Sign in to follow this  
Corbadda

"FBI Cybercrime" Ransom Virus

Recommended Posts

It appears that one of my home computers has been hijacked by a virus. After Windows start up a screen appears claiming to have something to do with the "FBI" and "Cybercrime Division" stating something about sending money or face criminal arrest. This same screen appears even after booting into Safe Mode making it impossible to access any programs and files. It appears the computer became infected after opening an infected email. The computer runs Window 7 and was using the newest version of Ad-Aware 10.

 

What would be the first step to getting rid of this thing? This has to be the most serious virus I have ever encountered!

Share this post


Link to post
Share on other sites

Hi,

 

 

 

  • For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

Share this post


Link to post
Share on other sites

Hello Blade81,

 

I followed your instructions and successfully ran Farbar Recovery Scan Tool x64. Here is the log file as follows:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by SYSTEM on 28-08-2013 23:57:16
Running from J:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VizorHtmlDialog.exe] - C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1139992 2011-05-20] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2011-05-20] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [328400 2011-05-20] (Trend Micro Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] - C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [98616 2008-04-17] (ArcSoft Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542104 2012-11-16] (Lavasoft)
HKLM-x32\...\Run: [searchProtection] - C:\ProgramData\Search Protection\_run.bat [141 2012-12-13] ()
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKLM-x32\...\Run: [sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-07-01] (Sendori, Inc.)
HKLM-x32\...\Run: [LWS] - C:\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKU\Bev\...\Winlogon: [shell] C:\Users\Bev\AppData\Roaming\dbu32.ocx,explorer.exe <==== ATTENTION
Startup: C:\Users\Bev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson scanner Registration.lnk
ShortcutTarget: Epson scanner Registration.lnk -> (No File)
Startup: C:\Users\Bev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\Bev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 24x7HelpSvc; C:\Program Files (x86)\24x7Help\App24x7Svc.exe [394392 2012-09-18] (PCRx.com, LLC)
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [102712 2008-04-17] (ArcSoft Inc.)
S2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236368 2012-12-07] (Lavasoft Limited)
S2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-13] (Secunia)
S2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)
S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori)
S2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [244440 2011-05-20] (Trend Micro Inc.)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

==================== Drivers (Whitelisted) ====================

S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2012-12-13] (GFI Software)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90896 2011-05-21] (Trend Micro Inc.)
S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144656 2011-05-21] (Trend Micro Inc.)
S2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [69392 2011-05-21] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2011-05-21] (Trend Micro Inc.)
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-28 12:48 - 2013-08-28 22:45 - 00003588 _____ C:\Windows\PFRO.log
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\yowfl.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\xtid.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\wobomg.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\vtaq.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\tpuge.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\qgmt.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\qcovne.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\pfwd.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\mdfjbha.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\ivgq.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\ghbtls.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\fyldo.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\edrsytb.exe
2013-08-28 12:05 - 2013-08-28 12:08 - 00000000 ____D C:\ProgramData\fsil
2013-08-28 08:45 - 2013-08-28 12:02 - 00000168 _____ C:\Windows\setupact.log
2013-08-28 08:45 - 2013-08-28 08:45 - 00000000 _____ C:\Windows\setuperr.log
2013-08-26 13:23 - 2013-08-26 13:23 - 00000000 ____D C:\JailhouseInn
2013-08-26 09:25 - 2013-08-26 09:25 - 00000000 ____D C:\Users\Bev\AppData\Local\{AEBE6523-5364-4C9D-9977-FF34F0750DA0}
2013-08-25 14:16 - 2013-08-25 14:17 - 00000000 ____D C:\Users\Bev\AppData\Local\{9961D5E6-8226-400E-A565-A339490931F3}
2013-08-25 14:15 - 2013-08-25 14:15 - 00000000 ____D C:\Users\Bev\AppData\Local\{F5DA1F16-EE07-4407-B200-70051D4F9252}
2013-08-25 10:49 - 2013-08-25 22:43 - 00000000 ____D C:\Users\Bev\Documents\FamilyHistoryToInput
2013-08-24 16:09 - 2013-08-24 16:09 - 00000000 ____D C:\Users\Bev\AppData\Local\{B08E6515-B6E4-4D03-907A-D3216F212A26}
2013-08-23 10:36 - 2013-08-23 10:36 - 00000000 ____D C:\MasonCD
2013-08-23 09:23 - 2013-08-23 09:24 - 00000000 ____D C:\Users\Bev\AppData\Local\{D0142CBD-BE74-4355-9FCB-8E4FD09F89B6}
2013-08-22 17:31 - 2013-08-22 17:31 - 00000000 ____D C:\Users\Bev\AppData\Local\{50F7AD71-6BC1-4E56-A85E-A7BB48ADF3ED}
2013-08-22 17:28 - 2013-08-22 17:28 - 00000000 ____D C:\Users\Bev\AppData\Local\{D80B408D-9F90-4B58-B0C7-EA1A33021AA6}
2013-08-22 17:28 - 2013-08-22 17:28 - 00000000 ____D C:\Users\Bev\AppData\Local\{A1C403F6-AF5A-427C-9D71-FE8AE3D8A504}
2013-08-20 13:30 - 2013-08-20 13:31 - 00000000 ____D C:\MirandasPeople - Copy
2013-08-19 13:41 - 2013-08-19 13:42 - 00000000 ____D C:\TitanicHistoricalSociety
2013-08-18 21:46 - 2013-08-18 21:58 - 00000000 ____D C:\Users\Bev\Downloads\2013Aug18FILEthese
2013-08-18 11:19 - 2013-08-18 11:19 - 00000000 ____D C:\Users\Bev\AppData\Local\{347D25BF-F641-4F1C-A6AB-AB0A8398686C}
2013-08-17 15:18 - 2013-08-17 15:18 - 00000000 ____D C:\Users\Bev\AppData\Local\{704210BC-8AED-4805-9ED0-5A6AE6D79436}
2013-08-16 22:13 - 2013-08-16 22:13 - 00000000 ____D C:\Users\Bev\AppData\Local\{B9DA97AC-5F08-43B2-B272-0781245D6804}
2013-08-15 13:21 - 2013-08-15 13:21 - 00000000 ____D C:\Users\Bev\AppData\Local\{E0859346-9544-4CE0-A8CA-08C88AAC35BA}
2013-08-14 20:48 - 2013-08-15 11:55 - 00000000 ____D C:\EnerBankUSA
2013-08-11 19:28 - 2013-08-11 19:28 - 00000000 ____D C:\Users\Bev\AppData\Local\{8103DA18-FD3A-40DF-93FA-BA757B08D336}
2013-08-11 15:30 - 2005-02-11 11:03 - 00230454 _____ C:\Users\Bev\Downloads\charlescamilla.bmp
2013-08-10 21:39 - 2013-08-10 21:39 - 00000000 ____D C:\Users\Bev\Downloads\RogerCindy
2013-08-08 16:18 - 2013-08-08 16:18 - 00000000 ____D C:\Users\Bev\AppData\Local\{BB22D809-001E-4121-B40C-4F19B706F384}
2013-08-07 12:47 - 2013-08-07 12:47 - 00000000 ____D C:\Users\Bev\AppData\Local\{F1C2C93B-39F9-42C3-807B-BFA0D3568545}
2013-08-06 11:39 - 2013-08-06 11:39 - 00000000 ____D C:\Users\Bev\AppData\Local\{120A8B27-81AE-422E-BEDF-F800619EE72D}
2013-08-04 22:48 - 2013-05-28 22:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-04 22:48 - 2013-05-28 21:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-04 22:48 - 2013-05-28 21:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-04 22:48 - 2013-05-28 21:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-04 22:48 - 2013-05-28 21:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-04 22:48 - 2013-05-28 21:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-08-04 22:48 - 2013-05-28 21:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-08-04 22:48 - 2013-05-28 21:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-04 22:48 - 2013-05-28 21:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-04 22:48 - 2013-05-28 21:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-08-04 22:48 - 2013-05-28 21:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-08-04 22:48 - 2013-05-28 21:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-04 22:48 - 2013-05-28 21:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-04 22:48 - 2013-05-28 21:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-04 22:48 - 2013-05-28 21:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-08-04 22:48 - 2013-05-28 21:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-04 22:48 - 2013-05-28 17:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-04 22:48 - 2013-05-28 17:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-04 22:48 - 2013-05-28 17:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-04 22:48 - 2013-05-28 17:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-08-04 22:48 - 2013-05-28 17:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-04 22:48 - 2013-05-28 17:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-04 22:48 - 2013-05-28 17:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-04 22:48 - 2013-05-28 17:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-04 22:48 - 2013-05-28 17:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-08-04 22:48 - 2013-05-28 17:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-08-04 22:48 - 2013-05-28 17:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-04 22:48 - 2013-05-28 17:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-04 22:48 - 2013-05-28 17:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-04 22:48 - 2013-05-28 17:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-04 22:48 - 2013-05-28 17:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-04 22:48 - 2013-05-28 17:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-04 22:40 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-08-04 22:40 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-08-04 22:40 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-08-04 22:40 - 2013-05-12 21:51 - 01464320 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-04 22:40 - 2013-05-12 21:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-04 22:40 - 2013-05-12 21:51 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-04 22:40 - 2013-05-12 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-08-04 22:40 - 2013-05-12 20:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-04 22:40 - 2013-05-12 20:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-04 22:40 - 2013-05-12 20:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-04 22:40 - 2013-05-12 19:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-08-04 22:40 - 2013-05-12 19:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-08-04 22:40 - 2013-05-12 19:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-08-04 22:40 - 2013-05-07 22:39 - 01910632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-04 22:40 - 2013-04-25 21:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-08-04 22:40 - 2013-04-25 20:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-08-04 22:40 - 2013-04-09 22:01 - 00983400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-08-04 22:40 - 2013-04-09 22:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-08-04 22:40 - 2013-02-26 22:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-08-04 22:40 - 2013-02-26 21:52 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-08-04 22:40 - 2013-02-26 21:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-08-04 22:40 - 2013-02-26 21:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-08-04 22:40 - 2013-02-26 21:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-08-04 22:40 - 2013-02-26 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-08-04 22:40 - 2013-02-26 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-08-04 22:40 - 2013-02-26 20:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-08-04 22:40 - 2011-02-03 03:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-08-04 22:39 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-04 22:39 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-04 22:39 - 2013-04-12 06:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-08-04 22:38 - 2013-03-18 22:04 - 05550424 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-04 22:38 - 2013-03-18 21:46 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-08-04 22:38 - 2013-03-18 21:04 - 03968856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-04 22:38 - 2013-03-18 21:04 - 03913560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-04 22:38 - 2013-03-18 20:47 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-08-04 22:38 - 2013-03-18 19:06 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-08-04 22:37 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-08-04 22:37 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-08-04 17:40 - 2013-08-04 17:40 - 00000000 ____D C:\Users\Bev\AppData\Local\{9C74A07D-0B4A-41AF-A7AB-585ECC484A01}
2013-08-04 17:36 - 2013-08-04 17:36 - 00000000 ____D C:\VideosMason
2013-08-03 15:46 - 2013-08-03 15:46 - 00000000 ____D C:\Users\Bev\AppData\Local\{4873C7AD-178C-4285-AF76-BF8CDAD27EFA}
2013-08-02 15:47 - 2013-08-02 15:49 - 00000000 ____D C:\0001
2013-08-02 15:39 - 2013-08-02 15:39 - 00000000 ____D C:\Users\Bev\Downloads\001
2013-08-01 13:35 - 2013-08-01 13:35 - 00000000 ____D C:\Users\Bev\AppData\Local\{00BB0257-C342-46A2-919B-8B2C2B6F4698}
2013-08-01 11:57 - 2013-08-05 16:24 - 00000000 ____D C:\Insurance
2013-08-01 11:27 - 2013-08-01 11:28 - 00000000 ____D C:\StateFarmInsurance
2013-07-30 11:27 - 2013-07-30 11:27 - 00000000 ____D C:\Users\Bev\AppData\Local\{F86EBFB9-9794-4D9E-A505-30DF8F3FF882}

