]"Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-07-01 83232]"LWS"="c:\logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136].c:\users\Bev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk - c:\logitech\Ereg\eReg.exe /remind /language=ENU /_WFM="." [2009-11-16 517384]OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-13 291896].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]@="Ad-Aware Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]@="Service".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]R3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x]S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x]S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x]S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe;c:\program files\Trend Micro\Titanium\TiMiniService.exe [x]S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\my dell\pcdsrvc_x64.pkms;c:\program files\my dell\pcdsrvc_x64.pkms [x]S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - PCDSRVC{D3412D80-CF3B4A27-06020200}_0.Contents of the 'Scheduled Tasks' folder.2013-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 00:49].2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 20:58].2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 20:58]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2011-05-21 1139992]"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-05-21 192520]"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2011-05-21 328400]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 192.168.12.1.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Wow6432Node-HKLM-Run-<NO NAME> - (no file)AddRemove-{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1 - c:\program files (x86)\24x7Help\unins000.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{D3412D80-CF3B4A27-06020200}_0]"ImagePath"="\??\c:\program files\my dell\pcdsrvc_x64.pkms".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<ΦÚ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<ΦÚ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÔfÒ„]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÔfÒ„\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æÈrÂç]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æÈrÂç\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æHuÂç]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æHuÂç\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^“!XeÄ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^“!XeÄ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Pаú]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Pаú\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^#PãzzŸ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^#PãzzŸ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Q%HÛ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Q%HÛ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^XQ˜à]]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^XQ˜à]\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÀQILÃ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÀQILÃ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vRâf’Æ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vRâf’Æ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^2SºÂ&_]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^2SºÂ&_\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^uS¦¶°à]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^uS¦¶°à\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^T©È€]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^T©È€\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yTßíØ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yTßíØ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yT_¯íØ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yT_¯íØ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^–T‡kÛ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^–T‡kÛ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^U!Uê]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^U!Uê\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÙVF«hþ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÙVF«hþ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^gWd°â)]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^gWd°â)\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXÙ‚RÂ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXÙ‚RÂ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXY‡RÂ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXY‡RÂ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡YIÙS]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡YIÙS\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡YJÙS]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡YJÙS\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‘ZÜpÝJ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‘ZÜpÝJ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ì]¯Õ4]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ì]¯Õ4\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^ÚA¯Ÿ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^ÚA¯Ÿ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^edž¤]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^edž¤\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^I^òìÄ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^I^òìÄ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^_ã‚Q]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^_ã‚Q\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^B_9¤ÆP]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^B_9¤ÆP\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^g_0q¥Ô]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^g_0q¥Ô\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^u_*æ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^u_*æ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ï_©Ùw‘]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ï_©Ùw‘\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^§`Ðúõ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^§`Ðúõ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨`B-<]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨`B-<\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Raù\ö]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Raù\ö\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^|aßÍ#]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^|aßÍ#\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¾aw™ý½]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¾aw™ý½\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÆaûIu]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÆaûIu\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Æa{Ku]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Æa{Ku\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ùa‰ap]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ùa‰ap\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