Inactive-A Advanced Registry Optimizer

[LaNeedles]

Each time I shut down and then restart my computer the advanced registry optimizer window pops up asking me if I want to "let these errors remain on my computer," or uninstall it. I find this strange, for I never did install it in the first place. I have Norton 360 degree full protection as well as Norton utilities. Even stranger is that when I go to the add/remove programs section and designate the advanced registry optimizer to be removed I get a pop up telling me that "this program file does not exist and therefore cannot be removed." I'm completely baffled. If it does not exist then why does it show in my list of available programs to be changed or uninstalled, and why does the window appear each time I start my computer? I'm lost. Any expertise which could aid me in fixing this would be most welcome.

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[LaNeedles]

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.27.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
owner :: OWNER-PC [administrator]

Protection: Enabled

12/27/2013 12:50:12 PM
mbam-log-2013-12-27 (12-50-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 252925
Time elapsed: 7 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 31
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{1D4DB7D0-6EC9-47a3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\Interface\{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\FunWebProductsInstaller.Start.1 (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\FunWebProductsInstaller.Start (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> Quarantined and deleted successfully.
HKCR\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} (PUP.Optional.SearchQu) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Quarantined and deleted successfully.
HKCR\CLSID\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD} (PUP.PlayBryte) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD} (PUP.PlayBryte) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457} (PUP.Optional.SearchToolbar) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} (PUP.Optional.InboxToolBar.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Quarantined and deleted successfully.
HKCU\Software\Datamngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PLAYBRYTE (PUP.PlayBryte) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C8DB2EC-499B-4897-A784-0E3186C97E9D} (PUP.Optional.ArcadeFrontier) -> Quarantined and deleted successfully.
HKCR\CLSID\{6C8DB2EC-499B-4897-A784-0E3186C97E9D} (PUP.Optional.ArcadeFrontier) -> Quarantined and deleted successfully.

Registry Values Detected: 14
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Data: Searchqu Toolbar -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{9D425283-D487-4337-BAB6-AB8354A81457} (PUP.Optional.SearchToolbar) -> Data: ƒRB‡Ô7Cº¶«ƒT¨W -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{9D425283-D487-4337-BAB6-AB8354A81457} (PUP.Optional.SearchToolbar) -> Data: Search Toolbar -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{9D425283-D487-4337-BAB6-AB8354A81457} (PUP.Optional.SearchToolbar) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{9D425283-D487-4337-BAB6-AB8354A81457} (PUP.Optional.SearchToolbar) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7} (PUP.Optional.SearchQu) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|BrowserMngr Start Page (PUP.BProtector) -> Data: http://www.google.com/ -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Data: http://www.google.com/ -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Data: {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} -> Quarantined and deleted successfully.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0L1N1U2Z1S1L1ItF0MtH1G -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow|playbryte.com (PUP.PlayBryte) -> Data: -> Quarantined and deleted successfully.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: 11111111 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|playbrytetoolbar_Playbryte (PUP.PlayBryte) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Playbryte|Publisher (PUP.PlayBryte) -> Data: Playbryte -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchBar) -> Bad: (http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language) Good: (http://www.google.com/) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 3
C:\Users\owner\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\5.bin (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.

Files Detected: 33
C:\Program Files (x86)\FunWebProducts\Installr\5.bin\F3EZSETP.DLL (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Users\owner\Downloads\download_torrent (1).exe (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.
C:\Users\owner\Downloads\download_torrent.exe (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.
C:\Users\owner\Downloads\Player_Setup (1).exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\owner\Downloads\Player_Setup (2).exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\owner\Downloads\Player_Setup (3).exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\owner\Downloads\Player_Setup (4).exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\owner\Downloads\Player_Setup (5).exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\owner\Downloads\Player_Setup.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\owner\Downloads\wallpaperssetup.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Users\owner\Pictures\3ddinosaurs_160.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\owner\Pictures\3dfallingleaves.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\owner\Pictures\3dfireplace2.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\owner\Pictures\3dspringblossoms.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\owner\Pictures\butterflies.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\owner\Pictures\cabin.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\owner\Pictures\eastervillage.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\owner\Pictures\lightningstorm.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\owner\Pictures\marine2.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\owner\Pictures\MicrosoftDrivers.exeMicrosoftDrivers.exe (PUP.Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\owner\Pictures\moonlight.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\owner\Pictures\nightbeforechristmas.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\owner\Pictures\snowycottage.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\owner\Pictures\tinyword.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\owner\Pictures\waterfalls3.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\owner\Pictures\xmastree.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Wincert\win64cert.dll (PUP.Optional.Datamngr.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\5.bin\F3PLUGIN.DLL (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\5.bin\NPFUNWEB.DLL (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\ArcadeFrontier\ArcadeFrontier.dll (PUP.Optional.ArcadeFrontier) -> Quarantined and deleted successfully.