==================== One Month Modified Files and Folders =======

2013-08-28 22:45 - 2013-08-28 12:48 - 00003588 _____ C:\Windows\PFRO.log
2013-08-28 14:12 - 2013-08-28 14:12 - 00000000 ____D C:\FRST
2013-08-28 12:38 - 2012-06-22 12:58 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-28 12:38 - 2012-06-06 18:18 - 01715083 _____ C:\Windows\WindowsUpdate.log
2013-08-28 12:13 - 2009-07-13 20:45 - 00021312 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-28 12:13 - 2009-07-13 20:45 - 00021312 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\yowfl.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\xtid.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\wobomg.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\vtaq.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\tpuge.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\qgmt.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\qcovne.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\pfwd.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\mdfjbha.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\ivgq.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\ghbtls.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\fyldo.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\edrsytb.exe
2013-08-28 12:08 - 2013-08-28 12:05 - 00000000 ____D C:\ProgramData\fsil
2013-08-28 12:04 - 2013-02-16 16:11 - 00000000 ____D C:\ProgramData\Sendori
2013-08-28 12:04 - 2012-06-17 11:31 - 00000000 ____D C:\Users\Bev\Documents\Outlook Files
2013-08-28 12:03 - 2012-11-12 13:28 - 00001870 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-08-28 12:03 - 2012-11-12 13:28 - 00001870 _____ C:\ProgramData\Desktop\Ad-Aware Antivirus.lnk
2013-08-28 12:03 - 2012-06-22 12:58 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-28 12:03 - 2012-06-06 16:59 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-08-28 12:03 - 2012-06-06 16:59 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-08-28 12:03 - 2012-06-06 16:37 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-08-28 12:02 - 2013-08-28 08:45 - 00000168 _____ C:\Windows\setupact.log
2013-08-28 12:02 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-28 10:49 - 2012-06-06 16:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-28 08:45 - 2013-08-28 08:45 - 00000000 _____ C:\Windows\setuperr.log
2013-08-27 12:11 - 2013-05-21 09:24 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2013-08-26 23:24 - 2012-06-22 13:54 - 00000000 ___SD C:\WCHSBPA
2013-08-26 15:18 - 2012-08-04 09:10 - 00000000 ____D C:\Health
2013-08-26 15:17 - 2012-06-17 22:35 - 00000000 ____D C:\users\Bev
2013-08-26 14:05 - 2012-06-26 22:22 - 00000000 ____D C:\MirandasPeople
2013-08-26 13:23 - 2013-08-26 13:23 - 00000000 ____D C:\JailhouseInn
2013-08-26 11:15 - 2012-06-18 15:19 - 00000000 ____D C:\Family Tree Maker
2013-08-26 09:25 - 2013-08-26 09:25 - 00000000 ____D C:\Users\Bev\AppData\Local\{AEBE6523-5364-4C9D-9977-FF34F0750DA0}
2013-08-26 08:48 - 2013-04-19 09:42 - 00000000 ____D C:\Users\Bev\Downloads\Dogs
2013-08-26 08:15 - 2009-07-13 21:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-25 22:43 - 2013-08-25 10:49 - 00000000 ____D C:\Users\Bev\Documents\FamilyHistoryToInput
2013-08-25 14:17 - 2013-08-25 14:16 - 00000000 ____D C:\Users\Bev\AppData\Local\{9961D5E6-8226-400E-A565-A339490931F3}
2013-08-25 14:16 - 2012-06-22 19:29 - 00000000 ____D C:\FamilyStuff
2013-08-25 14:15 - 2013-08-25 14:15 - 00000000 ____D C:\Users\Bev\AppData\Local\{F5DA1F16-EE07-4407-B200-70051D4F9252}
2013-08-25 14:06 - 2012-06-17 22:38 - 00000000 ____D C:\Users\Bev\AppData\Local\VirtualStore
2013-08-25 12:08 - 2013-06-02 08:43 - 00000000 ____D C:\Users\Bev\Downloads\CoolStuff
2013-08-24 16:09 - 2013-08-24 16:09 - 00000000 ____D C:\Users\Bev\AppData\Local\{B08E6515-B6E4-4D03-907A-D3216F212A26}
2013-08-23 19:43 - 2013-02-18 15:02 - 00000000 ____D C:\Users\Bev\Downloads\HouseIdeas
2013-08-23 10:43 - 2012-08-07 12:27 - 00000000 ____D C:\Facebook
2013-08-23 10:36 - 2013-08-23 10:36 - 00000000 ____D C:\MasonCD
2013-08-23 10:24 - 2012-09-20 13:32 - 00000000 ____D C:\Mason
2013-08-23 09:24 - 2013-08-23 09:23 - 00000000 ____D C:\Users\Bev\AppData\Local\{D0142CBD-BE74-4355-9FCB-8E4FD09F89B6}
2013-08-22 22:10 - 2013-02-16 16:15 - 00000000 ____D C:\Users\Bev\AppData\Roaming\Skype
2013-08-22 17:31 - 2013-08-22 17:31 - 00000000 ____D C:\Users\Bev\AppData\Local\{50F7AD71-6BC1-4E56-A85E-A7BB48ADF3ED}
2013-08-22 17:28 - 2013-08-22 17:28 - 00000000 ____D C:\Users\Bev\AppData\Local\{D80B408D-9F90-4B58-B0C7-EA1A33021AA6}
2013-08-22 17:28 - 2013-08-22 17:28 - 00000000 ____D C:\Users\Bev\AppData\Local\{A1C403F6-AF5A-427C-9D71-FE8AE3D8A504}
2013-08-22 13:15 - 2009-07-13 21:13 - 00794642 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-22 06:06 - 2013-02-16 16:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-20 16:49 - 2013-02-26 15:49 - 17139080 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-08-20 16:49 - 2012-06-06 16:24 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 16:49 - 2012-06-06 16:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-20 16:49 - 2012-06-06 16:24 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 16:04 - 2013-05-22 21:41 - 00000000 ____D C:\Users\Bev\Downloads\Health
2013-08-20 13:31 - 2013-08-20 13:30 - 00000000 ____D C:\MirandasPeople - Copy
2013-08-19 13:42 - 2013-08-19 13:41 - 00000000 ____D C:\TitanicHistoricalSociety
2013-08-18 21:58 - 2013-08-18 21:46 - 00000000 ____D C:\Users\Bev\Downloads\2013Aug18FILEthese
2013-08-18 13:43 - 2013-03-19 21:54 - 00000000 ____D C:\Users\Bev\Downloads\Receipts
2013-08-18 13:42 - 2012-08-18 17:20 - 00000000 ____D C:\ClipArtOldOffice
2013-08-18 11:19 - 2013-08-18 11:19 - 00000000 ____D C:\Users\Bev\AppData\Local\{347D25BF-F641-4F1C-A6AB-AB0A8398686C}
2013-08-18 11:16 - 2012-11-26 14:45 - 00000000 ____D C:\Scans
2013-08-18 11:15 - 2012-06-24 15:03 - 00010882 _____ C:\Users\Bev\Sti_Trace.log
2013-08-17 15:18 - 2013-08-17 15:18 - 00000000 ____D C:\Users\Bev\AppData\Local\{704210BC-8AED-4805-9ED0-5A6AE6D79436}
2013-08-16 22:13 - 2013-08-16 22:13 - 00000000 ____D C:\Users\Bev\AppData\Local\{B9DA97AC-5F08-43B2-B272-0781245D6804}
2013-08-16 15:45 - 2013-05-15 14:33 - 00000000 ____D C:\Users\Bev\Downloads\1314
2013-08-15 13:21 - 2013-08-15 13:21 - 00000000 ____D C:\Users\Bev\AppData\Local\{E0859346-9544-4CE0-A8CA-08C88AAC35BA}
2013-08-15 11:55 - 2013-08-14 20:48 - 00000000 ____D C:\EnerBankUSA
2013-08-15 10:15 - 2012-07-01 14:33 - 00000000 ____D C:\Dogs
2013-08-14 22:12 - 2013-05-21 10:14 - 00000000 ____D C:\MirandasPeopleLOGO
2013-08-11 22:54 - 2013-02-16 16:10 - 00000000 ____D C:\Program Files (x86)\WhiteSmoke_B
2013-08-11 19:28 - 2013-08-11 19:28 - 00000000 ____D C:\Users\Bev\AppData\Local\{8103DA18-FD3A-40DF-93FA-BA757B08D336}
2013-08-11 17:14 - 2013-02-16 16:10 - 00000000 ____D C:\Users\Bev\AppData\Roaming\SearchProtect
2013-08-11 17:14 - 2013-02-16 16:10 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-08-10 21:39 - 2013-08-10 21:39 - 00000000 ____D C:\Users\Bev\Downloads\RogerCindy
2013-08-08 16:18 - 2013-08-08 16:18 - 00000000 ____D C:\Users\Bev\AppData\Local\{BB22D809-001E-4121-B40C-4F19B706F384}
2013-08-07 21:18 - 2012-07-06 20:08 - 00000000 ____D C:\Users\Bev\AppData\Local\CrashDumps
2013-08-07 15:44 - 2013-05-23 11:29 - 00000000 ___SD C:\TeamESI
2013-08-07 12:47 - 2013-08-07 12:47 - 00000000 ____D C:\Users\Bev\AppData\Local\{F1C2C93B-39F9-42C3-807B-BFA0D3568545}
2013-08-07 11:59 - 2013-06-18 23:19 - 00000000 ____D C:\Users\Bev\Downloads\2013June19
2013-08-07 11:58 - 2013-04-24 11:38 - 00000000 ____D C:\Users\Bev\Downloads\Berra
2013-08-06 22:12 - 2013-06-07 06:23 - 00000000 ____D C:\Users\Bev\Documents\Diary
2013-08-06 12:29 - 2013-02-18 00:13 - 00039888 _____ C:\Windows\System32\lvcoinst.log
2013-08-06 11:39 - 2013-08-06 11:39 - 00000000 ____D C:\Users\Bev\AppData\Local\{120A8B27-81AE-422E-BEDF-F800619EE72D}
2013-08-05 16:24 - 2013-08-01 11:57 - 00000000 ____D C:\Insurance
2013-08-05 07:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-08-05 05:12 - 2012-06-17 22:38 - 00000000 ___RD C:\Users\Bev\Virtual Machines
2013-08-05 05:11 - 2009-07-13 20:45 - 00731768 _____ C:\Windows\System32\FNTCACHE.DAT
2013-08-05 05:10 - 2013-03-13 23:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-05 05:10 - 2013-03-13 23:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-04 23:10 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-04 23:10 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-04 23:10 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-04 22:53 - 2012-06-17 10:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-04 17:40 - 2013-08-04 17:40 - 00000000 ____D C:\Users\Bev\AppData\Local\{9C74A07D-0B4A-41AF-A7AB-585ECC484A01}
2013-08-04 17:36 - 2013-08-04 17:36 - 00000000 ____D C:\VideosMason
2013-08-03 15:46 - 2013-08-03 15:46 - 00000000 ____D C:\Users\Bev\AppData\Local\{4873C7AD-178C-4285-AF76-BF8CDAD27EFA}
2013-08-02 15:49 - 2013-08-02 15:47 - 00000000 ____D C:\0001
2013-08-02 15:39 - 2013-08-02 15:39 - 00000000 ____D C:\Users\Bev\Downloads\001
2013-08-02 11:49 - 2012-06-22 21:44 - 00000000 ____D C:\AncestryStuff
2013-08-01 13:35 - 2013-08-01 13:35 - 00000000 ____D C:\Users\Bev\AppData\Local\{00BB0257-C342-46A2-919B-8B2C2B6F4698}
2013-08-01 11:28 - 2013-08-01 11:27 - 00000000 ____D C:\StateFarmInsurance
2013-08-01 08:38 - 2013-04-25 19:41 - 00000000 ____D C:\Users\Bev\Downloads\MiscStuff
2013-07-30 17:05 - 2012-07-21 19:09 - 00000000 ____D C:\Addresses
2013-07-30 11:27 - 2013-07-30 11:27 - 00000000 ____D C:\Users\Bev\AppData\Local\{F86EBFB9-9794-4D9E-A505-30DF8F3FF882}
2013-07-29 09:17 - 2012-08-19 16:12 - 00000000 ____D C:\Pending

