fujymo

Honorary Members

View Profile See their activity

Posts
47
Joined
March 6, 2012
Last visited
November 8, 2014

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by fujymo

Computer Slow

fujymo replied to fujymo's topic in Resolved Malware Removal Logs

Hello and thanks, The log came up clean. I did run the scan a couple time the last few weeks. On the 6th MBAM found a few trojans. Attached are todays results. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/23/2014 Scan Time: 8:06:04 PM Logfile: mbam.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.23.08 Rootkit Database: v2014.07.17.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Dean Scan Type: Threat Scan Result: Completed Objects Scanned: 360241 Time Elapsed: 46 min, 59 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
- July 24, 2014
- 16 replies
Computer Slow

fujymo posted a topic in Resolved Malware Removal Logs

Hello, The computer has been slow for about a month or two and I have run all of the usual malware programs with little success. Thanks, Fujymo Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014 Ran by Dean (administrator) on DAD-PC on 22-07-2014 20:49:53 Running from C:\Users\Dean\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= () C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe () C:\Program Files (x86)\SMINST\BLService.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink Corp.) C:\Program Files (x86)\Hp\QuickPlay\QPService.exe () C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Microsoft Corporation) C:\Windows\splwow64.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2735400 2011-03-31] (Synaptics Incorporated) HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe [84464 2009-07-21] () HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.) HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1318318006-2019795328-90524039-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [163328 2010-11-20] (Microsoft Corporation) HKU\S-1-5-21-1318318006-2019795328-90524039-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-01-22] (Hewlett-Packard Company) HKU\S-1-5-21-1318318006-2019795328-90524039-1000\...\Run: [spybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\S-1-5-21-1318318006-2019795328-90524039-1000\...\Run: [Google Update] => C:\Users\Dean\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-01-09] (Google Inc.) ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\buShell.dll (Symantec Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {5A0CF0FD-87DC-460F-83D7-77C3A5680955} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF SearchScopes: HKLM - {5A0CF0FD-87DC-460F-83D7-77C3A5680955} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF SearchScopes: HKLM - {800B35F9-A77F-4C65-BAD5-1D7309DD8780} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKLM-x32 - {5A0CF0FD-87DC-460F-83D7-77C3A5680955} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF SearchScopes: HKLM-x32 - {800B35F9-A77F-4C65-BAD5-1D7309DD8780} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql SearchScopes: HKCU - {800B35F9-A77F-4C65-BAD5-1D7309DD8780} URL = BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) BHO-x32: No Name -> {0A87E45F-537A-40B4-B812-E2544C21A09F} -> No File BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) DPF: HKLM-x32 {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab DPF: HKLM-x32 {3BFFE033-BF43-11D5-A271-00A024A51325} https://asomailcls2.faa.gov/iNotes6W.cab DPF: HKLM-x32 {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://asomailcls2.faa.gov/dwa8W.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\ja9lppi8.default-1398472197880 FF Homepage: hxxp://www.bing.com/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.) FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Dean\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Dean\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2014-06-22] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-06-22] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-22] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-28] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-07-12] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-30] Chrome: ======= CHR Extension: (Norton Identity Protection) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-02-16] CHR Extension: (Google Wallet) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-03] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\Exts\Chrome.crx [2014-06-04] CHR StartMenuInternet: Google Chrome - C:\Users\Dean\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] () S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-06-15] (Macrovision Europe Ltd.) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed] R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] () R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe [265040 2014-05-23] (Symantec Corporation) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed] R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-10-06] () R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () [File not signed] R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-10] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-19] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140722.001\IDSvia64.sys [525016 2014-06-19] (Symantec Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140722.008\ENG64.SYS [126040 2014-06-19] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140722.008\EX64.SYS [2099288 2014-06-19] (Symantec Corporation) S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-29] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S3 motccgp; system32\DRIVERS\motccgp.sys [X] S3 motmodem; system32\DRIVERS\motmodem.sys [X] S3 motport; system32\DRIVERS\motport.sys [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-22 20:49 - 2014-07-22 20:50 - 00020073 _____ () C:\Users\Dean\Desktop\FRST.txt 2014-07-22 20:48 - 2014-07-22 20:49 - 00000000 ____D () C:\FRST 2014-07-22 20:46 - 2014-07-22 20:46 - 00002698 _____ () C:\Windows\setupact.log 2014-07-22 20:46 - 2014-07-22 20:46 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-22 20:37 - 2014-07-22 20:38 - 02090496 _____ (Farbar) C:\Users\Dean\Desktop\FRST64.exe 2014-07-17 21:02 - 2014-07-17 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-17 21:02 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-17 21:02 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-17 21:02 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-17 21:02 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-07-17 21:01 - 2014-07-17 21:02 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log 2014-07-11 18:50 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-11 18:50 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-11 18:49 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-11 18:49 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-11 18:49 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-11 18:42 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-11 18:42 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-11 18:42 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-11 18:41 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-11 18:41 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-11 18:41 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-11 18:41 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-11 18:41 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-11 18:41 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-11 18:41 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-11 18:41 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-11 18:41 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-11 18:41 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-11 18:41 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-11 18:41 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-11 18:41 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-11 18:41 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-11 18:41 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-11 18:41 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-11 18:41 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-11 18:41 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-11 18:41 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-11 18:41 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-11 18:41 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-11 18:41 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-11 18:41 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-11 18:41 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-11 18:41 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-11 18:41 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-11 18:41 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-11 18:41 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-11 18:41 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-11 18:41 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-11 18:41 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-11 18:41 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-11 18:41 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-11 18:41 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-11 18:41 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-11 18:41 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-11 18:41 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-11 18:41 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-11 18:41 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-11 18:41 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-11 18:41 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-11 18:41 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-11 18:41 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-11 18:41 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-11 18:41 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-11 18:41 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-11 18:41 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-11 18:41 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-11 18:41 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-11 18:41 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-11 18:41 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-11 18:41 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-11 18:41 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-07-11 18:41 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-11 18:41 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-07-11 18:41 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-07-11 18:41 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-07-11 18:41 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-07-11 18:41 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-07-11 18:41 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-07-11 18:41 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-07-11 18:41 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-07-11 18:41 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-07-11 18:41 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-07-11 18:41 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-07-11 18:41 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-07-11 18:40 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-11 18:40 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-11 18:40 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-11 18:40 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-11 18:40 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-11 18:40 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-11 18:40 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-11 18:24 - 2014-07-11 18:24 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-07-06 17:44 - 2014-07-11 18:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-06 17:43 - 2014-07-06 17:43 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-06 17:43 - 2014-07-06 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-06 17:43 - 2014-07-06 17:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-06 17:43 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-06 17:43 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-22 13:16 - 2014-06-22 13:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2014-07-22 20:50 - 2014-07-22 20:49 - 00020073 _____ () C:\Users\Dean\Desktop\FRST.txt 2014-07-22 20:50 - 2014-02-11 10:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-22 20:49 - 2014-07-22 20:48 - 00000000 ____D () C:\FRST 2014-07-22 20:47 - 2012-02-15 18:36 - 02060295 _____ () C:\Windows\WindowsUpdate.log 2014-07-22 20:46 - 2014-07-22 20:46 - 00002698 _____ () C:\Windows\setupact.log 2014-07-22 20:46 - 2014-07-22 20:46 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-22 20:38 - 2014-07-22 20:37 - 02090496 _____ (Farbar) C:\Users\Dean\Desktop\FRST64.exe 2014-07-22 20:38 - 2010-05-03 21:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-22 20:31 - 2010-06-01 08:56 - 00000000 ____D () C:\Users\Dean\AppData\Local\CrashDumps 2014-07-22 20:03 - 2010-01-09 05:45 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1318318006-2019795328-90524039-1000UA.job 2014-07-22 18:59 - 2010-01-09 05:45 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1318318006-2019795328-90524039-1000Core.job 2014-07-22 18:54 - 2010-05-03 21:01 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-20 19:59 - 2009-09-02 16:10 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\vlc 2014-07-18 17:45 - 2010-01-09 05:46 - 00002357 _____ () C:\Users\Dean\Desktop\Google Chrome.lnk 2014-07-17 21:03 - 2013-10-16 18:55 - 00000000 ____D () C:\ProgramData\Oracle 2014-07-17 21:02 - 2014-07-17 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-17 21:02 - 2014-07-17 21:01 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log 2014-07-17 21:02 - 2009-04-20 20:52 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-16 17:59 - 2010-01-06 13:13 - 00011104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-16 17:59 - 2010-01-06 13:13 - 00011104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-13 18:53 - 2014-02-26 23:03 - 00000000 ____D () C:\Users\Dean\Downloads\taxes 2014-07-13 15:09 - 2012-10-21 14:51 - 00000000 ____D () C:\Users\Dean\Downloads\Browsers 2014-07-12 09:34 - 2010-01-06 15:15 - 00000290 _____ () C:\ProgramData\hpqp.ini 2014-07-12 09:34 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2014-07-12 08:07 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-12 08:07 - 2009-07-14 00:45 - 05001200 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-12 08:06 - 2012-04-24 16:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-12 08:03 - 2014-05-07 22:01 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-12 08:03 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-12 08:03 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-07-12 08:03 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-07-12 07:43 - 2009-11-04 01:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-07-12 07:32 - 2013-08-14 05:23 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-12 07:25 - 2010-01-15 23:51 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-11 18:49 - 2014-07-06 17:44 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-11 18:25 - 2014-02-11 10:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-11 18:25 - 2013-08-20 22:11 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-11 18:25 - 2013-08-20 22:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-11 18:24 - 2014-07-11 18:24 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-07-11 03:02 - 2014-07-17 21:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-11 02:56 - 2014-07-17 21:02 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-11 02:56 - 2014-07-17 21:02 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-11 02:55 - 2014-07-17 21:02 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-07-06 18:12 - 2012-06-09 10:16 - 00007607 _____ () C:\Users\Dean\AppData\Local\resmon.resmoncfg 2014-07-06 17:43 - 2014-07-06 17:43 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-06 17:43 - 2014-07-06 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-06 17:43 - 2014-07-06 17:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-06 17:43 - 2011-02-27 17:13 - 00000000 ____D () C:\Users\Dean\AppData\Roaming\Malwarebytes 2014-07-06 17:43 - 2011-02-27 17:13 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-05 18:22 - 2012-02-27 20:15 - 00000000 ____D () C:\Users\Dean\Documents\Logos Log Files 2014-06-29 22:09 - 2014-07-11 18:50 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-29 22:04 - 2014-07-11 18:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-24 21:58 - 2010-01-09 05:45 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1318318006-2019795328-90524039-1000UA 2014-06-24 21:58 - 2010-01-09 05:45 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1318318006-2019795328-90524039-1000Core 2014-06-23 21:12 - 2009-07-14 01:13 - 00838620 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-22 13:16 - 2014-06-22 13:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-12 09:24 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014 Ran by Dean at 2014-07-22 20:51:20 Running from C:\Users\Dean\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden ACDSee (HKLM-x32\...