(end)

Still showing up in my available programs...yet when I try to get rid of it I get the message telling me that the filepath does not exist.

 

[Broni]

Please observe forum rules.
All logs have to be pasted not attached.

 

[LaNeedles]

I tried!!!! It would not let me paste them.....will try again.


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2
Run by owner at 13:39:51 on 2013-12-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1853 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\owner\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Users\owner\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/
uDefault_Page_URL = hxxp://start.toshiba.com/g/
uProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=4D27194001CD52A215CA5F9F&src_id=31126&camp_id=5039&tb_version=1.2.1000.1(B)
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80114&lng=en
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80114
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - LocalServer32 - <no file>
BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: {C4B8BAB4-1667-11DF-A242-BA9455D89593} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - <orphaned>
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - LocalServer32 - <no file>
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\CoIEPlg.dll
uRun: [AROReminder] C:\Program Files (x86)\Advanced Registry Optimizer\ARO.exe -rem
uRun: [Google Update] "C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [KGShareApp] C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ArcSoft MediaImpression Monitor] C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ZOOSKM~1.LNK - C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{AAF9CE7B-6DB6-4944-97FE-5525F7AF99B8} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{AAF9CE7B-6DB6-4944-97FE-5525F7AF99B8}\24563747245797 : DHCPNameServer = 168.94.0.15 168.94.0.14
TCP: Interfaces\{AAF9CE7B-6DB6-4944-97FE-5525F7AF99B8}\34F44454255444 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{AAF9CE7B-6DB6-4944-97FE-5525F7AF99B8}\65562796A7F6E602143433030203435314 : DHCPNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\N360x64\1404000.028\SymDS64.sys [2013-7-14 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\N360x64\1404000.028\SymEFA64.sys [2013-7-14 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [2013-12-3 1526488]
R1 ccSet_N360;Norton 360 Settings Manager;C:\windows\System32\drivers\N360x64\1404000.028\ccSetx64.sys [2013-7-14 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131225.001\IDSviA64.sys [2013-12-26 521944]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\N360x64\1404000.028\Ironx64.sys [2013-7-14 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\N360x64\1404000.028\symnets.sys [2013-7-14 433752]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DiskDoctorService;Norton Disk Doctor Service;C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [2011-9-2 1029480]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-8-3 350792]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-27 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-27 701512]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [2013-7-14 144368]
R2 PGMTrusted;PGMTrusted;C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [2013-3-25 520360]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 SpeedDiskService;Norton SpeedDisk Service;C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [2011-9-2 1037672]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-23 2320920]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-12-20 137648]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-27 158976]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-4-20 169584]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-12-27 25928]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-11-23 35008]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192Ce.sys [2010-4-28 932384]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 SymDSMon;SymDSMon;C:\windows\System32\drivers\SymDSMon.sys [2011-9-2 191232]
R3 SYMSpeedDisk;SYMSpeedDisk;C:\windows\System32\drivers\SymSpeedDisk.sys [2011-9-2 163384]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-23 54136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2013-12-16 111616]
S3 massfilter;Mass Storage Filter Driver;C:\windows\System32\drivers\massfilter.sys [2011-1-25 11776]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-11-23 239136]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-4-27 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-1-30 1255736]
S3 ZTEusbgps;ZTE GPS Port;C:\windows\System32\drivers\ZTEusbgps.sys [2011-1-25 121344]
S3 ZTEusbnmeaext;ZTE NMEAExt Port;C:\windows\System32\drivers\ZTEusbnmeaext.sys [2011-1-25 121344]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-12-27 17:49:11 -------- d-----w- C:\Users\owner\AppData\Roaming\Malwarebytes
2013-12-27 17:48:57 -------- d-----w- C:\ProgramData\Malwarebytes
2013-12-27 17:48:56 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-12-27 17:48:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-26 03:05:13 -------- d-----w- C:\ProgramData\D6C
2013-12-12 13:17:23 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 13:17:23 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 13:17:22 12625920 ----a-w- C:\windows\System32\wmploc.DLL
2013-12-12 13:17:22 12625408 ----a-w- C:\windows\SysWow64\wmploc.DLL
2013-12-10 21:28:33 -------- d-----w- C:\Program Files\iPod
2013-12-10 21:28:32 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-10 21:28:32 -------- d-----w- C:\Program Files\iTunes
2013-12-10 21:28:32 -------- d-----w- C:\Program Files (x86)\iTunes
2013-12-10 21:23:43 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-12-10 21:23:43 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-12-10 21:23:43 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-12-10 21:23:43 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-12-10 21:23:43 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2013-12-11 19:19:21 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 19:19:21 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-10-30 02:32:01 335360 ----a-w- C:\windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\windows\System32\win32k.sys
2013-10-20 07:42:51 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-19 02:18:57 81408 ----a-w- C:\windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04 150016 ----a-w- C:\windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\windows\SysWow64\cscript.exe
2013-10-05 20:25:35 1474048 ----a-w- C:\windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\windows\System32\authui.dll
2013-10-04 02:16:30 116736 ----a-w- C:\windows\System32\drivers\drmk.sys
2013-10-04 01:58:50 152576 ----a-w- C:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\windows\SysWow64\authui.dll
2013-10-04 01:36:04 230400 ----a-w- C:\windows\System32\drivers\portcls.sys
2013-10-03 02:23:48 404480 ----a-w- C:\windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
.
============= FINISH: 13:40:25.00 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/25/2011 10:26:35 AM
System Uptime: 12/27/2013 1:03:00 PM (0 hours ago)
.
Motherboard: Intel Corp. | | Base Board Product Name
Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz | CPU | 2133/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 376.378 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP787: 12/23/2013 5:28:39 PM - Made by Norton Utilities læ
RP788: 12/23/2013 5:32:51 PM - Made by Norton Utilities äå
RP789: 12/23/2013 5:33:56 PM - Made by Norton Utilities ì
RP790: 12/23/2013 7:00:36 PM - Made by Norton Utilities ì
RP791: 12/24/2013 7:00:37 PM - Made by Norton Utilities ì
RP792: 12/25/2013 7:00:38 PM - Made by Norton Utilities ì
RP793: 12/26/2013 7:00:38 PM - Made by Norton Utilities ì
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Advanced Registry Optimizer
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcadeFrontier
ArcSoft MediaImpression Codec
ArcSoft MediaImpression for Kodak
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Best Buy pc app
Bonjour
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix Online Launcher
Conexant HD Audio
D3DX10
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
IHA_MessageCenter
iMesh
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
iTunes
Java 7 Update 45
Java Auto Updater
Java(TM) 6 Update 17
Junk Mail filter update
KODAK Share Button App
Mah Jong Quest III
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
mIRC
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB2758694)
Norton 360
Norton Utilities 15
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Pogo Games
QuickTime
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Redist
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Synaptics Pointing Device Driver
TinyWord 2.9.0
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Verizon Media Manager
Vz In-Home Agent
WeatherBug
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
ZTE USB Drivers
.
==== Event Viewer Messages From Past Week ========
.
12/27/2013 1:03:29 PM, Error: Service Control Manager [7000] - The TOSHIBA Optical Disc Drive Service service failed to start due to the following error: The system cannot find the path specified.
12/20/2013 12:00:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SpeedDiskService service.
.
==== End Of File ===========================
Got it to work this time sorry for the mistake.