Files to move or delete:
====================
C:\ProgramData\edrsytb.exe
C:\ProgramData\fyldo.exe
C:\ProgramData\ghbtls.exe
C:\ProgramData\ivgq.exe
C:\ProgramData\mdfjbha.exe
C:\ProgramData\pfwd.exe
C:\ProgramData\qcovne.exe
C:\ProgramData\qgmt.exe
C:\ProgramData\tpuge.exe
C:\ProgramData\vtaq.exe
C:\ProgramData\wobomg.exe
C:\ProgramData\xtid.exe
C:\ProgramData\yowfl.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-07-31 14:55:23
Restore point made on: 2013-08-04 22:41:36
Restore point made on: 2013-08-12 15:19:50
Restore point made on: 2013-08-20 12:44:26
Restore point made on: 2013-08-28 10:30:25

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4008.63 MB
Available physical RAM: 3392.23 MB
Total Pagefile: 4006.83 MB
Available Pagefile: 3391.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:441.57 GB) (Free:34.89 GB) NTFS
Drive h: (RECOVERY) (Fixed) (Total:24.15 GB) (Free:16.75 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive j: () (Removable) (Total:7.44 GB) (Free:7.43 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 60721A77)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=24 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=442 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 7 GB) (Disk ID: 5FE8FA8E)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

LastRegBack: 2013-08-22 07:22

==================== End Of Log ============================

Share this post


Link to post
Share on other sites

Hi,


Important warning: In case after the fix the system booted don't run any scan or cleaning tool or you may loose some important functions. Please wait for the next instruction.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

HKU\Bev\...\Winlogon: [Shell] C:\Users\Bev\AppData\Roaming\dbu32.ocx,explorer.exe <==== ATTENTION
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\yowfl.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\xtid.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\wobomg.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\vtaq.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\tpuge.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\qgmt.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\qcovne.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\pfwd.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\mdfjbha.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\ivgq.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\ghbtls.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\fyldo.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\edrsytb.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also restart and let the computer boot normally and tell me how it went. I'll provide next set of instructions after that.

 

 

Share this post


Link to post
Share on other sites

I followed your instructions and ran FRST. I then booted the computer normally and it appeared to boot up without any problems. The desktop remained and no strange screens appeared.

 

Here is the log from FRST:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-08-2013
Ran by SYSTEM at 2013-08-30 12:00:02 Run:1
Running from J:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\Bev\...\Winlogon: [shell] C:\Users\Bev\AppData\Roaming\dbu32.ocx,explorer.exe <==== ATTENTION
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\yowfl.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\xtid.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\wobomg.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\vtaq.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\tpuge.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\qgmt.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\qcovne.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\pfwd.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\mdfjbha.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\ivgq.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\ghbtls.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\fyldo.exe
2013-08-28 12:08 - 2013-08-28 12:08 - 00207360 _____ C:\ProgramData\edrsytb.exe
*****************

HKU\Bev\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\ProgramData\yowfl.exe => Moved successfully.
C:\ProgramData\xtid.exe => Moved successfully.
C:\ProgramData\wobomg.exe => Moved successfully.
C:\ProgramData\vtaq.exe => Moved successfully.
C:\ProgramData\tpuge.exe => Moved successfully.
C:\ProgramData\qgmt.exe => Moved successfully.
C:\ProgramData\qcovne.exe => Moved successfully.
C:\ProgramData\pfwd.exe => Moved successfully.
C:\ProgramData\mdfjbha.exe => Moved successfully.
C:\ProgramData\ivgq.exe => Moved successfully.
C:\ProgramData\ghbtls.exe => Moved successfully.
C:\ProgramData\fyldo.exe => Moved successfully.
C:\ProgramData\edrsytb.exe => Moved successfully.

==== End of Fixlog ====

Share this post


Link to post
Share on other sites

Good. Let's continue :)

 

 

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker (disabling your antivirus protection should be enough), and then double click dds file to run the tool.

  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt

Save both reports to your desktop. Include the contents of those reports to your post. Please, do not zip Attach.txt even if the message box says that.

 

Share this post


Link to post
Share on other sites

Thanks for all the help! :)

 

I ran downloaded and ran DDS as instructed. Here are the log files as follows:

 

 

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16496
Run by Bev at 3:23:25 on 2013-08-31
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4009.2113 [GMT -7:00]
.
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\24x7Help\App24x7Svc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Sendori\SendoriTray.exe
C:\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\ProgramData\Search Protection\SearchProtection.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Sendori\SendoriSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Sendori\SendoriUp.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files (x86)\Sendori\sndappv2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Sendori\Sendori.Service.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uSearch Bar = Preserve
uURLSearchHooks: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} -
mURLSearchHooks: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} -
mWinlogon: Userinit = userinit.exe,
BHO: Unfriend Checker: {09942569-D515-42BE-9F5A-A439B20F91AB} - C:\Program Files (x86)\Unfriend Checker\uc.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} -
TB: WhiteSmoke B Toolbar: {F0E59437-6148-4A98-B0A6-60D557EF57F4} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [searchProtection] C:\ProgramData\Search Protection\_run.bat
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
mRun: [LWS] C:\Logitech\LWS\Webcam Software\LWS.exe -hide
dRun: [searchProtect] \SearchProtect\bin\cltmng.exe
StartupFolder: C:\Users\Bev\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EPSONS~1.LNK - D:\Common\EpsonReg\V30\Ereg.exe
StartupFolder: C:\Users\Bev\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Logitech\Ereg\eReg.exe
StartupFolder: C:\Users\Bev\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\Windows\System32\Sendori.dll