\ACDSee) (Version: - ) Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.7.258 - Adobe Systems Incorporated) Acrobat.com (x32 Version: 1.7.258 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated) Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated) Adobe Photoshop Elements 6.0 (HKLM-x32\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems Inc.) Adobe Photoshop Elements 6.0 (x32 Version: 6.0 - Adobe Systems Inc.) Hidden Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon) AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies) Any Video Converter 3.5.8 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CamStudio (HKLM-x32\...\CamStudio) (Version: - ) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - ‎Canon Inc.‬) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬) Canon MG6300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6300_series) (Version: 1.00 - Canon Inc.) Canon MG6300 series On-screen Manual (HKLM-x32\...\Canon MG6300 series On-screen Manual) (Version: 7.5.0 - Canon Inc.) Canon MG6300 series User Registration (HKLM-x32\...\Canon MG6300 series User Registration) (Version: - Canon Inc.‎) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform) CDCheck (HKLM-x32\...\CDCheck) (Version: - ) CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.0.63 - CinemaNow, Inc.) Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.2.10260.0 - Cisco Consumer Products LLC) Comcast Access (HKLM-x32\...\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1) (Version: ComcastAccess-1.57 - Comcast Cable Communications Management LLC) Comcast Access (x32 Version: 1.57 - Comcast Cable Communications Management LLC) Hidden Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Core Temp version 0.99.8 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 0.99.8 - Arthur Liberman) CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2203 - CyberLink Corp.) CyberLink DVD Suite (x32 Version: 6.0.2203 - CyberLink Corp.) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2328 - CyberLink Corp.) CyberLink YouCam (x32 Version: 2.0.2328 - CyberLink Corp.) Hidden DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden DivX Converter (HKLM-x32\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.) DivX Converter (HKLM-x32\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.) DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.2.0 - DivX, Inc.) DivX Plus DirectShow Filters (HKLM-x32\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.) DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC) DivX Version Checker (HKLM-x32\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.2 - DivX, Inc.) DivX Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.5.0 - DivX,Inc.) DVDFab 8.0.7.3 (29/01/2011) (HKLM\...\DVDFab 8 Retail zoo_is1) (Version: - ) eMule MorphXT 12.6 (HKLM-x32\...\eMule MorphXT_is1) (Version: - Morph team) ESU for Microsoft Vista (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version: - ) HP Doc Viewer (HKLM-x32\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard) HP DVD Play 3.7 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.5723 - Hewlett-Packard) HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation) iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.) Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle) Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden Juno Preloader (HKLM-x32\...\{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}) (Version: 1.0.0 - Juno, Inc.) K-Lite Codec Pack 4.0.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 4.0.0 - ) LightScribe System Software (HKLM-x32\...\{FA8BFB25-BF48-4F8B-8859-B30810745190}) (Version: 1.18.11.1 - LightScribe) Logos 4 Prerequisites (HKLM-x32\...\{36EEF1F4-86B9-44C1-A24D-86D4E5777DD8}) (Version: 4.63.00327 - Logos Bible Software) Logos Bible Software 4 (HKLM-x32\...\{EAD8A4BB-4505-482C-9705-A599F1E88623}) (Version: 4.63.00409 - Logos Bible Software) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MariusSoft Disk Scrubber (HKLM-x32\...\{083A7AA2-8871-42B0-8513-7428F44DFC38}) (Version: 1.0.0 - MariusSoft LLC) Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 1.1 Security Update (KB953297) (HKLM-x32\...\M953297) (Version: - ) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden MotoHelper 2.0.45 Driver 5.0.0 (HKLM-x32\...\MotoHelper) (Version: 2.0.45 - Motorola) MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden Motorola Mobile Drivers Installation 5.0.0 (Version: 5.0.0 - Motorola Inc.) Hidden Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MP4 Player (HKLM-x32\...\MP4 Player) (Version: - ) MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) muvee Reveal (HKLM-x32\...\{DE626616-D7C4-4F00-7E0B-EAF26FA65749}) (Version: 7.0.43.12698 - muvee Technologies Pte Ltd) NetWaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc) Norton Security Suite (HKLM-x32\...\N360) (Version: 21.3.0.12 - Symantec Corporation) NTFS Undelete v0.94 (HKLM-x32\...\NTFS Undelete_is1) (Version: 0.94 - Atola Technology) PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio) Player (HKCU\...\QUICKMEDIACONVERTER) (Version: - ) Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2202 - CyberLink Corp.) Power2Go (x32 Version: 6.0.2202 - CyberLink Corp.) Hidden PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2201 - CyberLink Corp.) PowerDirector (x32 Version: 7.0.2201 - CyberLink Corp.) Hidden Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.2.22 - Intuit) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) RAR Password Unlocker (HKLM-x32\...\{69B77D45-F5AD-4AB9-933D-352703324469}_is1) (Version: - RAR Password Unlocker, Inc.) Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.) REA's TESTware for CLEP Western Civilization II (HKLM-x32\...\{8ECD830A-986D-4FF3-ADBF-FCF7525C7F58}) (Version: 1.4.5 - REA, Inc. ) Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden Roxio Burn (x32 Version: 1.0.0 - Roxio) Hidden Roxio Burn Manager (x32 Version: 1.0.0 - Roxio) Hidden Roxio Burn Manager CDB (x32 Version: 1.0 - Roxio) Hidden Roxio CinePlayer (x32 Version: 5.3 - Roxio) Hidden Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden Roxio Creator 2009 Special Edition (x32 Version: 1.2.193 - Roxio) Hidden Roxio Creator 2010 Content (x32 Version: 12.0.013 - Roxio) Hidden Roxio Creator 2010 Special Edition (HKLM-x32\...\{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}) (Version: 12.0 - Roxio) Roxio Creator 2010 Special Edition (x32 Version: 5.0.0 - Roxio) Hidden Roxio PhotoShow (HKLM-x32\...\Roxio PhotoShow) (Version: 6.0 - Roxio) Roxio Venue (x32 Version: 2.2.170 - Sonic Solutions) Hidden Roxio Video Capture USB (x32 Version: 1.22.0000 - Roxio) Hidden Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.) Sid Meier's Civilization 4 (HKLM-x32\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.74 - Firaxis Games) Sid Meier's Civilization 4 (x32 Version: 1.61 - Firaxis Games) Hidden Sigil 0.6.0 (HKLM\...\Sigil_is1) (Version: - John Schember) SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc) SmartSound Quicktracks Plugin (x32 Version: 3.0.8.0 - SmartSound Software Inc) Hidden Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.20.0 - Synaptics Incorporated) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden VDownloader 1.0 (HKLM-x32\...\{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1) (Version: - Enrique Puertas) Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation) Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Windows 7 Codec Pack 4.0.8 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.0.8 - Windows 7 Codec Pack) WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi)) ==================== Restore Points ========================= 12-07-2014 13:32:28 Scheduled Checkpoint 18-07-2014 00:58:48 Installed Java 7 Update 65 ==================== Hosts content: ========================== 2006-11-02 08:34 - 2014-02-18 17:36 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {02BB3953-C752-4932-AAB1-B2C89D3C9118} - System32\Tasks\{81ACC53A-6352-4053-890D-BD79DAC6371D} => E:\DATA\OTII16.EXE Task: {036116DD-EB13-4542-AFC7-06C98CB73200} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1318318006-2019795328-90524039-1000Core => C:\Users\Dean\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-09] (Google Inc.) Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {0BD0D874-F0F3-49DF-9C81-D2F7199893BC} - System32\Tasks\{54EEBD16-6C1D-4D01-BA14-A8D6D37175E7} => C:\Program Files (x86)\Skype\Phone\Skype.exe Task: {0DDEDA3E-52D2-435C-ADB0-CD64487C4D26} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18] (Google Inc.) Task: {1A7A5C59-B200-4FD5-9D04-F145B38769E5} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {28BDEF8E-1578-4168-B991-F120C30ADE75} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1318318006-2019795328-90524039-1000UA => C:\Users\Dean\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-09] (Google Inc.) Task: {436CCCB1-7BD3-4630-9476-D34E354C4BB1} - System32\Tasks\{F5333573-639A-4CFF-B343-0DC482C4C308} => E:\DATA\OTII16.EXE Task: {465AF390-F68A-4E7D-AE40-F78FC766714F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18] (Google Inc.) Task: {4F4E3B3A-DCB5-478F-BBF2-9DD52BA8228C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd) Task: {50F32EBC-53B3-466E-B302-D96687EB3F0D} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] () Task: {5FC2897B-33C7-4B57-B92A-69882ADF41D4} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: {710023D8-B07B-485D-B98F-C4B28A794194} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation) Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs Task: {741D0D26-DFC3-468D-91B4-631ABE1C011D} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2009-07-13] (Microsoft Corporation) Task: {79DF4E53-18F3-497B-A045-85770EE03077} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {8DCB71AC-BD66-4055-BFD6-D9D3E99F6EE4} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] () Task: {9DD852BB-10CD-4202-9D5D-56E74677DACA} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] () Task: {A1BB1C59-7DB6-456D-8637-15E2393B27C9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A29F3B3E-470A-4497-B309-EB96687747AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-11] (Adobe Systems Incorporated) Task: {B508D2DF-78BA-48AB-BBF8-A3AA9D6FA6EA} - System32\Tasks\AdobeAAMUpdater-1.0-Dad-PC-Kelsey => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated) Task: {E0E0D6CC-772D-4FFE-9D9B-8CE7FE30B42C} - System32\Tasks\{04505B05-C53F-4D2E-A2D9-0B1623D7F78D} => E:\DATA\OTII16.EXE Task: {E8399C9F-4B20-45BF-ADC5-E992A1B39660} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] () Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1318318006-2019795328-90524039-1000Core.job => C:\Users\Dean\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1318318006-2019795328-90524039-1000UA.job => C:\Users\Dean\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2007-09-11 00:45 - 2007-09-11 00:45 - 00124832 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe 2011-01-27 17:13 - 2011-01-27 17:13 - 00226624 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe 2009-04-20 20:56 - 2008-10-06 12:54 - 00365952 _____ () C:\Program Files (x86)\SMINST\BLService.exe 2009-04-20 20:49 - 2008-09-15 10:13 - 00241734 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2009-08-31 22:46 - 2009-08-16 17:06 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll 2011-01-27 17:13 - 2011-01-27 17:13 - 00673088 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe 2009-07-21 12:50 - 2009-07-21 12:50 - 00084464 _____ () C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe 2009-08-10 07:26 - 2008-09-23 20:21 - 00074536 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\Common\MCEMediaStatus64.dll 2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2009-04-20 20:56 - 2008-10-06 12:54 - 00132480 _____ () C:\Program Files (x86)\SMINST\STWmiM.dll 2010-01-22 10:29 - 2010-01-22 10:29 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll 2010-01-22 10:30 - 2010-01-22 10:30 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll 2010-01-22 10:29 - 2010-01-22 10:29 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll 2014-06-22 13:16 - 2014-06-22 13:16 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe" MSCONFIG\startupreg: MP4 Player => "C:\Program Files (x86)\MP4 Player\mp4Player.exe" hmw MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" MSCONFIG\startupreg: UpdatePDIRShortCut => "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/21/2014 09:14:30 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 13198 Error: (07/21/2014 09:14:30 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 13198 Error: (07/21/2014 09:14:30 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/21/2014 09:14:29 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 11763 Error: (07/21/2014 09:14:29 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 11763 Error: (07/21/2014 09:14:29 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/21/2014 09:14:28 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10687 Error: (07/21/2014 09:14:28 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10687 Error: (07/21/2014 09:14:28 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/21/2014 09:14:27 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9392 System errors: ============= Error: (07/21/2014 08:47:42 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wscsvc service. Error: (07/12/2014 09:32:25 AM) (Source: volsnap) (EventID: 14) (User: ) Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:. Error: (07/12/2014 09:31:44 AM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (07/12/2014 09:31:44 AM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (07/12/2014 09:31:44 AM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (07/12/2014 09:31:44 AM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (07/12/2014 09:31:44 AM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (07/12/2014 09:31:44 AM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (07/12/2014 09:31:44 AM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (07/12/2014 09:31:44 AM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Microsoft Office Sessions: ========================= Error: (07/21/2014 09:14:30 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 13198 Error: (07/21/2014 09:14:30 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 13198 Error: (07/21/2014 09:14:30 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/21/2014 09:14:29 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 11763 Error: (07/21/2014 09:14:29 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 11763 Error: (07/21/2014 09:14:29 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/21/2014 09:14:28 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10687 Error: (07/21/2014 09:14:28 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10687 Error: (07/21/2014 09:14:28 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/21/2014 09:14:27 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9392 CodeIntegrity Errors: =================================== Date: 2014-02-18 16:36:01.409 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-18 16:36:01.336 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2009-12-13 08:18:49.388 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2009-12-13 08:18:49.326 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2009-12-13 08:18:49.216 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2009-12-13 08:18:49.123 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2009-12-13 08:18:49.060 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2009-12-11 09:37:22.615 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2009-12-11 09:37:22.549 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2009-12-11 09:37:22.480 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 50% Total physical RAM: 3999.19 MB Available physical RAM: 1990.85 MB Total Pagefile: 7996.56 MB Available Pagefile: 5600.59 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:285.81 GB) (Free:71.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (RECOVERY) (Fixed) (Total:12.28 GB) (Free:1.96 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: AA0A7A18) Partition 1: (Active) - (Size=286 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS) ==================== End Of Log ============================
- July 23, 2014
- 16 replies
May be Infected