 

[Broni]

You did it

Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.

• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[LaNeedles]

OK....performed tasks as instructed. At end of Malwarebite cleanup it told me no malware detected. A moment later the system crashed and I saw a message I've never seen before....bright blue background...telling me a problem was detected. Computer tried to initiate crash/dumping report...but then said crash report FAILED. Told me if it was the first time seeing message to simply restart computer. Did that seems to be running fine. Also told me to contact my administrator or my tech support. That's you now right??? Advanced Registry Optimizer popup at restart has ceased....and yet it still is showing in list of available programs. Reports to follow.


RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : owner [Admin rights]
Mode : Remove -- Date : 12/28/2013 12:43:00
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][SUSP PATH] ArcadeFrontier.job : C:\Users\owner\AppData\Local\ArcadeFrontier\veragent.exe [7] -> DELETED
[V2][SUSP PATH] ArcadeFrontier : C:\Users\owner\AppData\Local\ArcadeFrontier\veragent.exe [7] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤




¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS545050B9A300 +++++
--- User ---
[MBR] f775371b57784f7d98a9f46d6d429d0c
[BSP] b79570121e42348a1a739003ee68f945 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 463437 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 952193024 | Size: 12002 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_12282013_124300.txt >>
RKreport[0]_S_12282013_124048.txt



RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : owner [Admin rights]
Mode : Scan -- Date : 12/28/2013 12:40:48
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][SUSP PATH] ArcadeFrontier.job : C:\Users\owner\AppData\Local\ArcadeFrontier\veragent.exe [7] -> FOUND
[V2][SUSP PATH] ArcadeFrontier : C:\Users\owner\AppData\Local\ArcadeFrontier\veragent.exe [7] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS545050B9A300 +++++
--- User ---
[MBR] f775371b57784f7d98a9f46d6d429d0c
[BSP] b79570121e42348a1a739003ee68f945 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 463437 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 952193024 | Size: 12002 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_12282013_124048.txt >>