*b¯…ï]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*b¯…ï\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Úb,¤çˆ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Úb,¤çˆ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<cØyN—]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<cØyN—\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^[cSQ—¯]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^[cSQ—¯\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨cŒÍ<p]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨cŒÍ<p\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]d-_]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]d-_\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vdàÁtà]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vdàÁtà\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^!eðË=]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^!eðË=\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]eê–]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]eê–\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Þezù!"]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Þezù!"\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*f–àPá]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*f–àPá\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^5WÂ%-™]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^5WÂ%-™\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^µcZœÅ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^µcZœÅ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ãtE¥ãt`^WeY9òü]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ãtE¥ãt`^WeY9òü\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥’uE¥’u`^ÿU¯NâŠ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥’uE¥’u`^ÿU¯NâŠ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥™uE¥™u`^že’•yâ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥™uE¥™u`^že’•yâ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥àuE¥àu`^ùe[a˜[]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥àuE¥àu`^ùe[a˜[\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^¨cŠ‘LÉ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^¨cŠ‘LÉ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©cLÔ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©cLÔ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©c› äâ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©c› äâ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^VaV#]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^VaV#\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^2UrÝÂb]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^2UrÝÂb\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FvE¥Fv`^æ`œetE]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FvE¥Fv`^æ`œetE\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ivE¥iv`^Ž[•C]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ivE¥iv`^Ž[•C\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥svE¥sv`^ÐhÆô‹¥]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥svE¥sv`^ÐhÆô‹¥\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÿvE¥ÿv`^raÚeS]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÿvE¥ÿv`^raÚeS\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FwE¥Fw`^5bLо]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FwE¥Fw`^5bLо\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^ŽU<Ü=]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^ŽU<Ü=\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^‹Y8ýŸî]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^‹Y8ýŸî\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Øt¨¯Øt`^¯bØc]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Øt¨¯Øt`^¯bØc\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^Þ]3siþ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^Þ]3siþ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaoK3]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaoK3\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaÿT3]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaÿT3\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^|aX¨šx]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^|aX¨šx\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^]hwéÛ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^]hwéÛ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^²Tgmû²]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^²Tgmû²\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^–UØGE!]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^–UØGE!\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^zY§wŠy]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^zY§wŠy\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^ªYtÏ·]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^ªYtÏ·\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^–R…³c8]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^–R…³c8\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^,VĘæÁ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^,VĘæÁ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^…^‹öv]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^…^‹öv\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯šu¨¯šu`^Z^³ìL]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯šu¨¯šu`^Z^³ìL\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯¡u¨¯¡u`^Šj`eÚ²]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯¡u¨¯¡u`^Šj`eÚ²\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^_ˆIÄ‹]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^_ˆIÄ‹\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^Ea²àX]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^Ea²àX\OpenWithList]@Class="Shell".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-09-02 13:09:45ComboFix-quarantined-files.txt 2013-09-02 20:09ComboFix2.txt 2013-08-31 22:03.Pre-Run: 37,339,172,864 bytes freePost-Run: 37,286,572,032 bytes free.- - End Of File - - 6A2D220CA9064CC94F80B566D0BF43985C616939100B85E558DA92B899A0FC36 ESET Report C:\FRST\Quarantine\edrsytb.exe a variant of Win32/Kryptik.BIYS trojanC:\FRST\Quarantine\fyldo.exe a variant of Win32/Kryptik.BIYS trojanC:\FRST\Quarantine\ghbtls.exe a variant of Win32/Kryptik.BIYS trojanC:\FRST\Quarantine\ivgq.exe a variant of Win32/Kryptik.BIYS trojanC:\FRST\Quarantine\mdfjbha.exe a variant of Win32/Kryptik.BIYS trojanC:\FRST\Quarantine\pfwd.exe a variant of Win32/Kryptik.BIYS trojanC:\FRST\Quarantine\qcovne.exe a variant of Win32/Kryptik.BIYS trojanC:\FRST\Quarantine\qgmt.exe a variant of Win32/Kryptik.BIYS trojanC:\FRST\Quarantine\tpuge.exe a variant of Win32/Kryptik.BIYS trojanC:\FRST\Quarantine\vtaq.exe a variant of Win32/Kryptik.BIYS trojanC:\FRST\Quarantine\wobomg.exe a variant of Win32/Kryptik.BIYS trojanC:\FRST\Quarantine\xtid.exe a variant of Win32/Kryptik.BIYS trojanC:\FRST\Quarantine\yowfl.exe a variant of Win32/Kryptik.BIYS trojanC:\Qoobox\Quarantine\C\Program Files (x86)\24x7Help\App24x7Help.exe.vir a variant of Win32/24x7Help.B applicationC:\Qoobox\Quarantine\C\Program Files (x86)\24x7Help\App24x7Hook.dll.vir Win32/24x7Help.A applicationC:\Qoobox\Quarantine\C\Program Files (x86)\24x7Help\App24x7Hook64.dll.vir Win64/24x7Help.A applicationC:\Qoobox\Quarantine\C\Program Files (x86)\24x7Help\App24x7Svc.exe.vir probably a variant of Win32/24x7Help.B applicationC:\Qoobox\Quarantine\C\Users\Bev\AppData\Roaming\dbu32.ocx.vir a variant of Win32/Kryptik.BIYS trojan DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16496Run by Bev at 15:21:58 on 2013-09-02Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4009.2069 [GMT -7:00].AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exeC:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Program Files (x86)\Sendori\sndappv2.