fujymo replied to fujymo's topic in Resolved Malware Removal Logs

All finished and computer is running great!! Thanks, Dean
- February 25, 2014
- 20 replies
May be Infected

fujymo replied to fujymo's topic in Resolved Malware Removal Logs

Gringo, All Complete still running well. Deleted all of the files from Hijack This and here is the one item ESET found during the scan. Thanks C:\Users\Kim\Downloads\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
- February 25, 2014
- 20 replies
May be Infected

fujymo replied to fujymo's topic in Resolved Malware Removal Logs

Gringo, Done, and IE is running fine now. No problems.
- February 24, 2014
- 20 replies
May be Infected

fujymo replied to fujymo's topic in Resolved Malware Removal Logs

Well all is not as good as I thought. I am posting this on Google Chrome. My wife uses IE normally and it is not working properly. Yahoo is her home page and it will not load. I can get another page to load then the third page I have to fight to get to load. She just told me she has been having trouble with the "Shop at Home" on here that it loads whenever she starts a link on yahoo. She is not sure where it came from. Thanks, Dean
- February 22, 2014
- 20 replies
May be Infected

fujymo replied to fujymo's topic in Resolved Malware Removal Logs

Gringo, Computer is running much better and faster. Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.02.22.01 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16518Kim :: KIM-PC [administrator] 02/21/2014 10:14:08 PMmbam-log-2014-02-21 (22-14-08).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 275970Time elapsed: 11 minute(s), 29 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:32:22 PM, on 02/21/2014Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.16518)Boot mode: Normal Running processes:C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exeC:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exeC:\Program Files\ltmoh\ltmoh.exeC:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exeC:\Users\Kim\AppData\Local\Autobahn\nexdef.exeC:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXEC:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exeC:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeC:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.acC:\Program Files (x86)\Common Files\PX Storage Engine\VxBlockServer.exeC:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Users\Kim\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=21R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllO2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dllO2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\IPSBHO.DLLO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLLO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLLO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllO3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dllO3 - Toolbar: CouponXplorer - {65c72339-fb1d-4155-84e1-9afacee02d6f} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll (file missing)O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dllO4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorunO4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDEDO4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe"O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -sO4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeO4 - HKLM\..\Run: [shopAtHomeWatcher] C:\Users\Kim\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exeO4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logonO4 - HKLM\..\Run: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCEO4 - HKLM\..\Run: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorunO4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAAyADYANgAyADIAMgA5ADcALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAEYAOQBNACsAMQAtAEYAOQBNADcAQQArADUALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADQA"&"prod=90"&"ver=9.0.872O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorunO4 - Startup: NexDef Plug-in.lnk = Kim\AppData\Local\Autobahn\nexdef.exeO4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXEO9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllO9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO15 - Trusted Zone: http://redirect.sonic.comO15 - Trusted Zone: http://redirect2.sonic.comO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O17 - HKLM\System\CCS\Services\Tcpip\..\{F451319F-CA52-4D3E-9915-9D90ED80171B}: NameServer = 8.8.8.8,8.8.4.4O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLLO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLO23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exeO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exeO23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exeO23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exeO23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exeO23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: CouponXplorerService (CouponXplorer_5zService) - Unknown owner - C:\PROGRA~2\COUPON~2\bar\1.bin\5zbarsvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)O23 - Service: Fitbit Connect Service (Fitbit Connect) - Fitbit, Inc. - C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exeO23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXEO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exeO23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)O23 - Service: RoxMediaDB12 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exeO23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exeO23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)O23 - Service: TOSHIBA Modem region select service (RSELSVC) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\rselect\RSelSvc.exeO23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exeO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exeO23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exeO23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exeO23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exeO23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --End of file - 16646 bytes
- February 22, 2014
- 20 replies
May be Infected