2013/12/28 12:37:09 -0500 OWNER-PC owner MESSAGE Stopping protection
2013/12/28 12:37:09 -0500 OWNER-PC owner MESSAGE Protection stopped successfully
2013/12/28 12:37:09 -0500 OWNER-PC owner MESSAGE Stopping IP protection
2013/12/28 12:37:09 -0500 OWNER-PC owner MESSAGE IP Protection stopped successfully
2013/12/28 12:37:10 -0500 OWNER-PC owner MESSAGE Protection stopped
2013/12/28 13:10:53 -0500 OWNER-PC (null) MESSAGE Starting protection
2013/12/28 13:10:53 -0500 OWNER-PC (null) MESSAGE Protection started successfully
2013/12/28 13:10:53 -0500 OWNER-PC (null) MESSAGE Starting IP protection
2013/12/28 13:10:58 -0500 OWNER-PC (null) MESSAGE IP Protection started successfully
2013/12/28 13:16:58 -0500 OWNER-PC owner MESSAGE Stopping protection
2013/12/28 13:16:58 -0500 OWNER-PC owner MESSAGE Protection stopped successfully
2013/12/28 13:16:58 -0500 OWNER-PC owner MESSAGE Stopping IP protection
2013/12/28 13:16:58 -0500 OWNER-PC owner MESSAGE IP Protection stopped successfully
2013/12/28 13:16:59 -0500 OWNER-PC owner MESSAGE Protection stopped
2013/12/28 13:38:49 -0500 OWNER-PC (null) MESSAGE Starting protection
2013/12/28 13:38:49 -0500 OWNER-PC (null) MESSAGE Protection started successfully
2013/12/28 13:38:49 -0500 OWNER-PC (null) MESSAGE Starting IP protection
2013/12/28 13:38:53 -0500 OWNER-PC (null) MESSAGE IP Protection started successfully

 

[Broni]

Did you try to uninstall Advanced Registry Optimizer?

Next...

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[LaNeedles]

OK....completed task. ARO will still not uninstall. The EXACT message that pops up is:
File "Crogram Files (x86) Advanced Registry Optimizer\ unins.dat" does not exist. Cannot uninstall. ALSO....is it ok to now uninstall the malwarebyte program? Report to follow.