TCP: NameServer = 192.168.12.1
TCP: Interfaces\{37314881-E905-46E4-9DB0-64917E6345A1} : DHCPNameServer = 192.168.12.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_paid.html" "DEF" "DEF" "DEF"
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none"
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2012-12-3 14456]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-6-6 55856]
R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2012-11-12 57976]
R2 24x7HelpSvc;24x7HelpService;C:\Program Files (x86)\24x7Help\App24x7Svc.exe [2013-2-16 394392]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-12-7 1236368]
R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-7-1 119072]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-12 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-12 701512]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-13 994360]
R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-7-1 22304]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-6-6 1695040]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008]
R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-7-1 3623200]
R2 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2012-6-6 244440]
R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2012-6-6 69392]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-6 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-12 25928]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-6 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-6-6 267480]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-9-21 24608]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
S3 LVUVC64;Logitech HD Webcam C510(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2012-1-18 4763680]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-12 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-12 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-12 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-18 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-08-28 22:12:55 -------- d-----w- C:\FRST
2013-08-28 20:05:06 -------- d-----w- C:\ProgramData\fsil
2013-08-26 21:23:59 -------- d-----w- C:\JailhouseInn
2013-08-26 17:25:35 -------- d-----w- C:\Users\Bev\AppData\Local\{AEBE6523-5364-4C9D-9977-FF34F0750DA0}
2013-08-25 22:16:55 -------- d-----w- C:\Users\Bev\AppData\Local\{9961D5E6-8226-400E-A565-A339490931F3}
2013-08-25 22:15:54 -------- d-----w- C:\Users\Bev\AppData\Local\{F5DA1F16-EE07-4407-B200-70051D4F9252}
2013-08-25 00:09:10 -------- d-----w- C:\Users\Bev\AppData\Local\{B08E6515-B6E4-4D03-907A-D3216F212A26}
2013-08-23 18:36:19 -------- d-----w- C:\MasonCD
2013-08-23 17:23:53 -------- d-----w- C:\Users\Bev\AppData\Local\{D0142CBD-BE74-4355-9FCB-8E4FD09F89B6}
2013-08-23 01:31:07 -------- d-----w- C:\Users\Bev\AppData\Local\{50F7AD71-6BC1-4E56-A85E-A7BB48ADF3ED}
2013-08-23 01:28:51 -------- d-----w- C:\Users\Bev\AppData\Local\{D80B408D-9F90-4B58-B0C7-EA1A33021AA6}
2013-08-23 01:28:09 -------- d-----w- C:\Users\Bev\AppData\Local\{A1C403F6-AF5A-427C-9D71-FE8AE3D8A504}
2013-08-20 21:30:29 -------- d-----w- C:\MirandasPeople - Copy
2013-08-19 21:41:59 -------- d-----w- C:\TitanicHistoricalSociety
2013-08-18 19:19:10 -------- d-----w- C:\Users\Bev\AppData\Local\{347D25BF-F641-4F1C-A6AB-AB0A8398686C}
2013-08-17 23:18:01 -------- d-----w- C:\Users\Bev\AppData\Local\{704210BC-8AED-4805-9ED0-5A6AE6D79436}
2013-08-17 06:13:49 -------- d-----w- C:\Users\Bev\AppData\Local\{B9DA97AC-5F08-43B2-B272-0781245D6804}
2013-08-15 21:21:17 -------- d-----w- C:\Users\Bev\AppData\Local\{E0859346-9544-4CE0-A8CA-08C88AAC35BA}
2013-08-15 04:48:53 -------- d-----w- C:\EnerBankUSA
2013-08-12 03:28:24 -------- d-----w- C:\Users\Bev\AppData\Local\{8103DA18-FD3A-40DF-93FA-BA757B08D336}
2013-08-09 00:18:25 -------- d-----w- C:\Users\Bev\AppData\Local\{BB22D809-001E-4121-B40C-4F19B706F384}
2013-08-07 20:47:00 -------- d-----w- C:\Users\Bev\AppData\Local\{F1C2C93B-39F9-42C3-807B-BFA0D3568545}
2013-08-06 19:39:45 -------- d-----w- C:\Users\Bev\AppData\Local\{120A8B27-81AE-422E-BEDF-F800619EE72D}
2013-08-05 06:39:25 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-08-05 06:38:46 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-08-05 06:38:46 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-05 06:38:46 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-08-05 06:38:46 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-05 06:38:46 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-05 06:38:46 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-05 06:37:54 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-08-05 06:37:54 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-08-05 01:40:07 -------- d-----w- C:\Users\Bev\AppData\Local\{9C74A07D-0B4A-41AF-A7AB-585ECC484A01}
2013-08-05 01:36:05 -------- d-----w- C:\VideosMason
2013-08-03 23:46:19 -------- d-----w- C:\Users\Bev\AppData\Local\{4873C7AD-178C-4285-AF76-BF8CDAD27EFA}
2013-08-02 23:47:32 -------- d-----w- C:\0001
2013-08-01 21:35:33 -------- d-----w- C:\Users\Bev\AppData\Local\{00BB0257-C342-46A2-919B-8B2C2B6F4698}
2013-08-01 19:57:57 -------- d-----w- C:\Insurance
2013-08-01 19:27:54 -------- d-----w- C:\StateFarmInsurance
.
==================== Find3M ====================
.
2013-08-21 00:49:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-21 00:49:22 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-21 00:49:19 17139080 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-07-01 16:49:06 325920 ----a-w- C:\Windows\SysWow64\Sendori.dll
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
.
============= FINISH: 3:23:47.45 ===============

 

 

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/17/2012 11:35:23 PM
System Uptime: 8/30/2013 12:04:22 PM (15 hours ago)
.
Motherboard: Dell Inc. | | 0GDG8Y
Processor: Intel® Core i5-2400 CPU @ 3.10GHz | CPU 1 | 1581/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 442 GiB total, 34.634 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP118: 7/31/2013 3:55:11 PM - Scheduled Checkpoint
RP119: 8/4/2013 11:41:24 PM - Windows Update
RP120: 8/12/2013 4:19:38 PM - Scheduled Checkpoint
RP121: 8/20/2013 1:44:14 PM - Scheduled Checkpoint
RP122: 8/28/2013 11:30:16 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
24x7 Help
ABBYY FineReader 6.0 Sprint
Accidental Damage Services Agreement
Ad-Aware Antivirus
Ad-Aware Security Add-on
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.5)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression
Ask Toolbar
Banctec Service Agreement
Bing Bar
Bonjour
CameraHelperMsi
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.0
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Catalina Savings Printer
CCleaner
Complete Care Business Service Agreement
Conexant HD Audio
Consumer In-Home Service Agreement
Corel PaintShop Pro X4
Corel Uninstaller
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Edoc Viewer
Dell Home Systems Service Agreement
DesignPro 5
DirectX 9 Runtime
Epson Copy Utility 3.5
Epson Event Manager
EPSON Perfection V30/V300 Photo Scanner Driver Update
EPSON Scan
erLT
Family Tree Maker 2010
Google Toolbar for Internet Explorer
Google Update Helper
ICA
Intel® Processor Graphics
Internet Explorer (Enable DEP)
IPM_PSP_COM
iTunes
Junk Mail filter update
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Pictures And Video
LWS Twitter
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft FrontPage 2002
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Publisher 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Store Download Manager
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
My Dell
PhotoShowExpress
PSPPContent
PSPPHelp
PSPPro64
QualxServ Service Agreement
RBVirtualFolder64Inst
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Secunia PSI (2.0.0.4003)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Sendori
Setup
Skype Click to Call
Skype™ 6.6
Sonic CinePlayer Decoder Pack
Trend Micro Titanium Internet Security
Unfriend Checker
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
WhiteSmoke B Toolbar
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
.
==== Event Viewer Messages From Past Week ========
.
8/31/2013 12:09:56 AM, Error: Service Control Manager [7031] - The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/30/2013 12:07:37 PM, Error: Service Control Manager [7034] - The sndappv2 service terminated unexpectedly. It has done this 1 time(s).
8/30/2013 12:07:36 PM, Error: Service Control Manager [7022] - The Service Sendori service hung on starting.
8/28/2013 11:50:33 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2013 11:46:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/28/2013 11:46:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/28/2013 11:46:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
8/28/2013 11:46:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
8/28/2013 11:46:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/28/2013 11:46:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/28/2013 11:46:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/28/2013 11:45:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/28/2013 11:45:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx tmtdi vpcnfltr vpcvmm Wanarpv6 WfpLwf ws2ifsl
8/28/2013 11:45:47 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/28/2013 11:45:47 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2013 11:45:47 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2013 11:45:47 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2013 11:45:47 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2013 11:45:44 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2013 11:45:44 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/28/2013 11:45:44 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
8/28/2013 11:45:44 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/28/2013 11:45:44 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/28/2013 1:49:59 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2013 1:48:49 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2013 1:48:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr tmtdi vpcvmm Wanarpv6
8/28/2013 1:27:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Application Sendori service.
8/27/2013 6:30:04 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/27/2013 6:30:04 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
8/26/2013 3:10:28 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Bev7\Bev SID (S-1-5-21-776842778-1022910293-1919321215-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/26/2013 3:10:28 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user Bev7\Bev SID (S-1-5-21-776842778-1022910293-1919321215-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/26/2013 3:10:28 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Bev7\Bev SID (S-1-5-21-776842778-1022910293-1919321215-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================

Share this post


Link to post
Share on other sites

Hi,


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.
  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

 

 

Share this post


Link to post
Share on other sites

I ran ComboFix and then reran DDS as instructed. Here are the log files as follows:

 

C:\ComboFix.txt

 

ComboFix 13-08-31.01 - Bev 08/31/2013 14:41:56.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4009.2533 [GMT -7:00]
Running from: c:\users\Bev\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\24x7Help
c:\program files (x86)\24x7Help\App24x7Help.exe
c:\program files (x86)\24x7Help\App24x7Hook.dll
c:\program files (x86)\24x7Help\App24x7Hook.exe
c:\program files (x86)\24x7Help\App24x7Hook64.dll
c:\program files (x86)\24x7Help\App24x7Hook64.exe
c:\program files (x86)\24x7Help\App24x7Svc.exe
c:\program files (x86)\24x7Help\Cfg24x7.exe
c:\program files (x86)\24x7Help\unins000.dat
c:\program files (x86)\24x7Help\unins000.exe
c:\program files (x86)\24x7Help\unins000.msg
c:\program files (x86)\Unfriend Checker\uc.Dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\24x7 Help
c:\programdata\Microsoft\Windows\Start Menu\Programs\24x7 Help\24x7 Help.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\24x7 Help\24x7Help.org.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\24x7 Help\Uninstall 24x7 Help.lnk
c:\programdata\PCDr\6280\AddOnDownloaded\3265cc37-1ae8-4a1d-b93a-d8a0d09ba823.dll
c:\programdata\PCDr\6280\AddOnDownloaded\357a8a4f-74a2-42f1-aed0-bea5984fd709.dll
c:\programdata\PCDr\6280\AddOnDownloaded\393c4795-5a95-448d-89c3-2d1321ae7575.dll
c:\programdata\PCDr\6280\AddOnDownloaded\5737a9df-39af-4df3-b97d-07f556d679c5.dll
c:\programdata\PCDr\6280\AddOnDownloaded\840b04b8-fb1e-4492-9645-97c163fb4348.dll
c:\programdata\PCDr\6280\AddOnDownloaded\8aa95cb2-816d-4a9a-a370-962b815a3013.dll
c:\programdata\PCDr\6280\AddOnDownloaded\97b26c73-ba78-4c33-81e8-2f3210990c0e.dll
c:\programdata\PCDr\6280\AddOnDownloaded\9a29e1fb-664e-4651-a32c-e1ab34198ded.dll
c:\programdata\PCDr\6280\AddOnDownloaded\ad3867bf-de78-4ebd-93f2-0811b275b627.dll
c:\programdata\PCDr\6280\AddOnDownloaded\e2989224-3347-43ce-b7a2-533339a265b0.dll
c:\users\Bev\AppData\Roaming\dbu32.ocx
c:\users\Bev\AppData\Roaming\SearchProtect
c:\users\Bev\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN
c:\users\Public\Desktop\24x7 Help.lnk
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_24x7HelpSvc
-------\Service_24x7HelpSvc
.
.
((((((((((((((((((((((((( Files Created from 2013-07-28 to 2013-08-31 )))))))))))))))))))))))))))))))
.
.
2013-08-31 21:51 . 2013-08-31 21:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-28 22:12 . 2013-08-28 22:12 -------- d-----w- C:\FRST
2013-08-28 20:05 . 2013-08-28 20:08 -------- d-----w- c:\programdata\fsil
2013-08-26 21:23 . 2013-08-26 21:23 -------- d-----w- C:\JailhouseInn
2013-08-23 18:36 . 2013-08-23 18:36 -------- d-----w- C:\MasonCD
2013-08-20 21:30 . 2013-08-20 21:31 -------- d-----w- C:\MirandasPeople - Copy
2013-08-19 21:41 . 2013-08-19 21:42 -------- d-----w- C:\TitanicHistoricalSociety
2013-08-15 04:48 . 2013-08-15 19:55 -------- d-----w- C:\EnerBankUSA
2013-08-05 06:40 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-08-05 06:39 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-08-05 06:38 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-05 06:38 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-08-05 06:38 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-05 06:38 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-05 06:38 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-08-05 06:38 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-08-05 06:37 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-08-05 06:37 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-08-05 01:36 . 2013-08-05 01:36 -------- d-----w- C:\VideosMason
2013-08-02 23:47 . 2013-08-02 23:49 -------- d-----w- C:\0001
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-21 00:49 . 2012-06-07 00:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-21 00:49 . 2012-06-07 00:24 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-21 00:49 . 2013-02-26 23:49 17139080 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-07-01 16:49 . 2013-02-17 00:11 325920 ----a-w- c:\windows\SysWow64\Sendori.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-11-16 21:41 87448 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-11-16 87448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-11-16 542104]
"SearchProtection"="c:\programdata\Search Protection\_run.bat" [2012-12-13 141]
"Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-07-01 83232]
"LWS"="c:\logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]
.
c:\users\Bev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\logitech\Ereg\eReg.exe /remind /language=ENU /_WFM="." [2009-11-16 517384]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-13 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x]
S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe;c:\program files\Trend Micro\Titanium\TiMiniService.exe [x]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 00:49]
.
2013-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 20:58]
.
2013-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 20:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2011-05-21 1139992]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-05-21 192520]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2011-05-21 328400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.12.1