fujymo replied to fujymo's topic in Resolved Malware Removal Logs

Computer is doing much better. No pop-ups on start up saying it cannot find a file.. Seems to be running faster. Here is the log. ComboFix 14-02-20.01 - Kim 02/21/2014 16:18:22.2.2 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.2207 [GMT -5:00]Running from: C:\Users\Kim\Downloads\ComboFix.exeCommand switches used :: C:\Users\Kim\Downloads\CFScript.txtAV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ((((((((((((((((((((((((( Files Created from 2014-01-21 to 2014-02-21 ))))))))))))))))))))))))))))))) 2014-02-21 21:30:40 . 2014-02-21 21:30:40 -------- d-----w- C:\Users\Default\AppData\Local\temp2014-02-21 21:30:40 . 2014-02-21 21:30:40 -------- d-----w- C:\Users\dad\AppData\Local\temp2014-02-21 21:30:40 . 2014-02-21 21:30:40 -------- d-----w- C:\Users\Administrator\AppData\Local\temp2014-02-21 16:21:08 . 2014-02-21 16:21:08 -------- d-----w- C:\windows\ERUNT2014-02-21 16:10:25 . 2014-02-21 16:13:18 -------- d-----w- C:\AdwCleaner2014-02-12 00:38:55 . 2013-12-21 09:53:45 548864 ----a-w- C:\windows\system32\vbscript.dll2014-02-12 00:38:55 . 2013-12-21 08:56:47 454656 ----a-w- C:\windows\SysWow64\vbscript.dll2014-02-11 18:56:47 . 2013-12-06 02:30:08 1882112 ----a-w- C:\windows\system32\msxml3.dll2014-02-08 17:57:47 . 2014-02-08 17:58:10 -------- d-----w- C:\ProgramData\FitbitConnect2014-02-08 17:57:47 . 2014-02-08 17:58:08 -------- d-----w- C:\Program Files (x86)\Fitbit Connect2014-02-07 16:36:30 . 2014-02-07 16:36:30 -------- d-----w- C:\Program Files (x86)\ESET. (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2014-02-21 19:43:23 . 2012-08-30 19:39:10 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe2014-02-21 19:43:23 . 2011-11-10 11:19:40 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-02-16 14:42:26 . 2010-02-23 01:01:10 88567024 ----a-w- C:\windows\system32\MRT.exe2013-12-09 08:26:35 . 2013-12-09 08:26:35 940032 ----a-w- C:\windows\system32\MsSpellCheckingFacility.exe2013-12-09 08:26:35 . 2013-12-09 08:26:35 194048 ----a-w- C:\windows\SysWow64\elshyph.dll2013-12-09 08:26:27 . 2013-12-09 08:26:27 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe2013-12-09 08:26:27 . 2013-12-09 08:26:27 645120 ----a-w- C:\windows\SysWow64\jsIntl.dll2013-12-09 08:26:27 . 2013-12-09 08:26:27 34816 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll2013-12-09 08:26:27 . 2013-12-09 08:26:27 235008 ----a-w- C:\windows\system32\elshyph.dll2013-12-09 08:26:27 . 2013-12-09 08:26:27 182272 ----a-w- C:\windows\SysWow64\msls31.dll2013-12-09 08:26:26 . 2013-12-09 08:26:26 62464 ----a-w- C:\windows\SysWow64\tdc.ocx2013-12-09 08:26:26 . 2013-12-09 08:26:26 337408 ----a-w- C:\windows\SysWow64\html.iec2013-12-09 08:26:26 . 2013-12-09 08:26:26 24576 ----a-w- C:\windows\SysWow64\licmgr10.dll2013-12-09 08:26:26 . 2013-12-09 08:26:26 151552 ----a-w- C:\windows\SysWow64\iexpress.exe2013-12-09 08:26:26 . 2013-12-09 08:26:26 139264 ----a-w- C:\windows\SysWow64\wextract.exe2013-12-09 08:26:26 . 2013-12-09 08:26:26 1051136 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll2013-12-09 08:26:25 . 2013-12-09 08:26:25 86016 ----a-w- C:\windows\SysWow64\iesysprep.dll2013-12-09 08:26:25 . 2013-12-09 08:26:25 74240 ----a-w- C:\windows\SysWow64\SetIEInstalledDate.exe2013-12-09 08:26:25 . 2013-12-09 08:26:25 61952 ----a-w- C:\windows\SysWow64\MshtmlDac.dll2013-12-09 08:26:25 . 2013-12-09 08:26:25 48640 ----a-w- C:\windows\SysWow64\mshtmler.dll2013-12-09 08:26:25 . 2013-12-09 08:26:25 36352 ----a-w- C:\windows\SysWow64\imgutil.dll2013-12-09 08:26:25 . 2013-12-09 08:26:25 13312 ----a-w- C:\windows\SysWow64\mshta.exe2013-12-09 08:26:25 . 2013-12-09 08:26:25 111616 ----a-w- C:\windows\SysWow64\IEAdvpack.dll2013-12-09 08:26:24 . 2013-12-09 08:26:24 942592 ----a-w- C:\windows\system32\jsIntl.dll2013-12-09 08:26:24 . 2013-12-09 08:26:24 86016 ----a-w- C:\windows\system32\RegisterIEPKEYs.exe2013-12-09 08:26:24 . 2013-12-09 08:26:24 247808 ----a-w- C:\windows\system32\msls31.dll2013-12-09 08:26:23 . 2013-12-09 08:26:23 90112 ----a-w- C:\windows\system32\SetIEInstalledDate.exe2013-12-09 08:26:23 . 2013-12-09 08:26:23 52224 ----a-w- C:\windows\system32\msfeedsbs.dll2013-12-09 08:26:23 . 2013-12-09 08:26:23 48640 ----a-w- C:\windows\system32\mshtmler.dll2013-12-09 08:26:23 . 2013-12-09 08:26:23 13312 ----a-w- C:\windows\system32\msfeedssync.exe2013-12-09 08:26:23 . 2013-12-09 08:26:23 131072 ----a-w- C:\windows\system32\IEAdvpack.dll2013-12-09 08:26:23 . 2013-12-09 08:26:23 105984 ----a-w- C:\windows\system32\iesysprep.dll2013-12-09 08:26:22 . 2013-12-09 08:26:22 84992 ----a-w- C:\windows\system32\mshtmled.dll2013-12-09 08:26:22 . 2013-12-09 08:26:22 81408 ----a-w- C:\windows\system32\icardie.dll2013-12-09 08:26:22 . 2013-12-09 08:26:22 77312 ----a-w- C:\windows\system32\tdc.ocx2013-12-09 08:26:22 . 2013-12-09 08:26:22 616104 ----a-w- C:\windows\system32\ieapfltr.dat2013-12-09 08:26:22 . 2013-12-09 08:26:22 453120 ----a-w- C:\windows\system32\dxtmsft.dll2013-12-09 08:26:22 . 2013-12-09 08:26:22 413696 ----a-w- C:\windows\system32\html.iec2013-12-09 08:26:22 . 2013-12-09 08:26:22 40448 ----a-w- C:\windows\system32\JavaScriptCollectionAgent.dll2013-12-09 08:26:22 . 2013-12-09 08:26:22 30208 ----a-w- C:\windows\system32\licmgr10.dll2013-12-09 08:26:22 . 2013-12-09 08:26:22 296960 ----a-w- C:\windows\system32\dxtrans.dll2013-12-09 08:26:22 . 2013-12-09 08:26:22 263376 ----a-w- C:\windows\system32\iedkcs32.dll2013-12-09 08:26:22 . 2013-12-09 08:26:22 243200 ----a-w- C:\windows\system32\webcheck.dll2013-12-09 08:26:22 . 2013-12-09 08:26:22 235520 ----a-w- C:\windows\system32\url.dll2013-12-09 08:26:22 . 2013-12-09 08:26:22 167424 ----a-w- C:\windows\system32\iexpress.exe2013-12-09 08:26:22 . 2013-12-09 08:26:22 143872 ----a-w- C:\windows\system32\wextract.exe2013-12-09 08:26:22 . 2013-12-09 08:26:22 1228800 ----a-w- C:\windows\system32\mshtmlmedia.dll2013-12-09 08:26:22 . 2013-12-09 08:26:22 101376 ----a-w- C:\windows\system32\inseng.dll2013-12-09 08:26:21 . 2013-12-09 08:26:21 83968 ----a-w- C:\windows\system32\MshtmlDac.dll2013-12-09 08:26:21 . 2013-12-09 08:26:21 774144 ----a-w- C:\windows\system32\jscript.dll2013-12-09 08:26:21 . 2013-12-09 08:26:21 62464 ----a-w- C:\windows\system32\pngfilt.dll2013-12-09 08:26:21 . 2013-12-09 08:26:21 48128 ----a-w- C:\windows\system32\imgutil.dll2013-12-09 08:26:21 . 2013-12-09 08:26:21 147968 ----a-w- C:\windows\system32\occache.dll2013-12-09 08:26:21 . 2013-12-09 08:26:21 13824 ----a-w- C:\windows\system32\mshta.exe2013-12-09 08:26:21 . 2013-12-09 08:26:21 135680 ----a-w- C:\windows\system32\iepeers.dll2013-11-27 01:41:37 . 2014-01-15 12:47:55 343040 ----a-w- C:\windows\system32\drivers\usbhub.sys2013-11-27 01:41:15 . 2014-01-15 12:47:55 99840 ----a-w- C:\windows\system32\drivers\usbccgp.sys2013-11-27 01:41:11 . 2014-01-15 12:47:55 53248 ----a-w- C:\windows\system32\drivers\usbehci.sys2013-11-27 01:41:11 . 2014-01-15 12:47:55 325120 ----a-w- C:\windows\system32\drivers\usbport.sys2013-11-27 01:41:09 . 2014-01-15 12:47:55 25600 ----a-w- C:\windows\system32\drivers\usbohci.sys2013-11-27 01:41:06 . 2014-01-15 12:47:55 30720 ----a-w- C:\windows\system32\drivers\usbuhci.sys2013-11-27 01:41:03 . 2014-01-15 12:47:55 7808 ----a-w- C:\windows\system32\drivers\usbd.sys2013-11-26 11:40:00 . 2014-01-15 12:47:53 376768 ----a-w- C:\windows\system32\drivers\netio.sys2013-11-26 10:32:56 . 2014-01-15 12:47:54 3156480 ----a-w- C:\windows\system32\win32k.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{65c72339-fb1d-4155-84e1-9afacee02d6f}"= "C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll" [bU]"{311B58DC-A4DC-4B04-B1B5-60299AD3D803}"= "C:\Users\Kim\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll" [2013-01-29 18:42:12 2572664] [HKEY_CLASSES_ROOT\clsid\{65c72339-fb1d-4155-84e1-9afacee02d6f}] [HKEY_CLASSES_ROOT\clsid\{311b58dc-a4dc-4b04-b1b5-60299ad3d803}][HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome.3][HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}][HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SpybotSD TeaTimer"="C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 21:07:20 2260480]"Fitbit Connect"="C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" [2014-01-10 20:06:50 3362336] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"ToshibaServiceStation"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 18:45:54 1295736]"TWebCamera"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 19:37:50 2446648]"NortonOnlineBackupReminder"="C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 06:30:54 529256]"RoxWatchTray"="C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [2009-07-24 13:33:24 240112]"CPMonitor"="C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 16:50:02 84464]"Desktop Disc Tool"="C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-23 06:18:52 494064]"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 20:27:46 89184]"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2010-11-29 22:38:18 421888]"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 19:33:40 421160]"Nikon Message Center 2"="C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-26 00:16:16 619008]"ArcSoft Connection Service"="C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-06 18:30:16 195072]"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 16:57:26 959904]"ShopAtHomeWatcher"="C:\Users\Kim\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe" [2013-01-29 18:42:20 119672]"CanonQuickMenu"="C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 17:26:14 1273448]"IJNetworkScannerSelectorEX"="C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-03-26 21:35:16 449168]"Fitbit Connect"="C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" [2014-01-10 20:06:50 3362336] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA&inst=NwA3AC0ANAAyADYANgAyADIAMgA5ADcALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAEYAOQBNACsAMQAtAEYAOQBNADcAQQArADUALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADQA∏=90&ver=9.0.872" [?] C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk - C:\Users\Kim\AppData\Local\Autobahn\nexdef.exe [2011-8-11 15490560]OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0) R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 CouponXplorer_5zService;CouponXplorerService;C:\PROGRA~2\COUPON~2\bar\1.bin\5zbarsvc.exe;C:\PROGRA~2\COUPON~2\bar\1.bin\5zbarsvc.exe [x]R2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [x]R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x]R3 BTCFilterService;USB Networking Driver Filter Service;C:\windows\system32\DRIVERS\motfilt.sys;C:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]R3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\system32\IEEtwCollector.exe;C:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 motccgp;Motorola USB Composite Device Driver;C:\windows\system32\DRIVERS\motccgp.sys;C:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]R3 motccgpfl;MotCcgpFlService;C:\windows\system32\DRIVERS\motccgpfl.sys;C:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]R3 Motousbnet;Motorola USB Networking Driver Service;C:\windows\system32\DRIVERS\Motousbnet.sys;C:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]R3 motusbdevice;Motorola USB Dev Driver;C:\windows\system32\DRIVERS\motusbdevice.sys;C:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]R3 RoxMediaDB12;RoxMediaDB12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys;C:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]R3 RtsUIR;Realtek IR Driver;C:\windows\system32\DRIVERS\Rts516xIR.sys;C:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]R3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys;C:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys;C:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe;C:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\system32\DRIVERS\wdcsam64.sys;C:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [x]S0 PxHlpa64;PxHlpa64;C:\windows\System32\Drivers\PxHlpa64.sys;C:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]S0 SymDS;Symantec Data Store;C:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS;C:\windows\SYSNATIVE\drivers\N360x64\0404000.00C\SYMDS64.SYS [x]S0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS;C:\windows\SYSNATIVE\drivers\N360x64\0404000.00C\SYMEFA64.SYS [x]S0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys;C:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20140214.001\BHDrvx64.sys;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [x]S1 ccHP;Symantec Hash Provider;C:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys;C:\windows\SYSNATIVE\drivers\N360x64\0404000.00C\ccHPx64.sys [x]S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20140220.001\IDSvia64.sys;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20140220.001\IDSvia64.sys [x]S1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS;C:\windows\SYSNATIVE\drivers\N360x64\0404000.00C\Ironx64.SYS [x]S1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS;C:\windows\SYSNATIVE\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [x]S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]S2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]S2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [x]S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]S2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [x]S2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [x]S2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe;C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe [x]S2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [x]S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe;C:\Program Files\TOSHIBA\TECO\TecoService.exe [x]S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys;C:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]S3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys;C:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]S3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys;C:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys;C:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\windows\system32\DRIVERS\RTL8187B.sys;C:\windows\SYSNATIVE\DRIVERS\RTL8187B.sys [x]S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [x] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-02-21 05:05:18 1150280 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe Contents of the 'Scheduled Tasks' folder 2014-02-21 C:\windows\Tasks\Adobe Flash Player Updater.job- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-30 19:39:12 . 2014-02-21 19:43:23] 2014-02-21 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 21:19:19 . 2010-02-09 21:19:11] 2014-02-21 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 21:19:19 . 2010-02-09 21:19:11] --------- X64 Entries ----------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="C:\windows\system32\igfxtray.exe" [2009-09-02 22:27:38 165912]"HotKeysCmds"="C:\windows\system32\hkcmd.exe" [2009-09-02 22:27:26 387608]"Persistence"="C:\windows\system32\igfxpers.exe" [2009-09-02 22:27:32 365592]"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 05:14:20 7982112]"SynTPEnh"="C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]"TPwrMain"="C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]"SmoothView"="C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe" [bU]"00TCrdMain"="C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU]"TosWaitSrv"="C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU]"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2008-09-25 23:49:00 195080]"Teco"="C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" [bU]"SmartFaceVWatcher"="C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [bU]"TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 19:41:54 709976]"TosNC"="C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU]"TosReelTimeMonitor"="C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU] ------- Supplementary Scan ------- uLocal Page = C:\windows\system32\blank.htmmLocal Page = C:\Windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localuSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.comIE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105Trusted Zone: cinemanow.comTrusted Zone: qflix.comTrusted Zone: roxio.comTrusted Zone: sonic.com\redirectTrusted Zone: sonic.com\redirect2TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1TCP: Interfaces\{F451319F-CA52-4D3E-9915-9D90ED80171B}: NameServer = 8.8.8.8,8.8.4.4TCP: Interfaces\{F451319F-CA52-4D3E-9915-9D90ED80171B}\3464340275962756C6563737: NameServer = 8.8.8.8,8.8.4.4TCP: Interfaces\{F451319F-CA52-4D3E-9915-9D90ED80171B}\452554E444E65647: NameServer = 8.8.8.8,8.8.4.4TCP: Interfaces\{F451319F-CA52-4D3E-9915-9D90ED80171B}\D4B46502237383: NameServer = 8.8.8.8,8.8.4.4TCP: Interfaces\{F451319F-CA52-4D3E-9915-9D90ED80171B}\D4F6F6275684F6D65623031323: NameServer = 8.8.8.8,8.8.4.4 - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file)AddRemove-Coupon Printer for Windows5.0.0.1 - C:\Program Files (x86)\Coupons\uninstall.exe
- February 21, 2014
- 20 replies
May be Infected