ComboFix 13-12-26.01 - owner 12/28/2013 17:17:50.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2412 [GMT -5:00]
Running from: c:\users\owner\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\FunWebProducts
c:\program files (x86)\MyWebSearch
c:\program files (x86)\MyWebSearch\bar\Settings\s_pid.dat
c:\programdata\25F
c:\programdata\25F\{C3C5FE55-D217-4A8D-B89C-3AA413BAC1EB}.swf
c:\windows\SysWow64\drivers\dfg.sys
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-11-28 to 2013-12-28 )))))))))))))))))))))))))))))))
.
.
2013-12-28 22:47 . 2013-12-28 22:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-28 17:58 . 2013-12-28 18:19 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-28 17:58 . 2013-12-28 17:58 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-28 17:39 . 2013-12-28 17:39 73280 ----a-w- c:\windows\system32\drivers\disk.sys.bak
2013-12-27 17:49 . 2013-12-27 17:49 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes
2013-12-27 17:48 . 2013-12-27 17:48 -------- d-----w- c:\programdata\Malwarebytes
2013-12-27 17:48 . 2013-12-27 17:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-27 17:48 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-26 03:05 . 2013-12-26 03:05 -------- d-----w- c:\programdata\D6C
2013-12-21 22:59 . 2013-12-28 22:15 -------- d-----w- c:\users\Mr.Christo
2013-12-15 16:04 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-12-12 13:17 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 13:17 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 13:17 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-12 13:17 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-12 13:17 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-10 21:28 . 2013-12-10 21:28 -------- d-----w- c:\program files\iPod
2013-12-10 21:28 . 2013-12-10 21:29 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-10 21:28 . 2013-12-10 21:29 -------- d-----w- c:\program files\iTunes
2013-12-10 21:28 . 2013-12-10 21:29 -------- d-----w- c:\program files (x86)\iTunes
2013-12-10 21:23 . 2013-12-10 21:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-12-10 21:23 . 2013-12-10 21:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-12-10 21:23 . 2013-12-10 21:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-12-10 21:23 . 2013-12-10 21:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-12-10 21:23 . 2012-11-11 20:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-15 15:58 . 2011-02-05 22:37 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-11 19:19 . 2012-04-16 13:46 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 19:19 . 2011-05-29 04:39 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-20 07:42 . 2013-10-20 07:42 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-12 02:30 . 2013-11-13 11:17 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 11:17 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 11:17 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 11:17 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 11:17 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-13 11:18 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-13 11:18 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-13 11:17 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-13 11:17 197120 ----a-w- c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-13 11:17 1930752 ----a-w- c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-13 11:17 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-13 11:17 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-13 11:17 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-13 11:17 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-13 11:17 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AROReminder"="c:\program files (x86)\Advanced Registry Optimizer\ARO.exe" [2010-10-18 2215944]
"KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-10-11 394752]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2013-01-11 1653760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"ArcSoft MediaImpression Monitor"="c:\program files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [2010-11-12 73728]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\NORTON~3\Tools\SPEEDD~1\aDSBatch.exe /startup
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys;c:\windows\SYSNATIVE\drivers\SymDSMon.sys [x]
R3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys;c:\windows\SYSNATIVE\drivers\SymSpeedDisk.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\DRIVERS\ZTEusbgps.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbgps.sys [x]
R3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\DRIVERS\ZTEusbnmeaext.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbnmeaext.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131203.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131227.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131227.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1404000.028\SYMNETS.SYS [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiskDoctorService;Norton Disk Doctor Service;c:\program files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe;c:\program files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [x]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 PGMTrusted;PGMTrusted;c:\program files (x86)\Pogo Games\PGMTrusted.exe;c:\program files (x86)\Pogo Games\PGMTrusted.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SpeedDiskService;Norton SpeedDisk Service;c:\program files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe;c:\program files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 19:19]
.
2013-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-06 20:07]
.
2013-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-06 20:07]
.
2013-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2834582575-273026046-3306951264-1000Core.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-13 23:38]
.
2013-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2834582575-273026046-3306951264-1000UA.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-13 23:38]
.
2013-12-28 c:\windows\Tasks\NUSchedule.job
- c:\program files (x86)\Norton Utilities 15\nu.exe [2012-02-03 15:17]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=4D27194001CD52A215CA5F9F&src_id=31126&camp_id=5039&tb_version=1.2.1000.1(B)
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80114&lng=en
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80114
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
BHO-{C4B8BAB4-1667-11DF-A242-BA9455D89593} - (no file)
BHO-{E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)
Toolbar-Locked - (no file)
Toolbar-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
Toolbar-10 - (no file)
Toolbar-{b278d9f8-0fa9-465e-9938-0c392605d8e3} - (no file)
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk - c:\program files (x86)\ZooskMessenger\ZooskMessenger.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{4AC505EE-0482-4CB3-A0E4-2F1E80F0A596} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}"=hex:51,66,7a,6c,4c,1d,38,12,14,ec,f3,
65,f2,d5,84,00,e4,39,b0,a9,f5,78,d6,a9
"{6C8DB2EC-499B-4897-A784-0E3186C97E9D}"=hex:51,66,7a,6c,4c,1d,38,12,82,b1,9e,
68,a9,07,f9,0d,d8,92,4d,71,83,97,3a,89
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db,
f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e2,0d,42,c0,85,bf,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fb,bf,89,78,a8,d2,1a,4d,ae,d7,35,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fb,bf,89,78,a8,d2,1a,4d,ae,d7,35,\
.
[HKEY_USERS\S-1-5-21-2834582575-273026046-3306951264-1000\Software\Microsoft\Internet Explorer\Approved Extensions]
@DACL=(02 0000)
"{CD9094DD-9C64-45C6-8CAB-7C3B96825BE3}"=hex:51,66,7a,6c,4c,1d,3b,1b,cd,88,8a,
d7,57,ca,a1,0a,95,a7,3b,7b,94,c6,1d,ff
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,3b,1b,94,f0,49,
77,9d,3c,e0,08,b7,e2,b3,22,8d,45,47,10
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,3b,1b,1e,c7,30,
7a,cc,1c,70,0d,93,ad,d2,9a,c6,9b,e2,14
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,84,92,
82,1e,12,ba,06,80,db,9b,c6,69,ac,3b,a0
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,27,37,
57,8d,3f,1d,08,89,f9,ba,9b,07,71,3f,69
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,3b,1b,f3,f3,f1,
65,2a,3d,2e,0c,81,de,b8,f0,9f,0f,0f,d6
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,3b,1b,28,cb,f6,
34,77,0e,fe,05,ad,ba,53,2b,fa,46,27,27
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Kodak\KODAK Share Button App\Listener.exe
.
**************************************************************************
.
Completion time: 2013-12-28 18:20:57 - machine was rebooted
ComboFix-quarantined-files.txt 2013-12-28 23:20
.
Pre-Run: 402,502,266,880 bytes free
Post-Run: 401,874,923,520 bytes free
.
- - End Of File - - 5F54A9F506E2CA1C90ADDEC8A73470D9

 

[Broni]

You'll keep MBAM for future use.