.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{f0e59437-6148-4a98-b0a6-60d557ef57f4} - c:\program files (x86)\WhiteSmoke_B\prxtbWhit.dll
BHO-{09942569-D515-42BE-9F5A-A439B20F91AB} - c:\program files (x86)\Unfriend Checker\uc.dll
BHO-{f0e59437-6148-4a98-b0a6-60d557ef57f4} - c:\program files (x86)\WhiteSmoke_B\prxtbWhit.dll
Toolbar-Locked - (no file)
Toolbar-{f0e59437-6148-4a98-b0a6-60d557ef57f4} - c:\program files (x86)\WhiteSmoke_B\prxtbWhit.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe
c:\users\Bev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson scanner Registration.lnk - d:\common\EpsonReg\V30\Ereg.exe /remind /language=ENU /PRNM="00873"
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{F0E59437-6148-4A98-B0A6-60D557EF57F4} - (no file)
AddRemove-{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1 - c:\program files (x86)\24x7Help\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<ΦÚ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<ΦÚ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÔfÒ„]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÔfÒ„\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æÈrÂç]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æÈrÂç\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æHuÂç]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æHuÂç\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^“!XeÄ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^“!XeÄ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Pаú]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Pаú\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^#PãzzŸ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^#PãzzŸ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Q%HÛ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Q%HÛ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^XQ˜à]]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^XQ˜à]\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÀQILÃ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÀQILÃ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vRâf’Æ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vRâf’Æ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^2SºÂ&_]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^2SºÂ&_\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^uS¦¶°à]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^uS¦¶°à\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^T©È€]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^T©È€\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yTß­íØ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yTß­íØ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yT_¯íØ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yT_¯íØ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^–T‡
kÛ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^–T‡
kÛ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^U!Uê]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^U!Uê\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÙVF«hþ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÙVF«hþ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^gWd°â)]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^gWd°â)\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXÙ‚RÂ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXÙ‚RÂ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXY‡RÂ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXY‡RÂ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡YIÙS]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡YIÙS\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡Y
JÙS]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡Y
JÙS\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‘ZÜpÝJ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‘ZÜpÝJ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ì]¯Õ4]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ì]¯Õ4\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^ÚA¯Ÿ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^ÚA¯Ÿ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^edž¤]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^edž¤\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^I^ò
ìÄ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^I^ò
ìÄ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^
_ã‚Q]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^
_ã‚Q\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^B_9¤ÆP]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^B_9¤ÆP\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^g_0q¥Ô]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^g_0q¥Ô\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^u_*æ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^u_*æ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ï_©Ùw‘]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ï_©Ùw‘\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^§`Ðúõ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^§`Ðúõ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨`B-<]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨`B-<\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Raù\ö]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Raù\ö\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^|aßÍ#
]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^|aßÍ#
\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¾aw™ý½]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¾aw™ý½\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÆaûIu]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÆaûIu\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Æa{Ku]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Æa{Ku\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ùa‰ap]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ùa‰ap\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*b¯…ï]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*b¯…ï\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Úb,¤çˆ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Úb,¤çˆ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<cØyN—]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<cØyN—\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^[cSQ—¯]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^[cSQ—¯\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨cŒÍ<p]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨cŒÍ<p\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]d-_]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]d-_\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vdàÁtà]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vdàÁtà\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^!eðË=]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^!eðË=\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]eê–]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]eê–\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Þezù!"]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Þezù!"\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*f–àPá]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*f–àPá\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^5WÂ%-™]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^5WÂ%-™\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^µcZœÅ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^µcZœÅ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ãtE¥ãt`^WeY9òü]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ãtE¥ãt`^WeY9òü\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥’uE¥’u`^ÿU¯NâŠ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥’uE¥’u`^ÿU¯NâŠ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥™uE¥™u`^že’•yâ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥™uE¥™u`^že’•yâ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥àuE¥àu`^ùe[a˜[]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥àuE¥àu`^ùe[a˜[\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^¨cŠ‘LÉ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^¨cŠ‘LÉ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©cLÔ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©cLÔ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©c› äâ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©c› äâ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^VaV#]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^VaV#\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^2UrÝÂb]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^2UrÝÂb\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FvE¥Fv`^æ`œetE]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FvE¥Fv`^æ`œetE\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ivE¥iv`^Ž[•C]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ivE¥iv`^Ž[•C\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥svE¥sv`^ÐhÆô‹¥]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥svE¥sv`^ÐhÆô‹¥\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÿvE¥ÿv`^raÚeS]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÿvE¥ÿv`^raÚeS\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FwE¥Fw`^5bLЭ¾]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FwE¥Fw`^5bLЭ¾\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^ŽU<Ü=]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^ŽU<Ü=\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^‹Y8ýŸî]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^‹Y8ýŸî\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Øt¨¯Øt`^¯bØc­]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Øt¨¯Øt`^¯bØc­\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^Þ]3siþ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^Þ]3siþ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaoK3]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaoK3\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaÿT3]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaÿT3\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^|aX¨šx]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^|aX¨šx\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^]hwéÛ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^]hwéÛ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^²Tgmû²]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^²Tgmû²\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^–UØGE!]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^–UØGE!\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^zY§wŠy]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^zY§wŠy\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^ªYtÏ·]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^ªYtÏ·\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^–R…³c8]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^–R…³c8\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^,VĘæÁ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^,VĘæÁ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^…^‹öv]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^…^‹öv\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯šu¨¯šu`^Z^³ìL]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯šu¨¯šu`^Z^³ìL\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯¡u¨¯¡u`^Šj`eÚ²]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯¡u¨¯¡u`^Šj`eÚ²\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^_ˆIÄ‹]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^_ˆIÄ‹\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^Ea²àX]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^Ea²àX\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Sendori\SendoriUp.exe
.
**************************************************************************
.
Completion time: 2013-08-31 15:03:12 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-31 22:03
.
Pre-Run: 36,610,011,136 bytes free
Post-Run: 36,249,509,888 bytes free
.
- - End Of File - - 5114B074F6D07EFC8EA7F371C4D94C5E
5C616939100B85E558DA92B899A0FC36

 

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16496
Run by Bev at 15:04:53 on 2013-08-31
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4009.2626 [GMT -7:00]
.
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Sendori\sndappv2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Sendori\SendoriSvc.exe
C:\Program Files (x86)\Sendori\Sendori.Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Sendori\SendoriUp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mURLSearchHooks: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} -
BHO: Unfriend Checker: {09942569-D515-42BE-9F5A-A439B20F91AB} -
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [searchProtection] C:\ProgramData\Search Protection\_run.bat
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
mRun: [LWS] C:\Logitech\LWS\Webcam Software\LWS.exe -hide
StartupFolder: C:\Users\Bev\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Logitech\Ereg\eReg.exe
StartupFolder: C:\Users\Bev\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll


TCP: NameServer = 192.168.12.1
TCP: Interfaces\{37314881-E905-46E4-9DB0-64917E6345A1} : DHCPNameServer = 192.168.12.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_paid.html" "DEF" "DEF" "DEF"
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none"
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2012-12-3 14456]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-6-6 55856]
R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2012-11-12 57976]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-12-7 1236368]
R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-7-1 119072]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-12 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-12 701512]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-13 994360]
R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-7-1 22304]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-6-6 1695040]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008]
R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-7-1 3623200]
R2 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2012-6-6 244440]
R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2012-6-6 69392]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-6 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-12 25928]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-6 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-6-6 267480]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-9-21 24608]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
S3 LVUVC64;Logitech HD Webcam C510(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2012-1-18 4763680]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-12 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-12 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-12 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-18 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-08-31 21:54:05 -------- d-----w- C:\$RECYCLE.BIN
2013-08-31 21:40:32 98816 ----a-w- C:\Windows\sed.exe
2013-08-31 21:40:32 256000 ----a-w- C:\Windows\PEV.exe
2013-08-31 21:40:32 208896 ----a-w- C:\Windows\MBR.exe
2013-08-28 22:12:55 -------- d-----w- C:\FRST
2013-08-28 20:05:06 -------- d-----w- C:\ProgramData\fsil
2013-08-26 21:23:59 -------- d-----w- C:\JailhouseInn
2013-08-26 17:25:35 -------- d-----w- C:\Users\Bev\AppData\Local\{AEBE6523-5364-4C9D-9977-FF34F0750DA0}
2013-08-25 22:16:55 -------- d-----w- C:\Users\Bev\AppData\Local\{9961D5E6-8226-400E-A565-A339490931F3}
2013-08-25 22:15:54 -------- d-----w- C:\Users\Bev\AppData\Local\{F5DA1F16-EE07-4407-B200-70051D4F9252}
2013-08-25 00:09:10 -------- d-----w- C:\Users\Bev\AppData\Local\{B08E6515-B6E4-4D03-907A-D3216F212A26}
2013-08-23 18:36:19 -------- d-----w- C:\MasonCD
2013-08-23 17:23:53 -------- d-----w- C:\Users\Bev\AppData\Local\{D0142CBD-BE74-4355-9FCB-8E4FD09F89B6}
2013-08-23 01:31:07 -------- d-----w- C:\Users\Bev\AppData\Local\{50F7AD71-6BC1-4E56-A85E-A7BB48ADF3ED}
2013-08-23 01:28:51 -------- d-----w- C:\Users\Bev\AppData\Local\{D80B408D-9F90-4B58-B0C7-EA1A33021AA6}
2013-08-23 01:28:09 -------- d-----w- C:\Users\Bev\AppData\Local\{A1C403F6-AF5A-427C-9D71-FE8AE3D8A504}
2013-08-20 21:30:29 -------- d-----w- C:\MirandasPeople - Copy
2013-08-19 21:41:59 -------- d-----w- C:\TitanicHistoricalSociety
2013-08-18 19:19:10 -------- d-----w- C:\Users\Bev\AppData\Local\{347D25BF-F641-4F1C-A6AB-AB0A8398686C}
2013-08-17 23:18:01 -------- d-----w- C:\Users\Bev\AppData\Local\{704210BC-8AED-4805-9ED0-5A6AE6D79436}
2013-08-17 06:13:49 -------- d-----w- C:\Users\Bev\AppData\Local\{B9DA97AC-5F08-43B2-B272-0781245D6804}
2013-08-15 21:21:17 -------- d-----w- C:\Users\Bev\AppData\Local\{E0859346-9544-4CE0-A8CA-08C88AAC35BA}
2013-08-15 04:48:53 -------- d-----w- C:\EnerBankUSA
2013-08-12 03:28:24 -------- d-----w- C:\Users\Bev\AppData\Local\{8103DA18-FD3A-40DF-93FA-BA757B08D336}
2013-08-09 00:18:25 -------- d-----w- C:\Users\Bev\AppData\Local\{BB22D809-001E-4121-B40C-4F19B706F384}
2013-08-07 20:47:00 -------- d-----w- C:\Users\Bev\AppData\Local\{F1C2C93B-39F9-42C3-807B-BFA0D3568545}
2013-08-06 19:39:45 -------- d-----w- C:\Users\Bev\AppData\Local\{120A8B27-81AE-422E-BEDF-F800619EE72D}
2013-08-05 06:39:25 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-08-05 06:38:46 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-08-05 06:38:46 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-05 06:38:46 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-08-05 06:38:46 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-05 06:38:46 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-05 06:38:46 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-05 06:37:54 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-08-05 06:37:54 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-08-05 01:40:07 -------- d-----w- C:\Users\Bev\AppData\Local\{9C74A07D-0B4A-41AF-A7AB-585ECC484A01}
2013-08-05 01:36:05 -------- d-----w- C:\VideosMason
2013-08-03 23:46:19 -------- d-----w- C:\Users\Bev\AppData\Local\{4873C7AD-178C-4285-AF76-BF8CDAD27EFA}
2013-08-02 23:47:32 -------- d-----w- C:\0001
.
==================== Find3M ====================
.
2013-08-21 00:49:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-21 00:49:22 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-21 00:49:19 17139080 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-07-01 16:49:06 325920 ----a-w- C:\Windows\SysWow64\Sendori.dll
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
.
============= FINISH: 15:05:00.11 ===============

Share this post


Link to post
Share on other sites

Hi again,


Open notepad and copy/paste the text in the quotebox below into it:

DirLook::
C:\ProgramData\fsil

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.


Uninstall old Adobe Reader versions and get Adobe Reader 11.0 here and update 11.0.03 for it or get Foxit Reader here. Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here.

* Go here to run an online scanner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

 

 

Share this post


Link to post
Share on other sites

I ran ComboFix using the CFScript.txt as instructed. I also unistalled the old Adobe Reader and installed and updated Adobe Reader 11. I then went online and ran ESET as well as running DDS. Here are the log files as follows:

 

 

C:\ComboFix.txt

 

ComboFix 13-09-02.02 - Bev 09/02/2013 12:59:59.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4009.2358 [GMT -7:00]
Running from: c:\users\Bev\Desktop\ComboFix.exe
Command switches used :: c:\users\Bev\Desktop\CFScript.txt
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6280\AddOnDownloaded\3265cc37-1ae8-4a1d-b93a-d8a0d09ba823.dll
c:\programdata\PCDr\6280\AddOnDownloaded\357a8a4f-74a2-42f1-aed0-bea5984fd709.dll
c:\programdata\PCDr\6280\AddOnDownloaded\393c4795-5a95-448d-89c3-2d1321ae7575.dll
c:\programdata\PCDr\6280\AddOnDownloaded\5737a9df-39af-4df3-b97d-07f556d679c5.dll
c:\programdata\PCDr\6280\AddOnDownloaded\840b04b8-fb1e-4492-9645-97c163fb4348.dll
c:\programdata\PCDr\6280\AddOnDownloaded\8aa95cb2-816d-4a9a-a370-962b815a3013.dll
c:\programdata\PCDr\6280\AddOnDownloaded\97b26c73-ba78-4c33-81e8-2f3210990c0e.dll
c:\programdata\PCDr\6280\AddOnDownloaded\9a29e1fb-664e-4651-a32c-e1ab34198ded.dll
c:\programdata\PCDr\6280\AddOnDownloaded\ad3867bf-de78-4ebd-93f2-0811b275b627.dll
c:\programdata\PCDr\6280\AddOnDownloaded\e2989224-3347-43ce-b7a2-533339a265b0.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-08-02 to 2013-09-02 )))))))))))))))))))))))))))))))
.
.
2013-09-02 20:07 . 2013-09-02 20:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-28 22:12 . 2013-08-28 22:12 -------- d-----w- C:\FRST
2013-08-28 20:05 . 2013-08-28 20:08 -------- d-----w- c:\programdata\fsil
2013-08-26 21:23 . 2013-08-26 21:23 -------- d-----w- C:\JailhouseInn
2013-08-23 18:36 . 2013-08-23 18:36 -------- d-----w- C:\MasonCD
2013-08-20 21:30 . 2013-08-20 21:31 -------- d-----w- C:\MirandasPeople - Copy
2013-08-19 21:41 . 2013-08-19 21:42 -------- d-----w- C:\TitanicHistoricalSociety
2013-08-15 04:48 . 2013-08-15 19:55 -------- d-----w- C:\EnerBankUSA
2013-08-05 06:40 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-08-05 06:39 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-08-05 06:38 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-05 06:38 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-08-05 06:38 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-05 06:38 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-05 06:38 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-08-05 06:38 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-08-05 06:37 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-08-05 06:37 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-08-05 01:36 . 2013-08-05 01:36 -------- d-----w- C:\VideosMason
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-21 00:49 . 2012-06-07 00:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-21 00:49 . 2012-06-07 00:24 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-21 00:49 . 2013-02-26 23:49 17139080 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-07-01 16:49 . 2013-02-17 00:11 325920 ----a-w- c:\windows\SysWow64\Sendori.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\fsil ----
.
2013-08-28 20:08 . 2013-08-29 06:50 67031 ----a-w- c:\programdata\fsil\npphx.ocy
2013-08-28 20:08 . 2013-08-28 20:08 229185 ----a-w- c:\programdata\fsil\yjbj.qnj
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{09942569-D515-42BE-9F5A-A439B20F91AB}]
c:\program files (x86)\Unfriend Checker\uc.dll [bU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-11-16 21:41 87448 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{f0e59437-6148-4a98-b0a6-60d557ef57f4}]
c:\program files (x86)\WhiteSmoke_B\prxtbWhit.dll [bU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-11-16 87448]
"{f0e59437-6148-4a98-b0a6-60d557ef57f4}"= "c:\program files (x86)\WhiteSmoke_B\prxtbWhit.dll" [bU]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CLASSES_ROOT\clsid\{f0e59437-6148-4a98-b0a6-60d557ef57f4}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-11-16 542104]
"SearchProtection"="c:\programdata\Search Protection\_run.bat" [2012-12-13 141]
"Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-07-01 83232]
"LWS"="c:\logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]
.
c:\users\Bev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\logitech\Ereg\eReg.exe /remind /language=ENU /_WFM="." [2009-11-16 517384]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-13 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x]
S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe;c:\program files\Trend Micro\Titanium\TiMiniService.exe [x]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\my dell\pcdsrvc_x64.pkms;c:\program files\my dell\pcdsrvc_x64.pkms [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PCDSRVC{D3412D80-CF3B4A27-06020200}_0
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 00:49]
.
2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 20:58]
.
2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 20:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2011-05-21 1139992]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-05-21 192520]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2011-05-21 328400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.12.1