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Trend Micro\Titanium\TiMiniService.exeC:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXEC:\Program Files\Trend Micro\Titanium\TiResumeSrv.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEC:\Program Files (x86)\Sendori\SendoriSvc.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files (x86)\Sendori\SendoriUp.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\WUDFHost.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\wuauclt.exeC:\Windows\system32\notepad.exeC:\Windows\explorer.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Sendori\Sendori.Service.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mURLSearchHooks: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} -BHO: Unfriend Checker: {09942569-D515-42BE-9F5A-A439B20F91AB} -BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} -TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -TB: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dllTB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dllTB: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} -TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllmRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exemRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exemRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"mRun: [searchProtection] C:\ProgramData\Search Protection\_run.batmRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-runmRun: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"mRun: [LWS] C:\Logitech\LWS\Webcam Software\LWS.exe -hidemRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"StartupFolder: C:\Users\Bev\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Logitech\Ereg\eReg.exeStartupFolder: C:\Users\Bev\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXEStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXEStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exeuPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllTCP: NameServer = 192.168.12.1TCP: Interfaces\{37314881-E905-46E4-9DB0-64917E6345A1} : DHCPNameServer = 192.168.12.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dllHandler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg32.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_paid.html" "DEF" "DEF" "DEF"x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"x64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none"x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dllx64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg.dllx64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe.============= SERVICES / DRIVERS ===============.R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2012-12-3 14456]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-6-6 55856]R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2012-11-12 57976]R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-12-7 1236368]R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-7-1 119072]R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-12 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-12 701512]R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-13 994360]R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-7-1 22304]R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-6-6 1695040]R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-7-1 3623200]R2 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2012-6-6 244440]R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2012-6-6 69392]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-6 317440]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-12 25928]R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-6 539240]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-6-6 267480]S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]S3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-9-21 24608]S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]S3 LVUVC64;Logitech HD Webcam C510(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2012-1-18 4763680]S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-12 19456]S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-12 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-12 30208]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-18 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2013-09-02 20:24:13 -------- d-----w- C:\Program Files (x86)\ESET2013-09-02 20:09:49 -------- d-sh--w- C:\$RECYCLE.BIN2013-08-31 21:40:32 98816 ----a-w- C:\Windows\sed.exe2013-08-31 21:40:32 256000 ----a-w- C:\Windows\PEV.exe2013-08-31 21:40:32 208896 ----a-w- C:\Windows\MBR.exe2013-08-28 22:12:55 -------- d-----w- C:\FRST2013-08-28 20:05:06 -------- d-----w- C:\ProgramData\fsil2013-08-26 21:23:59 -------- d-----w- C:\JailhouseInn2013-08-26 17:25:35 -------- d-----w- C:\Users\Bev\AppData\Local\{AEBE6523-5364-4C9D-9977-FF34F0750DA0}2013-08-25 22:16:55 -------- d-----w- C:\Users\Bev\AppData\Local\{9961D5E6-8226-400E-A565-A339490931F3}2013-08-25 22:15:54 -------- d-----w- C:\Users\Bev\AppData\Local\{F5DA1F16-EE07-4407-B200-70051D4F9252}2013-08-25 00:09:10 -------- d-----w- C:\Users\Bev\AppData\Local\{B08E6515-B6E4-4D03-907A-D3216F212A26}2013-08-23 18:36:19 -------- d-----w- C:\MasonCD2013-08-23 17:23:53 -------- d-----w- C:\Users\Bev\AppData\Local\{D0142CBD-BE74-4355-9FCB-8E4FD09F89B6}2013-08-23 01:31:07 -------- d-----w- C:\Users\Bev\AppData\Local\{50F7AD71-6BC1-4E56-A85E-A7BB48ADF3ED}2013-08-23 01:28:51 -------- d-----w- C:\Users\Bev\AppData\Local\{D80B408D-9F90-4B58-B0C7-EA1A33021AA6}2013-08-23 01:28:09 -------- d-----w- C:\Users\Bev\AppData\Local\{A1C403F6-AF5A-427C-9D71-FE8AE3D8A504}2013-08-20 21:30:29 -------- d-----w- C:\MirandasPeople - Copy2013-08-19 21:41:59 -------- d-----w- C:\TitanicHistoricalSociety2013-08-18 19:19:10 -------- d-----w- C:\Users\Bev\AppData\Local\{347D25BF-F641-4F1C-A6AB-AB0A8398686C}2013-08-17 23:18:01 -------- d-----w- C:\Users\Bev\AppData\Local\{704210BC-8AED-4805-9ED0-5A6AE6D79436}2013-08-17 06:13:49 -------- d-----w- C:\Users\Bev\AppData\Local\{B9DA97AC-5F08-43B2-B272-0781245D6804}2013-08-15 21:21:17 -------- d-----w- C:\Users\Bev\AppData\Local\{E0859346-9544-4CE0-A8CA-08C88AAC35BA}2013-08-15 04:48:53 -------- d-----w- C:\EnerBankUSA2013-08-12 03:28:24 -------- d-----w- C:\Users\Bev\AppData\Local\{8103DA18-FD3A-40DF-93FA-BA757B08D336}2013-08-09 00:18:25 -------- d-----w- C:\Users\Bev\AppData\Local\{BB22D809-001E-4121-B40C-4F19B706F384}2013-08-07 20:47:00 -------- d-----w- C:\Users\Bev\AppData\Local\{F1C2C93B-39F9-42C3-807B-BFA0D3568545}2013-08-06 19:39:45 -------- d-----w- C:\Users\Bev\AppData\Local\{120A8B27-81AE-422E-BEDF-F800619EE72D}2013-08-05 06:39:25 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL2013-08-05 06:38:46 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll2013-08-05 06:38:46 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-08-05 06:38:46 43520 ----a-w- C:\Windows\System32\csrsrv.dll2013-08-05 06:38:46 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-08-05 06:38:46 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-08-05 06:38:46 112640 ----a-w- C:\Windows\System32\smss.exe2013-08-05 06:37:54 1643520 ----a-w- C:\Windows\System32\DWrite.dll2013-08-05 06:37:54 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll2013-08-05 01:40:07 -------- d-----w- C:\Users\Bev\AppData\Local\{9C74A07D-0B4A-41AF-A7AB-585ECC484A01}2013-08-05 01:36:05 -------- d-----w- C:\VideosMason2013-08-03 23:46:19 -------- d-----w- C:\Users\Bev\AppData\Local\{4873C7AD-178C-4285-AF76-BF8CDAD27EFA}.==================== Find3M ====================.2013-08-21 00:49:19 17139080 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe2013-07-01 16:49:06 325920 ----a-w- C:\Windows\SysWow64\Sendori.dll2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys.============= FINISH: 15:22:30.30 =============== Share this post Link to post Share on other sites
blade81 3 Report post Posted September 3, 2013 Hi, Open notepad and copy/paste the text in the quotebox below into it: Folder:: c:\programdata\fsil Registry:: [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{09942569-D515-42BE-9F5A-A439B20F91AB}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{f0e59437-6148-4a98-b0a6-60d557ef57f4}] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{f0e59437-6148-4a98-b0a6-60d557ef57f4}"=- [-HKEY_CLASSES_ROOT\clsid\{f0e59437-6148-4a98-b0a6-60d557ef57f4}] Save this asCFScriptA word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.Close all browser windows, turn off protection software and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).Then post the resultant log. Share this post Link to post Share on other sites
Corbadda 0 Report post Posted September 3, 2013 I ran ComboFix using the CFScript.txt as instructed. Here is the log as follows: ComboFix 13-09-02.02 - Bev 09/03/2013 0:18.3.4 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4009.2082 [GMT -7:00]Running from: c:\users\Bev\Desktop\ComboFix.exeCommand switches used :: c:\users\Bev\Desktop\CFScript.txtAV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\fsilc:\programdata\fsil\npphx.ocyc:\programdata\fsil\yjbj.qnj..((((((((((((((((((((((((( Files Created from 2013-08-03 to 2013-09-03 )))))))))))))))))))))))))))))))..2013-09-03 07:26 . 2013-09-03 07:26 -------- d-----w- c:\users\Default\AppData\Local\temp2013-09-02 20:24 . 2013-09-02 20:24 -------- d-----w- c:\program files (x86)\ESET2013-08-28 22:12 . 2013-08-28 22:12 -------- d-----w- C:\FRST2013-08-26 21:23 . 2013-08-26 21:23 -------- d-----w- C:\JailhouseInn2013-08-23 18:36 . 2013-08-23 18:36 -------- d-----w- C:\MasonCD2013-08-20 21:30 . 2013-08-20 21:31 -------- d-----w- C:\MirandasPeople - Copy2013-08-19 21:41 . 2013-08-19 21:42 -------- d-----w- C:\TitanicHistoricalSociety2013-08-15 04:48 . 2013-08-15 19:55 -------- d-----w- C:\EnerBankUSA2013-08-05 06:40 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll2013-08-05 06:39 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL2013-08-05 06:38 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe2013-08-05 06:38 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll2013-08-05 06:38 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-08-05 06:38 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-08-05 06:38 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll2013-08-05 06:38 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe2013-08-05 06:37 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll2013-08-05 06:37 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll2013-08-05 01:36 . 2013-08-05 01:36 -------- d-----w- C:\VideosMason...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-08-21 00:49 . 2013-02-26 23:49 17139080 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe2013-07-01 16:49 . 2013-02-17 00:11 325920 ----a-w- c:\windows\SysWow64\Sendori.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{09942569-D515-42BE-9F5A-A439B20F91AB}]c:\program files (x86)\Unfriend Checker\uc.dll [bU].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]2012-11-16 21:41 87448 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{f0e59437-6148-4a98-b0a6-60d557ef57f4}]c:\program files (x86)\WhiteSmoke_B\prxtbWhit.dll [bU].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-11-16 87448].[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1][HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd].[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-11-16 542104]"SearchProtection"="c:\programdata\Search Protection\_run.bat" [2012-12-13 141]"Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-07-01 83232]"LWS"="c:\logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576].c:\users\Bev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk - c:\logitech\Ereg\eReg.exe /remind /language=ENU /_WFM="." [2009-11-16 517384]OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-13 291896].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]@="Ad-Aware Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]@="Service".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]R3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x]S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x]S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x]S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe;c:\program files\Trend Micro\Titanium\TiMiniService.exe [x]S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]..Contents of the 'Scheduled Tasks' folder.2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 20:58].2013-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 20:58]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2011-05-21 1139992]"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-05-21 192520]"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2011-05-21 328400]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 192.168.12.1.