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk

Folder::
c:\program files (x86)\Advanced Registry Optimizer
c:\programdata\Best Buy pc app

Driver::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AROReminder"=-

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[LaNeedles]

Holy Crap I think we might have it!!!! Look at the log it wiped that **** out.....the annoying popup upon start up is gone. ARO still sits there pretending to be one of my available programs when I type in uninstall and the list of them comes up, but I still cannot get that one strand of words to delete..but if the actual program is now off of my computer then who cares right? Am I missing something? Is my computer about to explode or something?? Report to follow:

ComboFix 13-12-26.01 - owner 12/29/2013 11:55:05.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2170 [GMT -5:00]
Running from: c:\users\owner\Downloads\ComboFix.exe
Command switches used :: c:\users\owner\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Advanced Registry Optimizer
c:\program files (x86)\Advanced Registry Optimizer\ARO.exe
c:\program files (x86)\Advanced Registry Optimizer\AroLangFile.Ini
c:\program files (x86)\Advanced Registry Optimizer\AROSS.dll
c:\program files (x86)\Advanced Registry Optimizer\CheckForV4.dll
c:\program files (x86)\Advanced Registry Optimizer\CleanSchedule.exe
c:\program files (x86)\Advanced Registry Optimizer\soref.dll
c:\program files (x86)\Advanced Registry Optimizer\unins000.exe
c:\program files (x86)\Advanced Registry Optimizer\uninstall.hta
c:\program files (x86)\Advanced Registry Optimizer\update.dll
c:\program files (x86)\Advanced Registry Optimizer\xmllite.dll
c:\programdata\Best Buy pc app
c:\programdata\Best Buy pc app\3.0.0.0\AppIcon.ico.deploy
c:\programdata\Best Buy pc app\3.0.0.0\AppMeasurement_DotNET.dll.deploy
c:\programdata\Best Buy pc app\3.0.0.0\Best Buy pc app.exe.config.deploy
c:\programdata\Best Buy pc app\3.0.0.0\Best Buy pc app.exe.deploy
c:\programdata\Best Buy pc app\3.0.0.0\Best Buy pc app.exe.manifest
c:\programdata\Best Buy pc app\3.0.0.0\BestBuySoftwareInstaller.dll.deploy
c:\programdata\Best Buy pc app\3.0.0.0\Common.dll.config.deploy
c:\programdata\Best Buy pc app\3.0.0.0\Common.dll.deploy
c:\programdata\Best Buy pc app\3.0.0.0\CustomControls.dll.deploy
c:\programdata\Best Buy pc app\3.0.0.0\FluidKit.dll.deploy
c:\programdata\Best Buy pc app\3.0.0.0\Interop.IWshRuntimeLibrary.dll.deploy
c:\programdata\Best Buy pc app\3.0.0.0\Ionic.Zip.Reduced.dll.deploy
c:\programdata\Best Buy pc app\3.0.0.0\Localization.dll.deploy
c:\programdata\Best Buy pc app\3.0.0.0\Microsoft.Practices.Composite.dll.deploy
c:\programdata\Best Buy pc app\3.0.0.0\Microsoft.Practices.Composite.Presentation.dll.deploy
c:\programdata\Best Buy pc app\3.0.0.0\Microsoft.Practices.Composite.UnityExtensions.dll.deploy
c:\programdata\Best Buy pc app\3.0.0.0\Microsoft.Practices.EnterpriseLibrary.Common.dll.deploy
c:\programdata\Best Buy pc app\3.0.0.0\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.dll.deploy
c:\programdata\Best Buy pc app\3.0.0.0\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll.deploy
c:\programdata\Best Buy pc app\3.0.0.0\Microsoft.Practices.EnterpriseLibrary.Logging.dll.deploy
c:\programdata\Best Buy pc app\3.0.0.0\Microsoft.Practices.ObjectBuilder2.dll.deploy
c:\programdata\Best Buy pc app\3.0.0.0\Microsoft.Practices.ServiceLocation.dll.deploy
c:\programdata\Best Buy pc app\3.0.0.0\Microsoft.Practices.Unity.dll.deploy
c:\programdata\Best Buy pc app\3.0.0.0\Microsoft.WindowsAPICodePack.dll.deploy
c:\programdata\Best Buy pc app\3.0.0.0\Microsoft.WindowsAPICodePack.Shell.dll.deploy
c:\programdata\Best Buy pc app\3.0.0.0\pc app Installer.exe.config.deploy
c:\programdata\Best Buy pc app\3.0.0.0\pc app Installer.exe.deploy
c:\programdata\Best Buy pc app\3.0.0.0\PCImage.Modules.Default.dll.config.deploy
c:\programdata\Best Buy pc app\3.0.0.0\PCImage.Modules.Default.dll.deploy
c:\programdata\Best Buy pc app\3.0.0.0\PCImage.Modules.Home.dll.config.deploy
c:\programdata\Best Buy pc app\3.0.0.0\PCImage.Modules.Home.dll.deploy
c:\programdata\Best Buy pc app\3.0.0.0\PCImage.Modules.Omniture.dll.config.deploy
c:\programdata\Best Buy pc app\3.0.0.0\PCImage.Modules.Omniture.dll.deploy
c:\programdata\Best Buy pc app\3.0.0.0\PCImage.Modules.Omniture.Tests.dll.deploy
c:\programdata\Best Buy pc app\3.0.0.0\PCImage.Modules.Update.dll.config.deploy
c:\programdata\Best Buy pc app\3.0.0.0\PCImage.Modules.Update.dll.deploy
c:\programdata\Best Buy pc app\3.0.0.0\PCImageInfrastructure.dll.config.deploy
c:\programdata\Best Buy pc app\3.0.0.0\PCImageInfrastructure.dll.deploy
c:\programdata\Best Buy pc app\3.0.0.0\Resources\Localization\en-US\RTFs\About.rtf.deploy