.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1 - c:\program files (x86)\24x7Help\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{D3412D80-CF3B4A27-06020200}_0]
"ImagePath"="\??\c:\program files\my dell\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<ΦÚ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<ΦÚ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÔfÒ„]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÔfÒ„\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æÈrÂç]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æÈrÂç\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æHuÂç]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æHuÂç\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^“!XeÄ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^“!XeÄ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Pаú]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Pаú\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^#PãzzŸ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^#PãzzŸ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Q%HÛ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Q%HÛ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^XQ˜à]]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^XQ˜à]\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÀQILÃ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÀQILÃ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vRâf’Æ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vRâf’Æ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^2SºÂ&_]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^2SºÂ&_\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^uS¦¶°à]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^uS¦¶°à\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^T©È€]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^T©È€\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yTß­íØ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yTß­íØ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yT_¯íØ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yT_¯íØ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^–T‡
kÛ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^–T‡
kÛ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^U!Uê]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^U!Uê\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÙVF«hþ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÙVF«hþ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^gWd°â)]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^gWd°â)\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXÙ‚RÂ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXÙ‚RÂ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXY‡RÂ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXY‡RÂ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡YIÙS]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡YIÙS\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡Y
JÙS]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡Y
JÙS\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‘ZÜpÝJ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‘ZÜpÝJ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ì]¯Õ4]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ì]¯Õ4\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^ÚA¯Ÿ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^ÚA¯Ÿ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^edž¤]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^edž¤\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^I^ò
ìÄ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^I^ò
ìÄ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^
_ã‚Q]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^
_ã‚Q\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^B_9¤ÆP]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^B_9¤ÆP\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^g_0q¥Ô]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^g_0q¥Ô\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^u_*æ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^u_*æ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ï_©Ùw‘]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ï_©Ùw‘\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^§`Ðúõ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^§`Ðúõ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨`B-<]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨`B-<\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Raù\ö]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Raù\ö\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^|aßÍ#
]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^|aßÍ#
\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¾aw™ý½]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¾aw™ý½\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÆaûIu]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÆaûIu\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Æa{Ku]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Æa{Ku\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ùa‰ap]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ùa‰ap\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*b¯…ï]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*b¯…ï\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Úb,¤çˆ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Úb,¤çˆ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<cØyN—]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<cØyN—\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^[cSQ—¯]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^[cSQ—¯\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨cŒÍ<p]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨cŒÍ<p\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]d-_]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]d-_\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vdàÁtà]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vdàÁtà\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^!eðË=]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^!eðË=\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]eê–]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]eê–\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Þezù!"]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Þezù!"\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*f–àPá]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*f–àPá\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^5WÂ%-™]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^5WÂ%-™\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^µcZœÅ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^µcZœÅ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ãtE¥ãt`^WeY9òü]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ãtE¥ãt`^WeY9òü\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥’uE¥’u`^ÿU¯NâŠ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥’uE¥’u`^ÿU¯NâŠ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥™uE¥™u`^že’•yâ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥™uE¥™u`^že’•yâ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥àuE¥àu`^ùe[a˜[]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥àuE¥àu`^ùe[a˜[\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^¨cŠ‘LÉ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^¨cŠ‘LÉ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©cLÔ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©cLÔ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©c› äâ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©c› äâ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^VaV#]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^VaV#\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^2UrÝÂb]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^2UrÝÂb\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FvE¥Fv`^æ`œetE]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FvE¥Fv`^æ`œetE\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ivE¥iv`^Ž[•C]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ivE¥iv`^Ž[•C\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥svE¥sv`^ÐhÆô‹¥]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥svE¥sv`^ÐhÆô‹¥\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÿvE¥ÿv`^raÚeS]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÿvE¥ÿv`^raÚeS\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FwE¥Fw`^5bLЭ¾]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FwE¥Fw`^5bLЭ¾\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^ŽU<Ü=]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^ŽU<Ü=\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^‹Y8ýŸî]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^‹Y8ýŸî\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Øt¨¯Øt`^¯bØc­]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Øt¨¯Øt`^¯bØc­\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^Þ]3siþ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^Þ]3siþ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaoK3]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaoK3\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaÿT3]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaÿT3\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^|aX¨šx]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^|aX¨šx\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^]hwéÛ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^]hwéÛ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^²Tgmû²]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^²Tgmû²\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^–UØGE!]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^–UØGE!\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^zY§wŠy]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^zY§wŠy\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^ªYtÏ·]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^ªYtÏ·\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^–R…³c8]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^–R…³c8\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^,VĘæÁ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^,VĘæÁ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^…^‹öv]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^…^‹öv\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯šu¨¯šu`^Z^³ìL]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯šu¨¯šu`^Z^³ìL\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯¡u¨¯¡u`^Šj`eÚ²]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯¡u¨¯¡u`^Šj`eÚ²\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^_ˆIÄ‹]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^_ˆIÄ‹\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^Ea²àX]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^Ea²àX\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-02 13:09:45
ComboFix-quarantined-files.txt 2013-09-02 20:09
ComboFix2.txt 2013-08-31 22:03
.
Pre-Run: 37,339,172,864 bytes free
Post-Run: 37,286,572,032 bytes free
.
- - End Of File - - 6A2D220CA9064CC94F80B566D0BF4398
5C616939100B85E558DA92B899A0FC36

 

 

ESET Report

 

C:\FRST\Quarantine\edrsytb.exe a variant of Win32/Kryptik.BIYS trojan
C:\FRST\Quarantine\fyldo.exe a variant of Win32/Kryptik.BIYS trojan
C:\FRST\Quarantine\ghbtls.exe a variant of Win32/Kryptik.BIYS trojan
C:\FRST\Quarantine\ivgq.exe a variant of Win32/Kryptik.BIYS trojan
C:\FRST\Quarantine\mdfjbha.exe a variant of Win32/Kryptik.BIYS trojan
C:\FRST\Quarantine\pfwd.exe a variant of Win32/Kryptik.BIYS trojan
C:\FRST\Quarantine\qcovne.exe a variant of Win32/Kryptik.BIYS trojan
C:\FRST\Quarantine\qgmt.exe a variant of Win32/Kryptik.BIYS trojan
C:\FRST\Quarantine\tpuge.exe a variant of Win32/Kryptik.BIYS trojan
C:\FRST\Quarantine\vtaq.exe a variant of Win32/Kryptik.BIYS trojan
C:\FRST\Quarantine\wobomg.exe a variant of Win32/Kryptik.BIYS trojan
C:\FRST\Quarantine\xtid.exe a variant of Win32/Kryptik.BIYS trojan
C:\FRST\Quarantine\yowfl.exe a variant of Win32/Kryptik.BIYS trojan
C:\Qoobox\Quarantine\C\Program Files (x86)\24x7Help\App24x7Help.exe.vir a variant of Win32/24x7Help.B application
C:\Qoobox\Quarantine\C\Program Files (x86)\24x7Help\App24x7Hook.dll.vir Win32/24x7Help.A application
C:\Qoobox\Quarantine\C\Program Files (x86)\24x7Help\App24x7Hook64.dll.vir Win64/24x7Help.A application
C:\Qoobox\Quarantine\C\Program Files (x86)\24x7Help\App24x7Svc.exe.vir probably a variant of Win32/24x7Help.B application
C:\Qoobox\Quarantine\C\Users\Bev\AppData\Roaming\dbu32.ocx.vir a variant of Win32/Kryptik.BIYS trojan

 

 

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16496
Run by Bev at 15:21:58 on 2013-09-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4009.2069 [GMT -7:00]
.
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Sendori\sndappv2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Sendori\SendoriSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Sendori\SendoriUp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Sendori\Sendori.Service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mURLSearchHooks: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} -
BHO: Unfriend Checker: {09942569-D515-42BE-9F5A-A439B20F91AB} -
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB: WhiteSmoke B Toolbar: {f0e59437-6148-4a98-b0a6-60d557ef57f4} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [searchProtection] C:\ProgramData\Search Protection\_run.bat
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
mRun: [LWS] C:\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Bev\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Logitech\Ereg\eReg.exe
StartupFolder: C:\Users\Bev\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll


TCP: NameServer = 192.168.12.1
TCP: Interfaces\{37314881-E905-46E4-9DB0-64917E6345A1} : DHCPNameServer = 192.168.12.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_paid.html" "DEF" "DEF" "DEF"
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none"
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2012-12-3 14456]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-6-6 55856]
R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2012-11-12 57976]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-12-7 1236368]
R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-7-1 119072]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-12 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-12 701512]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-13 994360]
R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-7-1 22304]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-6-6 1695040]
R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-7-1 3623200]
R2 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2012-6-6 244440]
R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2012-6-6 69392]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-6 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-12 25928]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-6 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-6-6 267480]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-9-21 24608]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
S3 LVUVC64;Logitech HD Webcam C510(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2012-1-18 4763680]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-12 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-12 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-12 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-18 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-09-02 20:24:13 -------- d-----w- C:\Program Files (x86)\ESET
2013-09-02 20:09:49 -------- d-sh--w- C:\$RECYCLE.BIN
2013-08-31 21:40:32 98816 ----a-w- C:\Windows\sed.exe
2013-08-31 21:40:32 256000 ----a-w- C:\Windows\PEV.exe
2013-08-31 21:40:32 208896 ----a-w- C:\Windows\MBR.exe
2013-08-28 22:12:55 -------- d-----w- C:\FRST
2013-08-28 20:05:06 -------- d-----w- C:\ProgramData\fsil
2013-08-26 21:23:59 -------- d-----w- C:\JailhouseInn
2013-08-26 17:25:35 -------- d-----w- C:\Users\Bev\AppData\Local\{AEBE6523-5364-4C9D-9977-FF34F0750DA0}
2013-08-25 22:16:55 -------- d-----w- C:\Users\Bev\AppData\Local\{9961D5E6-8226-400E-A565-A339490931F3}
2013-08-25 22:15:54 -------- d-----w- C:\Users\Bev\AppData\Local\{F5DA1F16-EE07-4407-B200-70051D4F9252}
2013-08-25 00:09:10 -------- d-----w- C:\Users\Bev\AppData\Local\{B08E6515-B6E4-4D03-907A-D3216F212A26}
2013-08-23 18:36:19 -------- d-----w- C:\MasonCD
2013-08-23 17:23:53 -------- d-----w- C:\Users\Bev\AppData\Local\{D0142CBD-BE74-4355-9FCB-8E4FD09F89B6}
2013-08-23 01:31:07 -------- d-----w- C:\Users\Bev\AppData\Local\{50F7AD71-6BC1-4E56-A85E-A7BB48ADF3ED}
2013-08-23 01:28:51 -------- d-----w- C:\Users\Bev\AppData\Local\{D80B408D-9F90-4B58-B0C7-EA1A33021AA6}
2013-08-23 01:28:09 -------- d-----w- C:\Users\Bev\AppData\Local\{A1C403F6-AF5A-427C-9D71-FE8AE3D8A504}
2013-08-20 21:30:29 -------- d-----w- C:\MirandasPeople - Copy
2013-08-19 21:41:59 -------- d-----w- C:\TitanicHistoricalSociety
2013-08-18 19:19:10 -------- d-----w- C:\Users\Bev\AppData\Local\{347D25BF-F641-4F1C-A6AB-AB0A8398686C}
2013-08-17 23:18:01 -------- d-----w- C:\Users\Bev\AppData\Local\{704210BC-8AED-4805-9ED0-5A6AE6D79436}
2013-08-17 06:13:49 -------- d-----w- C:\Users\Bev\AppData\Local\{B9DA97AC-5F08-43B2-B272-0781245D6804}
2013-08-15 21:21:17 -------- d-----w- C:\Users\Bev\AppData\Local\{E0859346-9544-4CE0-A8CA-08C88AAC35BA}
2013-08-15 04:48:53 -------- d-----w- C:\EnerBankUSA
2013-08-12 03:28:24 -------- d-----w- C:\Users\Bev\AppData\Local\{8103DA18-FD3A-40DF-93FA-BA757B08D336}
2013-08-09 00:18:25 -------- d-----w- C:\Users\Bev\AppData\Local\{BB22D809-001E-4121-B40C-4F19B706F384}
2013-08-07 20:47:00 -------- d-----w- C:\Users\Bev\AppData\Local\{F1C2C93B-39F9-42C3-807B-BFA0D3568545}
2013-08-06 19:39:45 -------- d-----w- C:\Users\Bev\AppData\Local\{120A8B27-81AE-422E-BEDF-F800619EE72D}
2013-08-05 06:39:25 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-08-05 06:38:46 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-08-05 06:38:46 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-05 06:38:46 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-08-05 06:38:46 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-05 06:38:46 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-05 06:38:46 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-05 06:37:54 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-08-05 06:37:54 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-08-05 01:40:07 -------- d-----w- C:\Users\Bev\AppData\Local\{9C74A07D-0B4A-41AF-A7AB-585ECC484A01}
2013-08-05 01:36:05 -------- d-----w- C:\VideosMason
2013-08-03 23:46:19 -------- d-----w- C:\Users\Bev\AppData\Local\{4873C7AD-178C-4285-AF76-BF8CDAD27EFA}
.
==================== Find3M ====================
.
2013-08-21 00:49:19 17139080 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-07-01 16:49:06 325920 ----a-w- C:\Windows\SysWow64\Sendori.dll
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 15:22:30.30 ===============

Share this post


Link to post
Share on other sites

Hi,

 

Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\programdata\fsil
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{09942569-D515-42BE-9F5A-A439B20F91AB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{f0e59437-6148-4a98-b0a6-60d557ef57f4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{f0e59437-6148-4a98-b0a6-60d557ef57f4}"=-
[-HKEY_CLASSES_ROOT\clsid\{f0e59437-6148-4a98-b0a6-60d557ef57f4}]


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif

Close all browser windows, turn off protection software and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.