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Wow6432Node-HKLM-Run-<NO NAME> - (no file)AddRemove-{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1 - c:\program files (x86)\24x7Help\unins000.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<ΦÚ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<ΦÚ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÔfÒ„]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÔfÒ„\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æÈrÂç]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æÈrÂç\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æHuÂç]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æHuÂç\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^“!XeÄ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^“!XeÄ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Pаú]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Pаú\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^#PãzzŸ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^#PãzzŸ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Q%HÛ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Q%HÛ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^XQ˜à]]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^XQ˜à]\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÀQILÃ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÀQILÃ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vRâf’Æ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vRâf’Æ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^2SºÂ&_]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^2SºÂ&_\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^uS¦¶°à]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^uS¦¶°à\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^T©È€]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^T©È€\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yTßíØ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yTßíØ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yT_¯íØ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yT_¯íØ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^–T‡kÛ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^–T‡kÛ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^U!Uê]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^U!Uê\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÙVF«hþ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÙVF«hþ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^gWd°â)]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^gWd°â)\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXÙ‚RÂ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXÙ‚RÂ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXY‡RÂ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXY‡RÂ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡YIÙS]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡YIÙS\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡YJÙS]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡YJÙS\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‘ZÜpÝJ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‘ZÜpÝJ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ì]¯Õ4]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ì]¯Õ4\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^ÚA¯Ÿ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^ÚA¯Ÿ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^edž¤]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^edž¤\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^I^òìÄ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^I^òìÄ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^_ã‚Q]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^_ã‚Q\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^B_9¤ÆP]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^B_9¤ÆP\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^g_0q¥Ô]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^g_0q¥Ô\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^u_*æ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^u_*æ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ï_©Ùw‘]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ï_©Ùw‘\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^§`Ðúõ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^§`Ðúõ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨`B-<]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨`B-<\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Raù\ö]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Raù\ö\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^|aßÍ#]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^|aßÍ#\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¾aw™ý½]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¾aw™ý½\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÆaûIu]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÆaûIu\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Æa{Ku]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Æa{Ku\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ùa‰ap]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ùa‰ap\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*b¯…ï]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*b¯…ï\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Úb,¤çˆ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Úb,¤çˆ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<cØyN—]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<cØyN—\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^[cSQ—¯]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^[cSQ—¯\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨cŒÍ<p]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨cŒÍ<p\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]d-_]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]d-_\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vdàÁtà]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vdàÁtà\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^!eðË=]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^!eðË=\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]eê–]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]eê–\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Þezù!"]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Þezù!"