fujymo replied to fujymo's topic in Resolved Malware Removal Logs

Gringo, Finally ran and here is the log. ComboFix 14-02-20.01 - Kim 02/21/2014 13:56:45.1.2 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.2510 [GMT -5:00]Running from: c:\users\Kim\Downloads\ComboFix.exeAV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\Microsoft\Windows\DRM\B4E8.tmpc:\programdata\Microsoft\Windows\DRM\CCB6.tmpc:\users\Kim\videos\JavaSetup6u23.exec:\users\Kim\videos\mbam-setup.exec:\windows\wininit.ini..((((((((((((((((((((((((( Files Created from 2014-01-21 to 2014-02-21 )))))))))))))))))))))))))))))))..2014-02-21 19:08 . 2014-02-21 19:08 -------- d-----w- c:\users\Default\AppData\Local\temp2014-02-21 19:08 . 2014-02-21 19:08 -------- d-----w- c:\users\dad\AppData\Local\temp2014-02-21 16:21 . 2014-02-21 16:21 -------- d-----w- c:\windows\ERUNT2014-02-21 16:10 . 2014-02-21 16:13 -------- d-----w- C:\AdwCleaner2014-02-12 00:38 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll2014-02-12 00:38 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll2014-02-11 18:56 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll2014-02-08 17:57 . 2014-02-08 17:58 -------- d-----w- c:\programdata\FitbitConnect2014-02-08 17:57 . 2014-02-08 17:58 -------- d-----w- c:\program files (x86)\Fitbit Connect2014-02-07 16:36 . 2014-02-07 16:36 -------- d-----w- c:\program files (x86)\ESET...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-02-21 18:43 . 2012-08-30 19:39 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-02-21 18:43 . 2011-11-10 11:19 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-02-16 14:42 . 2010-02-23 01:01 88567024 ----a-w- c:\windows\system32\MRT.exe2013-12-09 08:26 . 2013-12-09 08:26 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2013-12-09 08:26 . 2013-12-09 08:26 194048 ----a-w- c:\windows\SysWow64\elshyph.dll2013-12-09 08:26 . 2013-12-09 08:26 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2013-12-09 08:26 . 2013-12-09 08:26 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll2013-12-09 08:26 . 2013-12-09 08:26 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll2013-12-09 08:26 . 2013-12-09 08:26 235008 ----a-w- c:\windows\system32\elshyph.dll2013-12-09 08:26 . 2013-12-09 08:26 182272 ----a-w- c:\windows\SysWow64\msls31.dll2013-12-09 08:26 . 2013-12-09 08:26 62464 ----a-w- c:\windows\SysWow64\tdc.ocx2013-12-09 08:26 . 2013-12-09 08:26 337408 ----a-w- c:\windows\SysWow64\html.iec2013-12-09 08:26 . 2013-12-09 08:26 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll2013-12-09 08:26 . 2013-12-09 08:26 151552 ----a-w- c:\windows\SysWow64\iexpress.exe2013-12-09 08:26 . 2013-12-09 08:26 139264 ----a-w- c:\windows\SysWow64\wextract.exe2013-12-09 08:26 . 2013-12-09 08:26 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll2013-12-09 08:26 . 2013-12-09 08:26 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll2013-12-09 08:26 . 2013-12-09 08:26 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2013-12-09 08:26 . 2013-12-09 08:26 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll2013-12-09 08:26 . 2013-12-09 08:26 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2013-12-09 08:26 . 2013-12-09 08:26 36352 ----a-w- c:\windows\SysWow64\imgutil.dll2013-12-09 08:26 . 2013-12-09 08:26 13312 ----a-w- c:\windows\SysWow64\mshta.exe2013-12-09 08:26 . 2013-12-09 08:26 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2013-12-09 08:26 . 2013-12-09 08:26 942592 ----a-w- c:\windows\system32\jsIntl.dll2013-12-09 08:26 . 2013-12-09 08:26 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-12-09 08:26 . 2013-12-09 08:26 247808 ----a-w- c:\windows\system32\msls31.dll2013-12-09 08:26 . 2013-12-09 08:26 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2013-12-09 08:26 . 2013-12-09 08:26 52224 ----a-w- c:\windows\system32\msfeedsbs.dll2013-12-09 08:26 . 2013-12-09 08:26 48640 ----a-w- c:\windows\system32\mshtmler.dll2013-12-09 08:26 . 2013-12-09 08:26 13312 ----a-w- c:\windows\system32\msfeedssync.exe2013-12-09 08:26 . 2013-12-09 08:26 131072 ----a-w- c:\windows\system32\IEAdvpack.dll2013-12-09 08:26 . 2013-12-09 08:26 105984 ----a-w- c:\windows\system32\iesysprep.dll2013-12-09 08:26 . 2013-12-09 08:26 84992 ----a-w- c:\windows\system32\mshtmled.dll2013-12-09 08:26 . 2013-12-09 08:26 81408 ----a-w- c:\windows\system32\icardie.dll2013-12-09 08:26 . 2013-12-09 08:26 77312 ----a-w- c:\windows\system32\tdc.ocx2013-12-09 08:26 . 2013-12-09 08:26 616104 ----a-w- c:\windows\system32\ieapfltr.dat2013-12-09 08:26 . 2013-12-09 08:26 453120 ----a-w- c:\windows\system32\dxtmsft.dll2013-12-09 08:26 . 2013-12-09 08:26 413696 ----a-w- c:\windows\system32\html.iec2013-12-09 08:26 . 2013-12-09 08:26 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll2013-12-09 08:26 . 2013-12-09 08:26 30208 ----a-w- c:\windows\system32\licmgr10.dll2013-12-09 08:26 . 2013-12-09 08:26 296960 ----a-w- c:\windows\system32\dxtrans.dll2013-12-09 08:26 . 2013-12-09 08:26 263376 ----a-w- c:\windows\system32\iedkcs32.dll2013-12-09 08:26 . 2013-12-09 08:26 243200 ----a-w- c:\windows\system32\webcheck.dll2013-12-09 08:26 . 2013-12-09 08:26 235520 ----a-w- c:\windows\system32\url.dll2013-12-09 08:26 . 2013-12-09 08:26 167424 ----a-w- c:\windows\system32\iexpress.exe2013-12-09 08:26 . 2013-12-09 08:26 143872 ----a-w- c:\windows\system32\wextract.exe2013-12-09 08:26 . 2013-12-09 08:26 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll2013-12-09 08:26 . 2013-12-09 08:26 101376 ----a-w- c:\windows\system32\inseng.dll2013-12-09 08:26 . 2013-12-09 08:26 83968 ----a-w- c:\windows\system32\MshtmlDac.dll2013-12-09 08:26 . 2013-12-09 08:26 774144 ----a-w- c:\windows\system32\jscript.dll2013-12-09 08:26 . 2013-12-09 08:26 62464 ----a-w- c:\windows\system32\pngfilt.dll2013-12-09 08:26 . 2013-12-09 08:26 48128 ----a-w- c:\windows\system32\imgutil.dll2013-12-09 08:26 . 2013-12-09 08:26 147968 ----a-w- c:\windows\system32\occache.dll2013-12-09 08:26 . 2013-12-09 08:26 13824 ----a-w- c:\windows\system32\mshta.exe2013-12-09 08:26 . 2013-12-09 08:26 135680 ----a-w- c:\windows\system32\iepeers.dll2013-11-27 01:41 . 2014-01-15 12:47 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2013-11-27 01:41 . 2014-01-15 12:47 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2013-11-27 01:41 . 2014-01-15 12:47 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys2013-11-27 01:41 . 2014-01-15 12:47 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2013-11-27 01:41 . 2014-01-15 12:47 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2013-11-27 01:41 . 2014-01-15 12:47 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2013-11-27 01:41 . 2014-01-15 12:47 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2013-11-26 11:40 . 2014-01-15 12:47 376768 ----a-w- c:\windows\system32\drivers\netio.sys2013-11-26 10:32 . 2014-01-15 12:47 3156480 ----a-w- c:\windows\system32\win32k.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{311B58DC-A4DC-4B04-B1B5-60299AD3D803}"= "c:\users\Kim\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll" [2013-01-29 2572664].[HKEY_CLASSES_ROOT\clsid\{311b58dc-a4dc-4b04-b1b5-60299ad3d803}][HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome.3][HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}][HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]"Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2014-01-10 3362336].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256]"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [2009-07-24 240112]"CPMonitor"="c:\program files (x86)\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464]"Desktop Disc Tool"="c:\program files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-23 494064]"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-26 619008]"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-06 195072]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"ShopAtHomeWatcher"="c:\users\Kim\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe" [2013-01-29 119672]"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 1273448]"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-03-26 449168]"Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2014-01-10 3362336].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA&inst=NwA3AC0ANAAyADYANgAyADIAMgA5ADcALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAEYAOQBNACsAMQAtAEYAOQBNADcAQQArADUALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADQA∏=90&ver=9.0.872" [?].c:\users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk - c:\users\Kim\AppData\Local\Autobahn\nexdef.exe [2011-8-11 15490560]OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 CouponXplorer_5zService;CouponXplorerService;c:\progra~2\COUPON~2\bar\1.bin\5zbarsvc.exe;c:\progra~2\COUPON~2\bar\1.bin\5zbarsvc.exe [x]R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]R3 RoxMediaDB12;RoxMediaDB12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\0404000.00C\SYMDS64.SYS [x]S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\0404000.00C\SYMEFA64.SYS [x]S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20140214.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [x]S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\0404000.00C\ccHPx64.sys [x]S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20140220.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20140220.001\IDSvia64.sys [x]S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\0404000.00C\Ironx64.SYS [x]S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [x]S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [x]S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]S2 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x]S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [x]S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe;c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe [x]S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\rselect\RSelSvc.exe;c:\program files\TOSHIBA\rselect\RSelSvc.exe [x]S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8187B.sys [x]S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-02-21 05:05 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-02-21 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-30 18:43].2014-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 21:19].2014-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-09 21:19]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2008-09-25 195080]"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 709976].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localuSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.comIE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105Trusted Zone: cinemanow.comTrusted Zone: qflix.comTrusted Zone: roxio.comTrusted Zone: sonic.com\redirectTrusted Zone: sonic.com\redirect2TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1TCP: Interfaces\{F451319F-CA52-4D3E-9915-9D90ED80171B}: NameServer = 8.8.8.8,8.8.4.4TCP: Interfaces\{F451319F-CA52-4D3E-9915-9D90ED80171B}\3464340275962756C6563737: NameServer = 8.8.8.8,8.8.4.4TCP: Interfaces\{F451319F-CA52-4D3E-9915-9D90ED80171B}\452554E444E65647: NameServer = 8.8.8.8,8.8.4.4TCP: Interfaces\{F451319F-CA52-4D3E-9915-9D90ED80171B}\D4B46502237383: NameServer = 8.8.8.8,8.8.4.4TCP: Interfaces\{F451319F-CA52-4D3E-9915-9D90ED80171B}\D4F6F6275684F6D65623031323: NameServer = 8.8.8.8,8.8.4.4.- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - (no file)Toolbar-Locked - (no file)Toolbar-{65c72339-fb1d-4155-84e1-9afacee02d6f} - c:\program files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dllWow6432Node-HKCU-Run-swg - c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeWow6432Node-HKCU-Run-CrashDumps - c:\users\Kim\AppData\Local\Facebook\CrashDumps\htgfrawqc.dllSafeBoot-12776421.sysHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)WebBrowser-{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3} - (no file)HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exeHKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXEHKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exeHKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exeHKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exeHKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exeHKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exeHKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exeHKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exeAddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files (x86)\Coupons\uninstall.exe...[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2631828835-1692535062-918339071-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1".[HKEY_USERS\S-1-5-21-2631828835-1692535062-918339071-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000"MSCurrentCountry"=dword:000000b5.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-02-21 14:11:42ComboFix-quarantined-files.txt 2014-02-21 19:11.Pre-Run: 223,048,683,520 bytes freePost-Run: 222,755,631,104 bytes free.- - End Of File - - 7F12FDBC98C91AE52F8436837590234D5B5E648D12FCADC244C1EC30318E1EB9
- February 21, 2014
- 20 replies
May be Infected

fujymo replied to fujymo's topic in Resolved Malware Removal Logs

I have restarted the computer 5 times and Norton has been disabled each time, tried running as an administrator. It gets all the way through extraction and just before the end the computer dings and the program appears to shutdown.
- February 21, 2014
- 20 replies
May be Infected

fujymo replied to fujymo's topic in Resolved Malware Removal Logs

I am in the process of running combofix--not sure what it is doing at this time. It extracted and appeared to begin then I got a popup that said c:\program files\toshiba HDD SDD Alert\TosSENotify.Exe Illegal Operation attempted on a registry key that has been marked for deletion. Then ComboFix appeared to shut down. I do not see any program that appears to be running, unless it is running in the background.
- February 21, 2014
- 20 replies
May be Infected