c:\programdata\Best Buy pc app\3.0.0.0\Resources\Localization\en-US\RTFs\WelcomeScreen.rtf.deploy
c:\programdata\Best Buy pc app\3.0.0.0\Resources\Localization\en-US\Translations.xml.deploy
c:\programdata\Best Buy pc app\3.0.0.0\Resources\tempCategories.xml.deploy
c:\programdata\Best Buy pc app\3.0.0.0\Resources\TranslationSchema.xsd.deploy
c:\programdata\Best Buy pc app\3.0.0.0\Restarter.exe.deploy
c:\programdata\Best Buy pc app\3.0.0.0\SharpBITS.Base.dll.deploy
c:\programdata\Best Buy pc app\3.0.0.0\ViewModels.dll.config.deploy
c:\programdata\Best Buy pc app\3.0.0.0\ViewModels.dll.deploy
c:\programdata\Best Buy pc app\Best Buy pc app.3.0.0.0.application
c:\programdata\Best Buy pc app\Best Buy pc app.application
c:\programdata\Best Buy pc app\Best Buy pc app.lnk
c:\programdata\Best Buy pc app\ClickOnce.htm
c:\programdata\Best Buy pc app\ClickOnceSetup.exe
c:\programdata\Best Buy pc app\ClickOnceUninstaller.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-11-28 to 2013-12-29 )))))))))))))))))))))))))))))))
.
.
2013-12-29 17:01 . 2013-12-29 17:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-28 17:58 . 2013-12-28 18:19 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-28 17:58 . 2013-12-28 17:58 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-28 17:39 . 2013-12-28 17:39 73280 ----a-w- c:\windows\system32\drivers\disk.sys.bak
2013-12-27 17:49 . 2013-12-27 17:49 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes
2013-12-27 17:48 . 2013-12-27 17:48 -------- d-----w- c:\programdata\Malwarebytes
2013-12-27 17:48 . 2013-12-27 17:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-27 17:48 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-26 03:05 . 2013-12-26 03:05 -------- d-----w- c:\programdata\D6C
2013-12-21 22:59 . 2013-12-28 22:15 -------- d-----w- c:\users\Mr.Christo
2013-12-15 16:04 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-12-12 13:17 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 13:17 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 13:17 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-12 13:17 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-12 13:17 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-10 21:28 . 2013-12-10 21:28 -------- d-----w- c:\program files\iPod
2013-12-10 21:28 . 2013-12-10 21:29 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-10 21:28 . 2013-12-10 21:29 -------- d-----w- c:\program files\iTunes
2013-12-10 21:28 . 2013-12-10 21:29 -------- d-----w- c:\program files (x86)\iTunes
2013-12-10 21:23 . 2013-12-10 21:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-12-10 21:23 . 2013-12-10 21:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-12-10 21:23 . 2013-12-10 21:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-12-10 21:23 . 2013-12-10 21:23 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-12-10 21:23 . 2012-11-11 20:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-15 15:58 . 2011-02-05 22:37 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-11 19:19 . 2012-04-16 13:46 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 19:19 . 2011-05-29 04:39 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-20 07:42 . 2013-10-20 07:42 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-12 02:30 . 2013-11-13 11:17 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 11:17 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 11:17 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 11:17 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 11:17 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-13 11:18 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-13 11:18 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-13 11:17 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-13 11:17 197120 ----a-w- c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-13 11:17 1930752 ----a-w- c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-13 11:17 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-13 11:17 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-13 11:17 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-13 11:17 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-13 11:17 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-10-11 394752]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2013-01-11 1653760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"ArcSoft MediaImpression Monitor"="c:\program files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [2010-11-12 73728]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\NORTON~3\Tools\SPEEDD~1\aDSBatch.exe /startup
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys;c:\windows\SYSNATIVE\drivers\SymDSMon.sys [x]