\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*f–àPá]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*f–àPá\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^5WÂ%-™]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^5WÂ%-™\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^µcZœÅ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^µcZœÅ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ãtE¥ãt`^WeY9òü]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ãtE¥ãt`^WeY9òü\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥’uE¥’u`^ÿU¯NâŠ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥’uE¥’u`^ÿU¯NâŠ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥™uE¥™u`^že’•yâ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥™uE¥™u`^že’•yâ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥àuE¥àu`^ùe[a˜[]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥àuE¥àu`^ùe[a˜[\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^¨cŠ‘LÉ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^¨cŠ‘LÉ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©cLÔ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©cLÔ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©c› äâ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©c› äâ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^VaV#]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^VaV#\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^2UrÝÂb]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^2UrÝÂb\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FvE¥Fv`^æ`œetE]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FvE¥Fv`^æ`œetE\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ivE¥iv`^Ž[•C]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ivE¥iv`^Ž[•C\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥svE¥sv`^ÐhÆô‹¥]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥svE¥sv`^ÐhÆô‹¥\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÿvE¥ÿv`^raÚeS]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÿvE¥ÿv`^raÚeS\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FwE¥Fw`^5bLо]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FwE¥Fw`^5bLо\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^ŽU<Ü=]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^ŽU<Ü=\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^‹Y8ýŸî]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^‹Y8ýŸî\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Øt¨¯Øt`^¯bØc]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Øt¨¯Øt`^¯bØc\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^Þ]3siþ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^Þ]3siþ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaoK3]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaoK3\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaÿT3]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaÿT3\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^|aX¨šx]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^|aX¨šx\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^]hwéÛ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^]hwéÛ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^²Tgmû²]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^²Tgmû²\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^–UØGE!]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^–UØGE!\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^zY§wŠy]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^zY§wŠy\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^ªYtÏ·]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^ªYtÏ·\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^–R…³c8]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^–R…³c8\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^,VĘæÁ]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^,VĘæÁ\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^…^‹öv]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^…^‹öv\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯šu¨¯šu`^Z^³ìL]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯šu¨¯šu`^Z^³ìL\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯¡u¨¯¡u`^Šj`eÚ²]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯¡u¨¯¡u`^Šj`eÚ²\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^_ˆIÄ‹]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^_ˆIÄ‹\OpenWithList]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^Ea²àX]@Class="Shell".[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^Ea²àX\OpenWithList]@Class="Shell".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-09-03 00:28:03ComboFix-quarantined-files.txt 2013-09-03 07:28ComboFix2.txt 2013-09-02 20:09ComboFix3.txt 2013-08-31 22:03.Pre-Run: 38,104,883,200 bytes freePost-Run: 38,204,203,008 bytes free.- - End Of File - - 5B9A1F51935223AA03192019D9D3AED95C616939100B85E558DA92B899A0FC36 Share this post Link to post Share on other sites
blade81 3 Report post Posted September 4, 2013 Hi, How's the system running now? Share this post Link to post Share on other sites
Corbadda 0 Report post Posted September 4, 2013 Hi Blade81! I had been avoiding using the system until you gave me the go ahead. After using it for a while today everything seems to be running normally with no problems or errors. Thank you for all your help in getting rid of this nasty virus! I have always been able to rely on the experts here! Is there anything further that needs to addressed? Or should I begin making sure all the programs are up to date? Share this post Link to post Share on other sites
blade81 3 Report post Posted September 6, 2013 Good. Let's see the final steps then THESE STEPS ARE VERY IMPORTANTLet's reset system restoreReset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.A To disable the System Restore feature: 1. Click on the Start button. 2. Hover over the Computer option, right click on it and then click Properties. 3. On the left hand side, click Advanced Settings. 4. If asked to permit the action, click on Allow. 5. Click on the System Protection tab. 6. Select c: drive and click Configure... 7. Select Turn off protection 8. Press OK. Repeat steps 6-8 for each hard drive.B. Reboot.C Turn ON System Restore.Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option. Now lets uninstall ComboFix: Click START then RUN Now copy-paste Combofix /uninstall in the runbox and click OK Just a final reminder for you. I am trying to stress these two points.UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.Make sure all of your security programs are up to date.Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.Once again, please post and tell me how things are going with your system... problems etc.Have a great day,Blade Share this post Link to post Share on other sites
Corbadda 0 Report post Posted September 6, 2013 I reset system restore and uninstalled Combofix as instructed. The computer continues to run normally without any problems. Thank you again for all your help! I have already begun making sure everything is up to date and using Window's Update. Since this is my mother's computer I lectured her on the importance of keeping it updated, lol. Thanks again and you have a great day as well Blade! Share this post Link to post Share on other sites
blade81 3 Report post Posted September 9, 2013 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue. Everyone else please begin a New Topic. Thank you ! Share this post Link to post Share on other sites