fujymo replied to fujymo's topic in Resolved Malware Removal Logs

Gringo. Forgot to put how we are running. Much better--still appears a little slow and I get a run dll error on start up with a problem starting ...appdata/loacal/facebook/crashdumps/htgfrawgc.dll Specific module cannot be found. Thanks
- February 21, 2014
- 20 replies
May be Infected

fujymo replied to fujymo's topic in Resolved Malware Removal Logs

Thanks Gringo for the help. Here are the logs you requested. # AdwCleaner v3.019 - Report created 21/02/2014 at 11:12:59# Updated 17/02/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Kim - KIM-PC# Running from : C:\Users\Kim\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\AskFolder Deleted : C:\ProgramData\PartnerFolder Deleted : C:\Program Files (x86)\ConduitFolder Deleted : C:\Program Files (x86)\CouponXplorer_5zFolder Deleted : C:\Program Files (x86)\FilmFanaticEIFolder Deleted : C:\Program Files (x86)\Coupons.comFolder Deleted : C:\Users\Kim\AppData\Local\CouponXplorer_5zFolder Deleted : C:\Users\Kim\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Kim\AppData\LocalLow\CouponXplorer_5zFolder Deleted : C:\Users\Kim\AppData\LocalLow\iacFolder Deleted : C:\Users\Kim\AppData\LocalLow\Coupons.comFolder Deleted : C:\Users\dad\AppData\LocalLow\AskToolbarFolder Deleted : C:\Users\dad\AppData\LocalLow\ConduitFolder Deleted : C:\Users\dad\AppData\LocalLow\Coupons.com ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXEKey Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnablerKey Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtilsKey Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManagerKey Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManagerKey Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequestKey Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTaskKey Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelperKey Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifierKey Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImplKey Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManagerKey Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHookKey Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2399412Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2559647Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37153479-1976-43C3-A1EE-557513977B64}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B695AD7-F21E-4A85-A54A-79B270068E0C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37153479-1976-43C3-A1EE-557513977B64}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37153479-1976-43C3-A1EE-557513977B64}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B695AD7-F21E-4A85-A54A-79B270068E0C}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37153479-1976-43C3-A1EE-557513977B64}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B695AD7-F21E-4A85-A54A-79B270068E0C}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9D6712BB-D50E-49CB-A5B3-18F2A47DC117}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{37153479-1976-43C3-A1EE-557513977B64}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{37153479-1976-43C3-A1EE-557513977B64}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{9B138BF3-1D40-4E7E-84BB-2975198AD938}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{37153479-1976-43C3-A1EE-557513977B64}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{37153479-1976-43C3-A1EE-557513977B64}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}Key Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKCU\Software\AppDataLow\ToolbarKey Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\ToolbarKey Deleted : HKCU\Software\AppDataLow\Software\Coupons.comKey Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\Coupons.comKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupons.com Toolbar ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16518 -\\ Mozilla Firefox v [ File : C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\zqm59rzq.default\prefs.js ] Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");Line Deleted : user_pref("browser.search.order.1", "Ask.com");Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", ""); [ File : C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\z9aadgzf.default\prefs.js ] Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");Line Deleted : user_pref("browser.search.order.1", "Ask.com");Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", ""); -\\ Google Chrome v33.0.1750.117 [ File : C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [10259 octets] - [21/02/2014 11:10:32]AdwCleaner[s0].txt - [10225 octets] - [21/02/2014 11:12:59] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10286 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.2 (02.20.2014:1)OS: Windows 7 Home Premium x64Ran by Kim on 02/21/2014 at 11:21:16.89~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B? Value Name Type Value Data ======================================================================================== CrashDumps REG_SZ rundll32.exe "C:\Users\Kim\AppData\Local\Facebook\CrashDumps\htgfrawqc.dll",RANDOMW ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{44DDC005-AE20-4611-A308-9172622B3BC2}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6C00FB5F-A002-4966-8B3E-DC1A46DD1E2B}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66516A07-F617-488A-90CF-4E690CFB3C5F} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{00DDF4D9-9888-46DC-B371-C30DA4A6C6D4}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{01756F7C-604B-40CD-86B3-2E4BA58A8339}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{026574B3-D59B-4CC4-9A54-DFAFC137837B}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{02F0E377-5D69-4BD9-96A6-3AC1105BC8DD}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{058D3D9A-AEFF-40E4-8A20-35E2D5794950}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{0677658A-9A6F-442C-B800-6DE8E6D561B0}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{070A463B-25EB-477E-9EB9-C155205B387D}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{08585E50-C25A-46DA-BF0C-FE345B90FC68}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{08B0951B-9950-43B1-B736-5DF2A4B37D57}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{09EC1E75-6707-4FD3-8CEF-F16AE6B1C2FB}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{0B43A1E1-EA53-415C-BC17-164B10535FF5}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{0C1D1171-4B78-44A2-9A81-53AC97301EC4}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{0E1ECBDC-CB28-45C3-A4A0-5A628398D2DA}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{1126A652-1C27-4ACD-B07C-363B2ABB9236}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{12FCCFF5-D149-4339-95F5-AE802DB9B5CF}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{134CDF6D-D450-4E6D-B2C5-41F8C0495B82}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{13E9C5FF-081A-4787-B0E2-92EAEED94FBE}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{14794FA0-2AA3-46A4-8E3A-DBBB68EF7D26}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{1525A95F-CA0B-47D4-B944-80F4F35EB418}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{15AFA679-FFBA-4C51-A774-40C343BA14E2}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{15D51AEB-41B1-408C-97FA-107A9B8072A0}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{16E2ECDC-00D6-4A5B-B89C-CA6D484744FF}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{17AFA405-405F-4960-ABC1-3BBB0593FE00}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{186299BE-8EB0-4203-B369-EAC6E2A302D1}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{1BC169AF-379F-4771-98DD-EC6E01AD8048}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{1C1D99D0-39A7-4F53-AD8E-BB7D9A394E76}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{1C9D4750-F4CA-4314-B983-852E83A55B39}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{1CB7F091-E708-4A8D-BA77-8D115AA1437A}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{1EEA680F-7CA6-4791-A9B2-26B50C87BC46}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{226B1EAD-20D4-4F09-BFB4-B335D966A5D0}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{22EDC4AB-7B5E-4A3A-85C4-A0DA60F67F36}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{2355DFEF-D579-460C-9C20-01D5A51974FC}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{248BC111-BBFE-403E-A8FD-5DD6F56CCD8F}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{25F1DB50-DF05-49F5-AFCD-40C1491D4FF1}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{268F6A11-5927-45BC-A25F-0A45E2E07816}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{26F5CA08-1886-4BA2-8815-A0687E6725F9}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{27948639-5A00-4775-A10F-002CCDEBF8E4}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{2A44D11F-BA97-458B-B9A0-25B3CB1E672A}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{2A583B6C-975A-4857-9E0D-EF052B49DD01}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{2C0D34E9-6BFB-4869-9264-D50BA8828F14}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{2C18EFE7-5499-4473-98B1-FF247F7762CB}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{2CACD857-9840-4F50-8E2B-43916FDCBE02}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{2D906181-8A65-4BB0-8E94-B58EC822B0BD}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{2F5CADE5-2BA8-46DC-9CDC-2D383092E24E}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{313720E1-FF3A-477F-95E8-51AB80093291}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{33699AD7-21BA-4118-88E0-2D10FA5EC9D1}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{342B232F-3467-4A68-99F0-137C421BE84A}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{37954A17-8BFA-430E-A7A8-0F110186C4DB}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{395A0DC0-2100-4C8F-8A46-BC00D701CC3D}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{3971C576-8C95-4564-98CD-D341F762C57E}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{3EAAD94C-84A0-4322-91CF-C14A16A5D876}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{3ECBBAEA-9688-40AE-98FB-9EA9AFDCED00}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{40338CB5-498F-44DE-8A0B-D9CEF73049A3}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{43860186-A77B-4554-B013-E6F1A0B5AD82}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{4495A2A2-50E8-4DD4-B812-E9282D87A94A}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{47B6C439-2E8E-45B5-A7A3-1ACA77E86EE0}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{48AB36D1-9644-4E53-BCAD-7BD3214454EF}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{497DD88D-9B5D-4D7F-B7A6-4929F63B6FCE}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{4AF17E69-E191-4D8C-AA8C-98F3F25E895D}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{4C9E9E50-BB5C-4250-9D3B-70F1C86612CF}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{4DEDD077-6269-4634-A911-A92BE6934575}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{4EE6E81A-EB40-4266-A223-405A4114CCA6}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{4F009876-7D33-43D6-B007-E73269CF50C1}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{5097F0DF-01C0-448A-9108-2E0D4E7BE6A2}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{51A62B47-271D-4D09-99EF-81B22361C526}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{5458D2FF-CEBE-4C12-967A-020CC1940321}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{54E88A9E-2EF5-455F-AFA4-999C657DFCE1}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{56B5D5CD-C99F-41A3-B771-B43F1714296E}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{584112C2-2A94-4411-980A-DFC5A45D0428}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{597E4B0B-CD0A-4962-8B54-DD0AC1123156}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{59ABA167-D55B-41AC-900A-3A4947A0B528}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{5AE0EB1D-1471-4429-90BB-66D833A09AAF}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{5C65F17F-E8E8-4830-B50B-4E0754FE7979}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{5C8956A7-9128-44DD-BBEE-0FFFACD13340}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{5FE06301-FE23-4314-8E10-D74D2E891C14}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{60866F5D-BA80-4430-BE0A-51B1A5354098}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{61B256FD-051A-4E57-8362-7D906EB5278D}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{62157B66-8E44-49C6-B317-11EF47C3D39F}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{638C727B-4C49-47D8-A85A-C338E103F7AF}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{63CFE2F3-65F4-426E-81B5-456CC4B464DD}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{67668E6D-A89E-42A0-A02F-BF3B389FFF0F}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{67ECF79F-902D-48CD-A5CF-5DA6BE0C865C}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{68620F6E-04B1-4695-AB35-8CCE85A9D975}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{6891F775-0BDE-4473-9B1C-2D610B1E2784}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{69990F57-2649-4BF6-8E04-380FF9E09857}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{6C0DFC09-94AD-44F3-9B77-8932DBDAE955}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{6E91943A-95BD-4189-81ED-BDA477B69CF7}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{6FC199BE-2A36-4578-9F08-B0A3845DF3EB}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{7121B5F9-2EFD-48A4-A6F2-593FBF476ADD}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{71329BBE-AAD8-42B3-9385-C7BB23D9C0C4}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{71E01698-D6A8-4D2B-9989-C9768E3ACFED}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{73BEB2B5-24B6-4ACA-B1D6-E6D4414EFFE9}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{747DB418-9270-4EB5-8E7C-866384715EF6}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{74EC6E92-F6F5-46D1-A595-5DFF304E7675}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{76D7348D-2CA6-417C-BB02-695F4389F5CE}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{77A19BD5-95DB-4B27-A44A-166EF42C9FC5}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{77CE5A68-781E-4EF3-A196-AB164392876C}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{78E5D37A-2316-4D8B-AE75-BBE7A194085F}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{79F5C870-17FA-4A08-B9D8-8C7DE937FB79}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{7BACC170-B575-44E2-8984-636761D1BAE2}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{7D64D215-0454-4D41-8A1D-41AC10E9E5F6}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{7F381C22-BD10-4A08-8FEB-EC33FD1C193D}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{8090CCEA-C2EF-49B6-972B-986D65D1AC79}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{81F9077B-A755-42CF-885B-421C9CE0BD3F}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{83836171-D0EF-4ED9-8C5A-5FEB28A7246E}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{839E5880-2DA4-48C3-94B4-936049CAC30D}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{886E39B5-6AB3-48BE-9E5F-366268ECBCF7}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{89EEC2CE-3428-4433-8308-736DB99E35F3}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{8A75F8BD-FB5F-4F47-8302-A7FBA7F123B6}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{8B9A8120-E3E8-4BD4-8ED3-959E613D2C76}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{8CBBC40A-A9C4-41C8-A824-A68889F3AE76}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{8F34EEF9-4FD7-4E15-8EB9-80A9AD93BF6F}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{90D757B7-2B78-47FB-A2D8-D4E8F263A311}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{90F80769-24D7-4F45-9EF9-53085AD66DD8}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{91235EC4-6725-4A19-A797-3620AA12AD6B}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{912BEE32-07ED-4283-9EA0-D824AB6628A3}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{963B958F-6E88-41DA-9AFA-5D884FE40DF7}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{974D79AF-B952-478C-962E-4D4C9CEC1A92}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{97C96C75-4A7A-4B67-BCD0-9CAC2489F7B8}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{9819DEE6-0B24-427A-91B1-25222900113D}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{99B9662B-4817-4382-A2F5-FB4558BD8041}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{99C8B257-33CF-4AE5-9216-77C1545C9EE9}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{9A747EC2-53B1-49B8-B94A-DEE682CAF0CE}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{9D6AA82C-BE31-47C9-8688-9DEA884C15EE}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{9D70C2F6-4155-4D58-83D1-98F742A92DF2}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{9DE71FF4-0778-431C-99E8-0FE7F7E313A9}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{9E6F5EF8-05EC-48E0-8C29-3FC1725CBF4E}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{A37369E0-4EAB-451A-8740-004659B9737C}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{A39A39EC-EA0B-49E5-A149-BE71C6E87DA5}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{A718F481-1D70-4307-A757-EC0D6C711FE2}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{A782A2A6-0FA6-4412-89BC-87FFB4591912}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{A7B72D20-566C-4533-9D48-744EB0DA441C}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{A89612BB-B037-449E-A15B-EE6E6241B52C}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{AA6F76BA-7BFD-4D1F-BDDB-84D8B930EA32}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{AAB469B1-16A0-4E40-AB4A-71F41945D127}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{ACDBCA7A-648A-4EE2-8B8C-6D15B22750D2}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{ADFB0DE2-D5E3-473E-AB3C-FF5708CE47E3}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{AE6ED557-5BF9-4712-BF8A-CA65397EE68A}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{AFBC4563-F5CF-41E6-8D7D-705F6990A7DA}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{B01530E7-FA46-4D7B-8D54-CFE4B4416078}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{B0598F06-4D40-4EFF-95AD-1C61B31BFB99}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{B0A6FE72-A143-450B-A6B3-935B7B8F7E09}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{B0F35E39-1FB2-45A4-9FBE-805D411646B7}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{B3C3D231-D782-40BE-8B4D-4804E1D383E8}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{B4307601-D99F-4E81-9D58-3BDBF10082C5}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{B4B6503E-7E53-45CB-9CAF-D20A70DEF6DE}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{B78D7B38-E7D0-49BA-B6D5-64C70B3F757E}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{B852D2C5-B167-4644-BEE7-840F750554C0}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{B9A85D98-A7C0-4CA8-B03B-A9A0680BE063}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{BA075013-D3E7-46AA-971A-6EFA9D10592E}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{BA1514F1-3E18-46DB-9A30-4058EC6E7BD0}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{BA2E5B68-4D77-4C4D-A71C-111B511CEA1F}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{BA80C5C1-4525-4392-8322-637EDF48C271}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{BB087E49-88CB-4BA0-A57C-A78C0E148244}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{C171DE03-A9C5-460C-BDED-A2994064FA3A}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{C1D0D627-685B-4EA0-B014-88AB6AC4FE8F}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{C2FED564-DE5B-4429-9D18-C5FBAE1E3F88}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{C324C686-1353-4505-AD56-439968E9A8D9}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{C44797EB-6E85-4550-8A39-222D6E70725E}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{C51308B2-0BF9-443F-8C1A-A4578484C612}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{C93329F4-60F7-4789-8772-995DC55745CC}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{C9E1500D-1A5D-4313-BEEA-DE373BD6C7FD}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{CA2579BE-B798-4ABC-83A4-028C654593EF}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{CAAADDEC-61E4-46D5-B2B4-5A52D5275637}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{CC4AA9EF-61B7-4B4B-84DD-B0EDD580FBFB}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{CC4F898E-6F73-45F4-AD92-9762337F6F10}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{CE077B5C-B4DB-408A-8400-4F7F61E6D5F6}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{CEF8F6DE-3905-4E08-AC01-DA30181D5B8A}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{D1811770-7147-4B18-B3F1-CFFF8412FCA5}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{D1A0C99C-0FC6-455A-B0C5-A7F88557E032}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{D29BF5BE-5861-4D86-A250-567F3FFF5AFC}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{D2A6CC77-6390-4EF7-BF72-E82AC45D2B14}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{D2EC1564-502B-42DF-BA91-AF45B09E6E9E}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{D31A148F-C82D-4FAB-BCEA-5D27275AD132}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{D4E71DD7-A844-4E3B-832E-D495C6D1ABB1}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{D4F40000-2E5F-4D3A-8764-7683CD013DC3}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{D5FFFABA-5896-4CD9-938E-93F7396673D5}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{D707F981-4C61-4D60-8405-407EC5E0DD7E}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{D73F98E1-B216-40AD-8491-C0DECF9F0C1E}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{DA448C35-B5F5-40FA-8856-94A699A3812D}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{DA8AF24A-DF53-42F7-A8F8-D0C9C17B08ED}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{DB29AC9E-5F51-4084-BED6-C8D87BD9086B}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{DBECDC6A-E69E-4D04-8072-6B2A3EA9C2BA}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{DC3FEA39-8EBB-4C7D-B650-6DF2334744A0}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{DCDB834F-5A5D-4163-B23A-86D025F99841}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{DEC1BDD7-EE92-4232-82FC-64BB41CE49D9}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{DFEDD8C8-BA5D-4BA6-B984-BD4C796ABCDF}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{E19250FD-D888-4FA7-9534-3339DFC2F2FB}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{E27054B6-5377-4738-AAA5-3FE7C72EDC78}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{E31B9B0B-9A0C-4F17-88FE-CF7BCA8A0BE3}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{E34F5115-6448-4DFE-BCDB-680604DB674F}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{E55DD8A0-2FC6-4105-AD8E-9603C90F5FE1}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{E692D8ED-31C6-408C-A3B8-56F007D8D450}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{E7406119-C035-46F6-8D3E-5D1A40154073}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{E81C005C-E79E-486B-99ED-F416C6AB2A3C}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{E9086FBD-2A87-4124-9F2D-9FEE7D03FAB6}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{E9F1E45F-63B0-43A6-B0F2-DD654D752C75}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{EAA3EA05-EE87-49C0-A9AC-08976EB43910}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{ED22B7FF-2AD3-48CB-BDC0-8D39FED31DC3}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{F0E2D57D-D1E8-4810-99ED-C1EDED4D0BA1}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{F1DE6540-498C-4EFC-BC38-478FB0F4551D}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{F1FF4097-92F8-4064-89A2-6BFEA81E53F9}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{F214FF5A-C39F-4D27-A4AB-9CF502B349C2}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{F2868C6D-856C-4DE7-9386-0E69B0578683}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{F7977A77-2B9F-479C-9EA0-C618A0362220}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{F80B0193-96B2-499A-980A-D7D2ACE670B8}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{F83BFDEF-69F7-41ED-BBFD-BEAFF38BB47E}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{FA6318BD-4475-412C-86F2-E49562EB334A}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{FA73C1D1-B69E-4CA9-90D4-DD6E5E4370E9}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{FC59E102-10B3-4CC5-B96A-251204EB6D6D}Successfully deleted: [Empty Folder] C:\Users\Kim\appdata\local\{FF85B938-1719-4C16-873F-9E9E0AB80CEC} ~~~ Chrome Dumping contents of C:\Users\Kim\appdata\local\Google\Chrome\User Data\Default\DefaultC:\Users\Kim\appdata\local\Google\Chrome\User Data\Default\Default\aadadiggdhgggcgbdddadegddeggggdfC:\Users\Kim\appdata\local\Google\Chrome\User Data\Default\Default\aadadiggdhgggcgbdddadegddeggggdf\manifest.json Successfully deleted: [Folder] C:\Users\Kim\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 02/21/2014 at 11:56:58.41End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- February 21, 2014
- 20 replies
May be Infected