Share this post


Link to post
Share on other sites

I ran ComboFix using the CFScript.txt as instructed. Here is the log as follows:

 

ComboFix 13-09-02.02 - Bev 09/03/2013 0:18.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4009.2082 [GMT -7:00]
Running from: c:\users\Bev\Desktop\ComboFix.exe
Command switches used :: c:\users\Bev\Desktop\CFScript.txt
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\fsil
c:\programdata\fsil\npphx.ocy
c:\programdata\fsil\yjbj.qnj
.
.
((((((((((((((((((((((((( Files Created from 2013-08-03 to 2013-09-03 )))))))))))))))))))))))))))))))
.
.
2013-09-03 07:26 . 2013-09-03 07:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-02 20:24 . 2013-09-02 20:24 -------- d-----w- c:\program files (x86)\ESET
2013-08-28 22:12 . 2013-08-28 22:12 -------- d-----w- C:\FRST
2013-08-26 21:23 . 2013-08-26 21:23 -------- d-----w- C:\JailhouseInn
2013-08-23 18:36 . 2013-08-23 18:36 -------- d-----w- C:\MasonCD
2013-08-20 21:30 . 2013-08-20 21:31 -------- d-----w- C:\MirandasPeople - Copy
2013-08-19 21:41 . 2013-08-19 21:42 -------- d-----w- C:\TitanicHistoricalSociety
2013-08-15 04:48 . 2013-08-15 19:55 -------- d-----w- C:\EnerBankUSA
2013-08-05 06:40 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-08-05 06:39 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-08-05 06:38 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-05 06:38 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-08-05 06:38 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-05 06:38 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-05 06:38 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-08-05 06:38 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-08-05 06:37 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-08-05 06:37 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-08-05 01:36 . 2013-08-05 01:36 -------- d-----w- C:\VideosMason
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-21 00:49 . 2013-02-26 23:49 17139080 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-07-01 16:49 . 2013-02-17 00:11 325920 ----a-w- c:\windows\SysWow64\Sendori.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{09942569-D515-42BE-9F5A-A439B20F91AB}]
c:\program files (x86)\Unfriend Checker\uc.dll [bU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-11-16 21:41 87448 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{f0e59437-6148-4a98-b0a6-60d557ef57f4}]
c:\program files (x86)\WhiteSmoke_B\prxtbWhit.dll [bU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-11-16 87448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-11-16 542104]
"SearchProtection"="c:\programdata\Search Protection\_run.bat" [2012-12-13 141]
"Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-07-01 83232]
"LWS"="c:\logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
c:\users\Bev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\logitech\Ereg\eReg.exe /remind /language=ENU /_WFM="." [2009-11-16 517384]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-13 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x]
S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe;c:\program files\Trend Micro\Titanium\TiMiniService.exe [x]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 20:58]
.
2013-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-22 20:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2011-05-21 1139992]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-05-21 192520]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2011-05-21 328400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.12.1


.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1 - c:\program files (x86)\24x7Help\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<ΦÚ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<ΦÚ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÔfÒ„]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÔfÒ„\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æÈrÂç]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æÈrÂç\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æHuÂç]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^æHuÂç\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^“!XeÄ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^“!XeÄ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Pаú]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Pаú\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^#PãzzŸ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^#PãzzŸ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Q%HÛ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Q%HÛ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^XQ˜à]]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^XQ˜à]\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÀQILÃ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÀQILÃ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vRâf’Æ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vRâf’Æ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^2SºÂ&_]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^2SºÂ&_\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^uS¦¶°à]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^uS¦¶°à\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^T©È€]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^T©È€\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yTß­íØ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yTß­íØ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yT_¯íØ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^yT_¯íØ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^–T‡
kÛ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^–T‡
kÛ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^U!Uê]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^U!Uê\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÙVF«hþ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÙVF«hþ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^gWd°â)]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^gWd°â)\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXÙ‚RÂ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXÙ‚RÂ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXY‡RÂ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^wXY‡RÂ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡YIÙS]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡YIÙS\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡Y
JÙS]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‡Y
JÙS\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‘ZÜpÝJ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^‘ZÜpÝJ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ì]¯Õ4]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ì]¯Õ4\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^ÚA¯Ÿ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^ÚA¯Ÿ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^edž¤]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^F^edž¤\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^I^ò
ìÄ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^I^ò
ìÄ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^
_ã‚Q]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^
_ã‚Q\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^B_9¤ÆP]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^B_9¤ÆP\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^g_0q¥Ô]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^g_0q¥Ô\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^u_*æ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^u_*æ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ï_©Ùw‘]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Ï_©Ùw‘\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^§`Ðúõ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^§`Ðúõ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨`B-<]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨`B-<\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Raù\ö]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Raù\ö\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^|aßÍ#
]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. jpg `^|aßÍ#
\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¾aw™ý½]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¾aw™ý½\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÆaûIu]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ÆaûIu\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Æa{Ku]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Æa{Ku\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ùa‰ap]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^ùa‰ap\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*b¯…ï]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*b¯…ï\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Úb,¤çˆ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Úb,¤çˆ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<cØyN—]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^<cØyN—\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^[cSQ—¯]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^[cSQ—¯\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨cŒÍ<p]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^¨cŒÍ<p\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]d-_]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]d-_\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vdàÁtà]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vdàÁtà\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^!eðË=]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^!eðË=\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]eê–]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^]eê–\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Þezù!"]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Þezù!"\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*f–àPá]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^*f–àPá\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^5WÂ%-™]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^5WÂ%-™\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^µcZœÅ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÑtE¥Ñt`^µcZœÅ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ãtE¥ãt`^WeY9òü]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ãtE¥ãt`^WeY9òü\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥’uE¥’u`^ÿU¯NâŠ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥’uE¥’u`^ÿU¯NâŠ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥™uE¥™u`^že’•yâ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥™uE¥™u`^že’•yâ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥àuE¥àu`^ùe[a˜[]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥àuE¥àu`^ùe[a˜[\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^¨cŠ‘LÉ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^¨cŠ‘LÉ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©cLÔ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©cLÔ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©c› äâ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ëuE¥ëu`^©c› äâ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^VaV#]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^VaV#\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^2UrÝÂb]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^2UrÝÂb\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FvE¥Fv`^æ`œetE]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FvE¥Fv`^æ`œetE\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ivE¥iv`^Ž[•C]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ivE¥iv`^Ž[•C\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥svE¥sv`^ÐhÆô‹¥]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥svE¥sv`^ÐhÆô‹¥\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÿvE¥ÿv`^raÚeS]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÿvE¥ÿv`^raÚeS\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FwE¥Fw`^5bLЭ¾]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥FwE¥Fw`^5bLЭ¾\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^ŽU<Ü=]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^ŽU<Ü=\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^‹Y8ýŸî]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯ t¨¯ t`^‹Y8ýŸî\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Øt¨¯Øt`^¯bØc­]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Øt¨¯Øt`^¯bØc­\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^Þ]3siþ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^Þ]3siþ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaoK3]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaoK3\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaÿT3]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^jaÿT3\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^|aX¨šx]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^|aX¨šx\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^]hwéÛ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯u¨¯u`^]hwéÛ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^²Tgmû²]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^²Tgmû²\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^–UØGE!]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^–UØGE!\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^zY§wŠy]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^zY§wŠy\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^ªYtÏ·]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯tu¨¯tu`^ªYtÏ·\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^–R…³c8]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^–R…³c8\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^,VĘæÁ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^,VĘæÁ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^…^‹öv]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯‡u¨¯‡u`^…^‹öv\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯šu¨¯šu`^Z^³ìL]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯šu¨¯šu`^Z^³ìL\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯¡u¨¯¡u`^Šj`eÚ²]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯¡u¨¯¡u`^Šj`eÚ²\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^_ˆIÄ‹]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^_ˆIÄ‹\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^Ea²àX]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-776842778-1022910293-1919321215-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¨¯Ïu¨¯Ïu`^Ea²àX\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-03 00:28:03
ComboFix-quarantined-files.txt 2013-09-03 07:28
ComboFix2.txt 2013-09-02 20:09
ComboFix3.txt 2013-08-31 22:03
.
Pre-Run: 38,104,883,200 bytes free
Post-Run: 38,204,203,008 bytes free
.
- - End Of File - - 5B9A1F51935223AA03192019D9D3AED9
5C616939100B85E558DA92B899A0FC36

Share this post


Link to post
Share on other sites

Hi Blade81!

 

I had been avoiding using the system until you gave me the go ahead. After using it for a while today everything seems to be running normally with no problems or errors.

 

Thank you for all your help in getting rid of this nasty virus! I have always been able to rely on the experts here! :)

 

Is there anything further that needs to addressed? Or should I begin making sure all the programs are up to date?

Share this post


Link to post
Share on other sites

Good. Let's see the final steps then :)


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.

B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.



Now lets uninstall ComboFix:

  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK

 


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade B)

 

 

Share this post


Link to post
Share on other sites

I reset system restore and uninstalled Combofix as instructed. The computer continues to run normally without any problems.

 

Thank you again for all your help! I have already begun making sure everything is up to date and using Window's Update. Since this is my mother's computer I lectured her on the importance of keeping it updated, lol.

 

Thanks again and you have a great day as well Blade! :)

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

 

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

 

Everyone else please begin a New Topic.

 

Thank you !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this