R3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys;c:\windows\SYSNATIVE\drivers\SymSpeedDisk.sys [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\DRIVERS\ZTEusbgps.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbgps.sys [x]
R3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\DRIVERS\ZTEusbnmeaext.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbnmeaext.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131203.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131227.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131227.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1404000.028\SYMNETS.SYS [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiskDoctorService;Norton Disk Doctor Service;c:\program files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe;c:\program files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [x]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 PGMTrusted;PGMTrusted;c:\program files (x86)\Pogo Games\PGMTrusted.exe;c:\program files (x86)\Pogo Games\PGMTrusted.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SpeedDiskService;Norton SpeedDisk Service;c:\program files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe;c:\program files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 19:19]
.
2013-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-06 20:07]
.
2013-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-06 20:07]
.
2013-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2834582575-273026046-3306951264-1000Core.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-13 23:38]
.
2013-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2834582575-273026046-3306951264-1000UA.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-13 23:38]
.
2013-12-29 c:\windows\Tasks\NUSchedule.job
- c:\program files (x86)\Norton Utilities 15\nu.exe [2012-02-03 15:17]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=4D27194001CD52A215CA5F9F&src_id=31126&camp_id=5039&tb_version=1.2.1000.1(B)
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80114&lng=en
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80114
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
BHO-{C4B8BAB4-1667-11DF-A242-BA9455D89593} - (no file)
BHO-{E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)
Toolbar-Locked - (no file)
Toolbar-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
Toolbar-10 - (no file)
Toolbar-{b278d9f8-0fa9-465e-9938-0c392605d8e3} - (no file)
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application"
WebBrowser-{4AC505EE-0482-4CB3-A0E4-2F1E80F0A596} - (no file)
AddRemove-Advanced Registry Optimizer_is1 - c:\program files (x86)\Advanced Registry Optimizer\unins000.exe
AddRemove-48e4cff94f039634 - c:\programdata\Best Buy pc app\ClickOnceUninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}"=hex:51,66,7a,6c,4c,1d,38,12,14,ec,f3,
65,f2,d5,84,00,e4,39,b0,a9,f5,78,d6,a9
"{6C8DB2EC-499B-4897-A784-0E3186C97E9D}"=hex:51,66,7a,6c,4c,1d,38,12,82,b1,9e,
68,a9,07,f9,0d,d8,92,4d,71,83,97,3a,89
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db,
f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e2,0d,42,c0,85,bf,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fb,bf,89,78,a8,d2,1a,4d,ae,d7,35,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fb,bf,89,78,a8,d2,1a,4d,ae,d7,35,\
.
[HKEY_USERS\S-1-5-21-2834582575-273026046-3306951264-1000\Software\Microsoft\Internet Explorer\Approved Extensions]
@DACL=(02 0000)
"{CD9094DD-9C64-45C6-8CAB-7C3B96825BE3}"=hex:51,66,7a,6c,4c,1d,3b,1b,cd,88,8a,
d7,57,ca,a1,0a,95,a7,3b,7b,94,c6,1d,ff
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,3b,1b,94,f0,49,
77,9d,3c,e0,08,b7,e2,b3,22,8d,45,47,10
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,3b,1b,1e,c7,30,
7a,cc,1c,70,0d,93,ad,d2,9a,c6,9b,e2,14
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,84,92,
82,1e,12,ba,06,80,db,9b,c6,69,ac,3b,a0
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,27,37,
57,8d,3f,1d,08,89,f9,ba,9b,07,71,3f,69
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,3b,1b,f3,f3,f1,
65,2a,3d,2e,0c,81,de,b8,f0,9f,0f,0f,d6
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,3b,1b,28,cb,f6,
34,77,0e,fe,05,ad,ba,53,2b,fa,46,27,27
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-29 12:03:58
ComboFix-quarantined-files.txt 2013-12-29 17:03
ComboFix2.txt 2013-12-28 23:20
.
Pre-Run: 401,253,216,256 bytes free
Post-Run: 400,991,993,856 bytes free
.
- - End Of File - - 54256D7107B11ABDDC913B10710D2AF1
HEY!!!!! I just tried to delete it from the list and it worked!!!!! We did it!!!!! You the man BRONI!!!!!! If you ever come to NY I'll buy you a steak!!!! Or some hummus or whatever!!!!Thanks a million man!!!! )

 

[Broni]

Good news

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Broni]

Still with me?

 

[Broni]

This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.