fujymo posted a topic in Resolved Malware Removal Logs

Hello, This is the wife's computer and she in saying the computer is very slow and has random popups. I ran malwarebytes, and ESET online and have the ESET log if needed. Eset had about 10 things including Conduit. Attached are the requested logs. Thanks, Dean DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.7.2Run by Kim at 9:22:31 on 2014-02-21Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.1820 [GMT -5:00].AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exeC:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exeC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exeC:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXEC:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exeC:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exeC:\windows\system32\svchost.exe -k imgsvcC:\Windows\system32\TODDSrv.exeC:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exeC:\Program Files\TOSHIBA\TECO\TecoService.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\windows\system32\SearchIndexer.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exeC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\LSI SoftModem\agr64svc.exeC:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exeC:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exeC:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exeC:\Program Files\TOSHIBA\rselect\RSelSvc.exeC:\windows\system32\taskhost.exeC:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exeC:\windows\system32\Dwm.exeC:\windows\Explorer.EXEC:\Windows\System32\igfxtray.exeC:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exeC:\windows\system32\igfxsrvc.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\TOSHIBA\Power Saver\TPwrMain.exeC:\Program Files\TOSHIBA\SmoothView\SmoothView.exeC:\Program Files\TOSHIBA\FlashCards\TCrdMain.exeC:\Program Files\ltmoh\ltmoh.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files\TOSHIBA\TECO\Teco.exeC:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exeC:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exeC:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exeC:\windows\system32\igfxext.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exeC:\Users\Kim\AppData\Local\Autobahn\nexdef.exeC:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXEC:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exeC:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeC:\Program Files (x86)\Common Files\PX Storage Engine\VxBlockServer.exeC:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.acC:\Users\Kim\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exeC:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exeC:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exeC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Users\Kim\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exeC:\Users\Kim\AppData\Local\Temp\nss60CE.tmp\PEV.DATC:\Program Files (x86)\Internet Explorer\IELowutil.exeC:\windows\System32\svchost.exe -k WerSvcGroupC:\windows\system32\taskmgr.exeC:\windows\system32\SearchProtocolHost.exeC:\windows\system32\SearchFilterHost.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.htmluSearch Page = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.comuSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.comuURLSearchHooks: {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - <orphaned>uURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - uURLSearchHooks: <No Name>: {9b138bf3-1d40-4e7e-84bb-2975198ad938} - mURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - mWinlogon: Userinit = userinit.exe,BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dllBHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dllBHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dllBHO: ShopAtHome.com Cash Back Helper: {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\Kim\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dllBHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ipsbho.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dllTB: Coupons.com Toolbar: {37153479-1976-43C3-A1EE-557513977B64} - TB: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Kim\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dllTB: CouponXplorer: {65C72339-FB1D-4155-84E1-9AFACEE02D6F} - TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dllTB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - TB: CouponXplorer: {65c72339-fb1d-4155-84e1-9afacee02d6f} - TB: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Kim\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dllTB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dlluRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgrounduRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeuRun: [CrashDumps] rundll32.exe "C:\Users\Kim\AppData\Local\Facebook\CrashDumps\htgfrawqc.dll",RANDOMWuRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorunmRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorunmRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDEDmRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"mRun: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe"mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesmRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -smRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exemRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [shopAtHomeWatcher] C:\Users\Kim\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exemRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logonmRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCEmRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorunmRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAAyADYANgAyADIAMgA5ADcALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAEYAOQBNACsAMQAtAEYAOQBNADcAQQArADUALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADQA"&"prod=90"&"ver=9.0.872StartupFolder: C:\Users\Kim\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NEXDEF~1.LNK - C:\Users\Kim\AppData\Local\Autobahn\nexdef.exeStartupFolder: C:\Users\Kim\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXEmPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1TCP: Interfaces\{F451319F-CA52-4D3E-9915-9D90ED80171B} : NameServer = 8.8.8.8,8.8.4.4TCP: Interfaces\{F451319F-CA52-4D3E-9915-9D90ED80171B} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1TCP: Interfaces\{F451319F-CA52-4D3E-9915-9D90ED80171B}\3464340275962756C6563737 : NameServer = 8.8.8.8,8.8.4.4TCP: Interfaces\{F451319F-CA52-4D3E-9915-9D90ED80171B}\3464340275962756C6563737 : DHCPNameServer = 192.168.10.1TCP: Interfaces\{F451319F-CA52-4D3E-9915-9D90ED80171B}\452554E444E65647 : NameServer = 8.8.8.8,8.8.4.4TCP: Interfaces\{F451319F-CA52-4D3E-9915-9D90ED80171B}\452554E444E65647 : DHCPNameServer = 192.168.10.1TCP: Interfaces\{F451319F-CA52-4D3E-9915-9D90ED80171B}\D4B46502237383 : NameServer = 8.8.8.8,8.8.4.4TCP: Interfaces\{F451319F-CA52-4D3E-9915-9D90ED80171B}\D4F6F6275684F6D65623031323 : NameServer = 8.8.8.8,8.8.4.4TCP: Interfaces\{F451319F-CA52-4D3E-9915-9D90ED80171B}\D4F6F6275684F6D65623031323 : DHCPNameServer = 192.168.2.1 192.168.1.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - x64-Run: [igfxTray] C:\windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exex64-Run: [Persistence] C:\windows\System32\igfxpers.exex64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exex64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXEx64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exex64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exex64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exex64-Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exex64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /rx64-Run: [smartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exex64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exex64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exex64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exex64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.============= SERVICES / DRIVERS ===============.R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2010-2-22 55280]R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\N360x64\0404000.00C\symds64.sys [2011-10-31 433200]R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\N360x64\0404000.00C\symefa64.sys [2011-10-31 221304]R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2010-1-12 482384]R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [2014-2-18 1526488]R1 ccHP;Symantec Hash Provider;C:\windows\System32\drivers\N360x64\0404000.00C\cchpx64.sys [2011-10-31 593544]R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20140220.001\IDSviA64.sys [2014-2-20 521944]R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\N360x64\0404000.00C\ironx64.sys [2011-10-31 150064]R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\windows\System32\drivers\N360x64\0404000.00C\symtdiv.sys [2011-10-31 451704]R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2009-6-23 127352]R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2014-1-10 1435680]R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-8-26 91456]R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe [2011-10-31 126400]R2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-7-7 65904]R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-11 1153368]R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272]R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-22 137648]R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2010-1-12 9216]R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-1-12 35008]R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\windows\System32\drivers\RTL8187B.sys [2010-3-31 450048]R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-1-12 54136]R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-9-17 137560]R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 CouponXplorer_5zService;CouponXplorerService;C:\PROGRA~2\COUPON~2\bar\1.bin\5zbarsvc.exe --> C:\PROGRA~2\COUPON~2\bar\1.bin\5zbarsvc.exe [?]S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-7-24 219632]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]S3 BTCFilterService;USB Networking Driver Filter Service;C:\windows\System32\drivers\motfilt.sys [2009-1-29 6144]S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-8-1 48488]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-2-11 111616]S3 motccgp;Motorola USB Composite Device Driver;C:\windows\System32\drivers\motccgp.sys [2009-6-19 20992]S3 motccgpfl;MotCcgpFlService;C:\windows\System32\drivers\motccgpfl.sys [2009-1-29 9216]S3 Motousbnet;Motorola USB Networking Driver Service;C:\windows\System32\drivers\Motousbnet.sys [2010-4-1 26624]S3 motusbdevice;Motorola USB Dev Driver;C:\windows\System32\drivers\motusbdevice.sys [2010-1-25 10240]S3 RoxMediaDB12;RoxMediaDB12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-7-24 1116656]S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-5-19 59392]S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-4-3 1255736]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2014-02-16 16:58:46 -------- d-----w- C:\Users\Kim\AppData\Local\{D4F40000-2E5F-4D3A-8764-7683CD013DC3}2014-02-12 00:38:55 548864 ----a-w- C:\windows\System32\vbscript.dll2014-02-12 00:38:55 454656 ----a-w- C:\windows\SysWow64\vbscript.dll2014-02-11 18:56:47 1882112 ----a-w- C:\windows\System32\msxml3.dll2014-02-08 17:57:47 -------- d-----w- C:\ProgramData\FitbitConnect2014-02-08 17:57:47 -------- d-----w- C:\Program Files (x86)\Fitbit Connect2014-02-08 00:29:18 -------- d-----w- C:\Users\Kim\AppData\Local\{DA8AF24A-DF53-42F7-A8F8-D0C9C17B08ED}2014-02-07 16:36:30 -------- d-----w- C:\Program Files (x86)\ESET2014-02-07 03:13:20 -------- d-----w- C:\Users\Kim\AppData\Local\{D1A0C99C-0FC6-455A-B0C5-A7F88557E032}2014-01-27 06:19:11 -------- d-----w- C:\Users\Kim\AppData\Local\{1126A652-1C27-4ACD-B07C-363B2ABB9236}2014-01-25 00:20:00 -------- d-----w- C:\Users\Kim\AppData\Local\{584112C2-2A94-4411-980A-DFC5A45D0428}.==================== Find3M ====================.2014-02-06 11:30:46 2724864 ----a-w- C:\windows\System32\mshtml.tlb2014-02-06 11:30:12 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll2014-02-06 11:07:39 66048 ----a-w- C:\windows\System32\iesetup.dll2014-02-06 11:06:47 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll2014-02-06 10:49:03 139264 ----a-w- C:\windows\System32\ieUnatt.exe2014-02-06 10:48:45 111616 ----a-w- C:\windows\System32\ieetwcollector.exe2014-02-06 10:48:11 708608 ----a-w- C:\windows\System32\jscript9diag.dll2014-02-06 10:20:26 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb2014-02-06 10:11:37 5768704 ----a-w- C:\windows\System32\jscript9.dll2014-02-06 10:01:36 61952 ----a-w- C:\windows\SysWow64\iesetup.dll2014-02-06 10:00:46 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll2014-02-06 09:50:32 2041856 ----a-w- C:\windows\System32\inetcpl.cpl2014-02-06 09:47:22 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe2014-02-06 09:46:27 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll2014-02-06 09:25:36 4244480 ----a-w- C:\windows\SysWow64\jscript9.dll2014-02-06 09:24:52 2334208 ----a-w- C:\windows\System32\wininet.dll2014-02-06 09:09:30 1964032 ----a-w- C:\windows\SysWow64\inetcpl.cpl2014-02-06 08:41:35 1820160 ----a-w- C:\windows\SysWow64\wininet.dll2014-02-05 13:45:23 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-02-05 13:45:23 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe2013-12-24 23:09:41 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll2013-12-24 22:48:32 2565120 ----a-w- C:\windows\System32\d3d10warp.dll2013-12-06 02:30:08 2048 ----a-w- C:\windows\System32\msxml3r.dll2013-12-06 02:02:08 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll2013-12-06 02:02:08 1237504 ----a-w- C:\windows\SysWow64\msxml3.dll2013-12-04 02:27:33 485888 ----a-w- C:\windows\System32\secproc_isv.dll2013-12-04 02:27:33 123392 ----a-w- C:\windows\System32\secproc_ssp_isv.dll2013-12-04 02:27:33 123392 ----a-w- C:\windows\System32\secproc_ssp.dll2013-12-04 02:27:16 488448 ----a-w- C:\windows\System32\secproc.dll2013-12-04 02:26:32 528384 ----a-w- C:\windows\System32\msdrm.dll2013-12-04 02:16:51 658432 ----a-w- C:\windows\System32\RMActivate_isv.exe2013-12-04 02:16:51 626176 ----a-w- C:\windows\System32\RMActivate.exe2013-12-04 02:16:50 552960 ----a-w- C:\windows\System32\RMActivate_ssp_isv.exe2013-12-04 02:16:48 553984 ----a-w- C:\windows\System32\RMActivate_ssp.exe2013-12-04 02:03:20 87040 ----a-w- C:\windows\SysWow64\secproc_ssp_isv.dll2013-12-04 02:03:20 87040 ----a-w- C:\windows\SysWow64\secproc_ssp.dll2013-12-04 02:03:20 423936 ----a-w- C:\windows\SysWow64\secproc_isv.dll2013-12-04 02:03:08 428032 ----a-w- C:\windows\SysWow64\secproc.dll2013-12-04 02:02:06 390144 ----a-w- C:\windows\SysWow64\msdrm.dll2013-12-04 01:54:14 510976 ----a-w- C:\windows\SysWow64\RMActivate_ssp.exe2013-12-04 01:54:10 594944 ----a-w- C:\windows\SysWow64\RMActivate_isv.exe2013-12-04 01:54:09 572416 ----a-w- C:\windows\SysWow64\RMActivate.exe2013-12-04 01:54:06 508928 ----a-w- C:\windows\SysWow64\RMActivate_ssp_isv.exe2013-11-27 01:41:37 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys2013-11-27 01:41:15 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys2013-11-27 01:41:11 53248 ----a-w- C:\windows\System32\drivers\usbehci.sys2013-11-27 01:41:11 325120 ----a-w- C:\windows\System32\drivers\usbport.sys2013-11-27 01:41:09 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys2013-11-27 01:41:06 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys2013-11-27 01:41:03 7808 ----a-w- C:\windows\System32\drivers\usbd.sys2013-11-26 11:40:00 376768 ----a-w- C:\windows\System32\drivers\netio.sys2013-11-26 10:32:56 3156480 ----a-w- C:\windows\System32\win32k.sys2013-11-26 08:16:50 3419136 ----a-w- C:\windows\SysWow64\d2d1.dll2013-11-23 18:26:20 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll2013-11-23 17:47:34 465920 ----a-w- C:\windows\System32\WMPhoto.dll.============= FINISH: 9:25:11.35 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 02/09/2010 11:57:39 AMSystem Uptime: 02/18/2014 1:13:25 AM (80 hours ago).Motherboard: TOSHIBA | | Portable PCProcessor: Pentium® Dual-Core CPU T4400 @ 2.20GHz | CPU | 2200/800mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 288 GiB total, 208.364 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP313: 02/07/2014 6:50:32 PM - Scheduled CheckpointRP314: 02/07/2014 11:37:46 PM - Removed Java 6 Update 31RP315: 02/08/2014 12:56:56 PM - Installed Fitbit ConnectRP316: 02/11/2014 7:34:18 PM - Windows UpdateRP317: 02/16/2014 9:41:40 AM - Windows Update.==== Installed Programs ======================.Adobe Flash Player 10 ActiveX 64-bitAdobe Flash Player 12 ActiveXAdobe Flash Player 12 PluginAdobe Reader X (10.1.9)Aleks 3.16Aleks 3.18Algebra 1 Teaching TextbookAmazon KindleAmazon LinksApple Application SupportApple Mobile Device SupportApple Software UpdateArcSoft Panorama Maker 5Bejeweled 2 DeluxeBlackhawk Striker 2BonjourCanon Easy-WebPrint EXCanon IJ Network Scanner Selector EXCanon IJ Network ToolCanon IJ Scan UtilityCanon Inkjet Printer/Scanner/Fax Extended Survey ProgramCanon MG6300 series MP DriversCanon MG6300 series On-screen ManualCanon MG6300 series User RegistrationCanon My Image GardenCanon My Image Garden Design FilesCanon My PrinterCanon Quick MenuCinemaNow Media ManagerCitrix Online LauncherCompatibility Pack for the 2007 Office systemCoupon Printer for WindowsCoupons.com ToolbarD3DX10Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDirectX 9 RuntimeEdu-Track Home SchoolESET Online Scanner v3Faerie SolitaireFATE Undiscovered RealmsFitbit ConnectGoogle ChromeGoogle EarthGoogle Update HelperGoToMeeting 6.0.0.1259I.R.I.S. OCRIntel® Graphics Media Accelerator DriverIntel® Matrix Storage ManageriTunesJava 7 Update 7Java Auto UpdaterJavaFX 2.1.1Junk Mail filter updateLabel@Once 1.0Logos 4 PrerequisitesLogos Bible Software 4LSI V92 MOH ApplicationMalwarebytes Anti-Malware version 1.75.0.1300Mesh RuntimeMessenger CompanionMicrosoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Suite Activation AssistantMicrosoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft WorksMicrosoft Zoo TycoonMonopolyMotoConnectMotorola Driver Installation 4.6.0Move Media PlayerMSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Mystery P.I. - The Vegas HeistNetwork Recording PlayerNetZero LauncherNikon Message Center 2Norton Security SuiteOverDrive Media ConsolePicture Control UtilityPlayReady PC Runtime amd64Polar BowlerQuickbooks Financial CenterQuickTimeREA's TESTware for CLEP Western Civilization IREA's TESTware for the CLEP Analyzing and Interpreting LiteratureREA's TESTware for the CLEP SociologyRealtek Ethernet Controller DriverRealtek High Definition Audio DriverRealtek USB 2.0 Card ReaderRealtek WLAN DriverRoxio Activation ModuleRoxio BurnRoxio Burn ManagerRoxio Burn Manager CDBRoxio CinePlayerRoxio CinePlayer Decoder PackRoxio Creator 2009 Special EditionRoxio Creator 2010 ContentRoxio Creator 2010 Special EditionRoxio PhotoShowRoxio VenueRoxio Video Capture USBScrabble PlusSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553284) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687423) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826023) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826035) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2850016) 32-Bit EditionService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit EditionShopAtHome.com HelperShopAtHome.com ToolbarSkype LauncherSkype™ 5.10SmartSound Quicktracks PluginSpelling Dictionaries Support For Adobe Reader 9Spybot - Search & DestroySynaptics Pointing Device DriverTimez AttackTOSHIBA Application InstallerTOSHIBA AssistTOSHIBA Bulletin BoardTOSHIBA ConfigFreeTOSHIBA Disc CreatorTOSHIBA DVD PLAYERTOSHIBA eco UtilityTOSHIBA Extended Tiles for Windows Mobility CenterTOSHIBA Face RecognitionTOSHIBA Hardware SetupTOSHIBA HDD/SSD AlertTOSHIBA Internal Modem Region Select UtilityTOSHIBA Media ControllerToshiba Online BackupTOSHIBA PC Health MonitorTOSHIBA Quality ApplicationTOSHIBA Recovery Media CreatorTOSHIBA ReelTimeTOSHIBA Service StationTOSHIBA Software ModemTOSHIBA Speech System ApplicationsTOSHIBA Speech System SR Engine(U.S.) Version1.0TOSHIBA Speech System TTS Engine(U.S.) Version1.0TOSHIBA Supervisor PasswordTOSHIBA Value Added PackageTOSHIBA Web Camera ApplicationToshibaRegistrationUnity Web PlayerUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft Access 2010 (KB2553446) 32-Bit EditionUpdate for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit EditionUpdate for Microsoft InfoPath 2010 (KB2817369) 32-Bit EditionUpdate for Microsoft InfoPath 2010 (KB2817396) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2589298) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589352) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589375) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2597087) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760598) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2794737) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2825640) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2837583) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2850079) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2837595) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687567) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2553145) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2775360) 32-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit EditionUpdate for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit EditionUpdate for Microsoft Word 2010 (KB2837593) 32-Bit EditionUpdate Installer for WildTangent Games AppVD64InstVirtual FamiliesVirtual Villagers - The Secret CityVisual C++ 8.0 Runtime Setup Package (x64)VLC media player 1.1.11WildTangent GamesWildTangent Games AppWildTangent Games App (Toshiba Games)Windows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Messenger Companion CoreWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows Product Key Finder Pro® 2.3.==== Event Viewer Messages From Past Week ========.02/20/2014 9:26:18 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.02/20/2014 9:26:18 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.02/19/2014 9:24:12 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Kim-pc\Kim SID (S-1-5-21-2631828835-1692535062-918339071-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.02/19/2014 9:24:12 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Kim-pc\Kim SID (S-1-5-21-2631828835-1692535062-918339071-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.02/17/2014 8:57:48 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.02/17/2014 12:59:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.02/17/2014 12:58:44 PM, Error: Service Control Manager [7000] - The CouponXplorerService service failed to start due to the following error: The system cannot find the file specified.02/17/2014 12:54:47 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR10.02/17/2014 10:09:25 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.02/16/2014 12:15:03 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume movies.02/16/2014 12:15:03 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.02/16/2014 12:01:29 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.02/16/2014 11:59:41 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1..==== End Of File ===========================
- February 21, 2014
- 20 replies
fujymo

MrCharlie
Many, Many, Thanks. Appreciate how fastyou were on responses. Anyone else reading this I would highly Reccomend Mr.C . Thanks Again.
- February 19, 2014
I Believe My Computer is Infected

fujymo replied to fujymo's topic in Resolved Malware Removal Logs

MrCharlie, I noticed the Malwarebytes after I hit the sent. Here is the log and also the security log. Thanks, Dean Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.02.17.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16518 Dean :: DAD-PC [administrator] 2/18/2014 7:10:08 PM mbam-log-2014-02-18 (19-10-08).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 259496 Time elapsed: 13 minute(s), 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Results of screen317's Security Check version 0.99.79 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Security Suite WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 51 Adobe Flash Player 12.0.0.44 Flash Player out of Date! Adobe Reader XI Mozilla Firefox (27.0.1) Google Chrome 32.0.1700.102 Google Chrome 32.0.1700.107 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 3% ````````````````````End of Log``````````````````````
- February 19, 2014
- 12 replies
I Believe My Computer is Infected

fujymo replied to fujymo's topic in Resolved Malware Removal Logs

MrCharlie, Attached are the logs after the tasks above were completed. The computer is running much faster now and the internet comes on again with no delay. Thanks. RogueKiller V8.8.7 _x64_ [Feb 11 2014] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Dean [Admin rights] Mode : Scan -- Date : 02/18/2014 18:59:40 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 9 ¤¤¤ [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK3255GSX ATA Device +++++ --- User --- [MBR] 65c4b937a463004e9f20900d505ca31d [bSP] c89859bf5fea8b50d97d3a12fca46979 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 292665 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 599379968 | Size: 12576 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_02182014_185940.txt >> RKreport[0]_D_02182014_123511.txt;RKreport[0]_S_02182014_100204.txt;RKreport[0]_S_02182014_122146.txt RKreport[0]_S_02182014_130054.txt;RKreport[0]_S_02182014_185727.txt # AdwCleaner v3.019 - Report created 18/02/2014 at 19:02:56 # Updated 17/02/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Dean - DAD-PC # Running from : C:\Users\Dean\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Dean\AppData\LocalLow\boost_interprocess File Deleted : C:\Users\Kelsey\AppData\Roaming\Mozilla\Firefox\Profiles\13r8ul70.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Deleted : HKCU\Software\BrowserCompanion Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16518 -\\ Mozilla Firefox v27.0.1 (en-US) [ File : C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\uqt5zcqf.default\prefs.js ] [ File : C:\Users\Kelsey\AppData\Roaming\Mozilla\Firefox\Profiles\13r8ul70.default\prefs.js ] Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", ""); Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112050&tt=010712_5"); Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "4cd25b84000000000000001e650eb85f"); Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "4cd25b84000000000000001e650eb85f"); Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15523"); Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.178:52:04"); Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); -\\ Google Chrome v [ File : C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : icon_url ************************* AdwCleaner[R0].txt - [4499 octets] - [18/02/2014 19:01:47] AdwCleaner[s0].txt - [4066 octets] - [18/02/2014 19:02:56] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4126 octets] ##########
- February 19, 2014
- 12 replies
I Believe My Computer is Infected

fujymo replied to fujymo's topic in Resolved Malware Removal Logs

About the proxy--I had to set up a proxy a couple years ago. Currently my settings in my computer are set to "NO PROXY". Here is the log from the ComboFix. Thanks.. ComboFix 14-02-18.01 - Dean 02/18/2014 16:27:40.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.1917 [GMT -5:00] Running from: c:\users\Dean\Downloads\ComboFix.exe AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\users\Dean\AppData\Roaming\Desktopicon c:\users\Dean\Documents\~WRL0614.tmp c:\users\Dean\Documents\~WRL1016.tmp c:\users\Dean\Documents\~WRL1725.tmp c:\users\Dean\Documents\~WRL1761.tmp c:\users\Dean\Documents\~WRL3279.tmp c:\users\Dean\Documents\~WRL3511.tmp . . ((((((((((((((((((((((((( Files Created from 2014-01-18 to 2014-02-18 ))))))))))))))))))))))))))))))) . . 2014-02-18 21:36 . 2014-02-18 21:36 -------- d-----w- c:\users\Kelsey\AppData\Local\temp 2014-02-18 21:36 . 2014-02-18 21:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-02-16 12:35 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll 2014-02-16 12:35 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll 2014-02-13 21:34 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2014-02-13 21:34 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2014-02-13 21:34 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll 2014-02-13 21:34 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2014-02-07 18:41 . 2014-02-07 18:42 -------- d-----w- c:\windows\SysWow64\C2MP 2014-02-07 15:33 . 2014-02-07 15:33 -------- d-----w- c:\program files (x86)\Common Files\Java 2014-02-07 15:32 . 2014-02-07 15:31 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-02-16 12:54 . 2010-01-16 03:51 88567024 ----a-w- c:\windows\system32\MRT.exe 2014-02-11 14:50 . 2013-08-21 02:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-02-11 14:50 . 2013-08-21 02:11 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-12-03 21:19 . 2013-12-03 21:19 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-12-03 21:19 . 2013-12-03 21:19 194048 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-12-03 21:19 . 2013-12-03 21:19 942592 ----a-w- c:\windows\system32\jsIntl.dll 2013-12-03 21:19 . 2013-12-03 21:19 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-12-03 21:19 . 2013-12-03 21:19 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-12-03 21:19 . 2013-12-03 21:19 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-12-03 21:19 . 2013-12-03 21:19 84992 ----a-w- c:\windows\system32\mshtmled.dll 2013-12-03 21:19 . 2013-12-03 21:19 83968 ----a-w- c:\windows\system32\MshtmlDac.dll 2013-12-03 21:19 . 2013-12-03 21:19 81408 ----a-w- c:\windows\system32\icardie.dll 2013-12-03 21:19 . 2013-12-03 21:19 774144 ----a-w- c:\windows\system32\jscript.dll 2013-12-03 21:19 . 2013-12-03 21:19 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-12-03 21:19 . 2013-12-03 21:19 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-12-03 21:19 . 2013-12-03 21:19 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-12-03 21:19 . 2013-12-03 21:19 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll 2013-12-03 21:19 . 2013-12-03 21:19 62464 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-12-03 21:19 . 2013-12-03 21:19 62464 ----a-w- c:\windows\system32\pngfilt.dll 2013-12-03 21:19 . 2013-12-03 21:19 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2013-12-03 21:19 . 2013-12-03 21:19 616104 ----a-w- c:\windows\system32\ieapfltr.dat 2013-12-03 21:19 . 2013-12-03 21:19 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-12-03 21:19 . 2013-12-03 21:19 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-12-03 21:19 . 2013-12-03 21:19 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-12-03 21:19 . 2013-12-03 21:19 48128 ----a-w- c:\windows\system32\imgutil.dll 2013-12-03 21:19 . 2013-12-03 21:19 453120 ----a-w- c:\windows\system32\dxtmsft.dll 2013-12-03 21:19 . 2013-12-03 21:19 413696 ----a-w- c:\windows\system32\html.iec 2013-12-03 21:19 . 2013-12-03 21:19 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2013-12-03 21:19 . 2013-12-03 21:19 36352 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-12-03 21:19 . 2013-12-03 21:19 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2013-12-03 21:19 . 2013-12-03 21:19 337408 ----a-w- c:\windows\SysWow64\html.iec 2013-12-03 21:19 . 2013-12-03 21:19 30208 ----a-w- c:\windows\system32\licmgr10.dll 2013-12-03 21:19 . 2013-12-03 21:19 296960 ----a-w- c:\windows\system32\dxtrans.dll 2013-12-03 21:19 . 2013-12-03 21:19 263376 ----a-w- c:\windows\system32\iedkcs32.dll 2013-12-03 21:19 . 2013-12-03 21:19 247808 ----a-w- c:\windows\system32\msls31.dll 2013-12-03 21:19 . 2013-12-03 21:19 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-12-03 21:19 . 2013-12-03 21:19 243200 ----a-w- c:\windows\system32\webcheck.dll 2013-12-03 21:19 . 2013-12-03 21:19 235520 ----a-w- c:\windows\system32\url.dll 2013-12-03 21:19 . 2013-12-03 21:19 235008 ----a-w- c:\windows\system32\elshyph.dll 2013-12-03 21:19 . 2013-12-03 21:19 182272 ----a-w- c:\windows\SysWow64\msls31.dll 2013-12-03 21:19 . 2013-12-03 21:19 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-12-03 21:19 . 2013-12-03 21:19 151552 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-12-03 21:19 . 2013-12-03 21:19 147968 ----a-w- c:\windows\system32\occache.dll 2013-12-03 21:19 . 2013-12-03 21:19 143872 ----a-w- c:\windows\system32\wextract.exe 2013-12-03 21:19 . 2013-12-03 21:19 139264 ----a-w- c:\windows\SysWow64\wextract.exe 2013-12-03 21:19 . 2013-12-03 21:19 13824 ----a-w- c:\windows\system32\mshta.exe 2013-12-03 21:19 . 2013-12-03 21:19 135680 ----a-w- c:\windows\system32\iepeers.dll 2013-12-03 21:19 . 2013-12-03 21:19 13312 ----a-w- c:\windows\SysWow64\mshta.exe 2013-12-03 21:19 . 2013-12-03 21:19 13312 ----a-w- c:\windows\system32\msfeedssync.exe 2013-12-03 21:19 . 2013-12-03 21:19 131072 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-12-03 21:19 . 2013-12-03 21:19 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-12-03 21:19 . 2013-12-03 21:19 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-12-03 21:19 . 2013-12-03 21:19 105984 ----a-w- c:\windows\system32\iesysprep.dll 2013-12-03 21:19 . 2013-12-03 21:19 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-12-03 21:19 . 2013-12-03 21:19 101376 ----a-w- c:\windows\system32\inseng.dll 2013-11-30 01:02 . 2011-07-13 00:56 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2013-11-27 01:41 . 2014-01-15 21:39 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2013-11-27 01:41 . 2014-01-15 21:39 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-11-27 01:41 . 2014-01-15 21:39 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys 2013-11-27 01:41 . 2014-01-15 21:39 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-11-27 01:41 . 2014-01-15 21:39 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2013-11-27 01:41 . 2014-01-15 21:39 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2013-11-27 01:41 . 2014-01-15 21:39 7808 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-11-26 11:40 . 2014-01-15 21:39 376768 ----a-w- c:\windows\system32\drivers\netio.sys 2013-11-26 10:32 . 2014-01-15 21:39 3156480 ----a-w- c:\windows\system32\win32k.sys 2013-11-23 18:26 . 2013-12-11 02:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-11-23 17:47 . 2013-12-11 02:26 465920 ----a-w- c:\windows\system32\WMPhoto.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640] "QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2008-09-24 468264] "CPMonitor"="c:\program files (x86)\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-09-11 450560] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-08-29 1861968] "CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 1273448] "IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-03-26 449168] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ CodecPackUpdateChecker.lnk - c:\windows\SysWOW64\C2MP\UpdateChecker.exe [2013-8-29 48200] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_Dlls"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [x] R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x] R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x] R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x] R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys;c:\windows\SYSNATIVE\DRIVERS\motport.sys [x] R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x] R3 RoxMediaDB12;RoxMediaDB12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [x] S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140217.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140217.001\IDSvia64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1501000.012\SYMNETS.SYS [x] S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x] S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x] S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [x] S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe;c:\program files (x86)\SMINST\BLService.exe [x] S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x] S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 76688812 *Deregistered* - 76688812 *Deregistered* - AvgTdiA . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-01-22 15:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2014-02-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21 14:50] . 2014-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-04 00:28] . 2014-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-04 00:28] . 2014-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1318318006-2019795328-90524039-1000Core.job - c:\users\Dean\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-09 09:45] . 2014-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1318318006-2019795328-90524039-1000UA.job - c:\users\Dean\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-09 09:45] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = 127.0.0.1:7212 uInternet Settings,ProxyOverride = <local>;*.local;192.168.*.* IE: Convert link target to Adobe PDF IE: Convert link target to existing PDF IE: Convert selected links to Adobe PDF IE: Convert selected links to existing PDF IE: Convert selection to Adobe PDF IE: Convert selection to existing PDF IE: Convert to Adobe PDF IE: Convert to existing PDF Trusted Zone: cinemanow.com Trusted Zone: qflix.com Trusted Zone: roxio.com Trusted Zone: skillport.com Trusted Zone: skillwsa.com Trusted Zone: sonic.com\redirect Trusted Zone: sonic.com\redirect2 TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 FF - ProfilePath - c:\users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\uqt5zcqf.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: network.proxy.socks - 127.0.0.1 FF - prefs.js: network.proxy.socks_port - 9050 FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: !HIDDEN! 2010-01-06 12:33; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS REMOVED - - - - . SafeBoot-76688812.sys HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Dean\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.1.0.18\diMaster.dll\" /prefetch:1" "ImagePath"="\SystemRoot\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS" "TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.1.0.18;c:\program files (x86)\Norton Security Suite\Engine64\21.1.0.18" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1] @="131473" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-02-18 16:40:11 ComboFix-quarantined-files.txt 2014-02-18 21:40 . Pre-Run: 42,417,704,960 bytes free Post-Run: 42,332,844,032 bytes free . - - End Of File - - 7029171DC52908F747AF3B2AE8A8C550 A36C5E4F47E84449FF07ED3517B43A31
- February 18, 2014
- 12 replies
I Believe My Computer is Infected

fujymo replied to fujymo's topic in Resolved Malware Removal Logs

I performed the tasks requested and the [PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:7212 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND is under the proxy tab. Not sure if and how to delete this. The Kaspersky scan did not find anything and the 2 logs along with the new RK log are attached. Thanks RogueKiller V8.8.7 _x64_ [Feb 11 2014] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Dean [Admin rights] Mode : Scan -- Date : 02/18/2014 13:00:54 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] {933F53D6-9285-48F7-AB63-45818E0757C5}.exe -- C:\Users\Dean\AppData\Local\Temp\{933F53D6-9285-48F7-AB63-45818E0757C5}.exe [7] -> KILLED [TermThr] ¤¤¤ Registry Entries : 8 ¤¤¤ [PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:7212 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK3255GSX ATA Device +++++ --- User --- [MBR] 65c4b937a463004e9f20900d505ca31d [bSP] c89859bf5fea8b50d97d3a12fca46979 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 292665 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 599379968 | Size: 12576 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_02182014_130054.txt >> RKreport[0]_D_02182014_123511.txt;RKreport[0]_S_02182014_100204.txt;RKreport[0]_S_02182014_122146.txt 12:36:30.0169 0x1568 TDSS rootkit removing tool 3.0.0.23 Feb 10 2014 23:32:41 12:36:37.0447 0x1568 ============================================================ 12:36:37.0447 0x1568 Current date / time: 2014/02/18 12:36:37.0447 12:36:37.0447 0x1568 SystemInfo: 12:36:37.0447 0x1568 12:36:37.0447 0x1568 OS Version: 6.1.7601 ServicePack: 1.0 12:36:37.0447 0x1568 Product type: Workstation 12:36:37.0447 0x1568 ComputerName: DAD-PC 12:36:37.0448 0x1568 UserName: Dean 12:36:37.0448 0x1568 Windows directory: C:\Windows 12:36:37.0448 0x1568 System windows directory: C:\Windows 12:36:37.0448 0x1568 Running under WOW64 12:36:37.0448 0x1568 Processor architecture: Intel x64 12:36:37.0448 0x1568 Number of processors: 2 12:36:37.0448 0x1568 Page size: 0x1000 12:36:37.0448 0x1568 Boot type: Normal boot 12:36:37.0448 0x1568 ============================================================ 12:36:40.0481 0x1568 KLMD registered as C:\Windows\system32\drivers\03985395.sys 12:36:40.0748 0x1568 System UUID: {96C64C7B-426B-01FD-652C-2AE27D50DD6E} 12:36:41.0749 0x1568 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x13135, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x7F, Type 'K0', Flags 0x00000040 12:36:41.0759 0x1568 ============================================================ 12:36:41.0759 0x1568 \Device\Harddisk0\DR0: 12:36:41.0759 0x1568 MBR partitions: 12:36:41.0759 0x1568 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x23B9C800 12:36:41.0759 0x1568 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23B9D000, BlocksNum 0x1890000 12:36:41.0759 0x1568 ============================================================ 12:36:41.0790 0x1568 C: <-> \Device\Harddisk0\DR0\Partition1 12:36:41.0842 0x1568 D: <-> \Device\Harddisk0\DR0\Partition2 12:36:41.0843 0x1568 ============================================================ 12:36:41.0843 0x1568 Initialize success 12:36:41.0843 0x1568 ============================================================ 12:37:46.0118 0x0b20 KLMD registered as C:\Windows\system32\drivers\46658497.sys 12:37:47.0945 0x0b20 Deinitialize success TDSSKiller.3.0.0.23_18.02.2014_12.40.25_log.txt
- February 18, 2014
- 12 replies
I Believe My Computer is Infected

fujymo replied to fujymo's topic in Resolved Malware Removal Logs

MrCharlie, Thank you for the help. Here is the info you reqested: RogueKiller V8.8.7 _x64_ [Feb 11 2014] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Dean [Admin rights] Mode : Scan -- Date : 02/18/2014 10:02:04 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 10 ¤¤¤ [RUN][sUSP PATH] HKUS\.DEFAULT\[...]\Run : QNB2EB90WX (C:\Windows\TEMP\Nv0.exe [x]) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-18\[...]\Run : QNB2EB90WX (C:\Windows\TEMP\Nv0.exe [x]) -> FOUND [PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:7212 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 22 ¤¤¤ [V1][sUSP PATH] At1.job : C:\Users\Dean\AppData\Local\Temp\tbmain.exe [x] -> FOUND [V1][sUSP PATH] At10.job : C:\Windows\TEMP\esentutlb.exe [x] -> FOUND [V1][sUSP PATH] At11.job : C:\Windows\TEMP\esentutlb.exe [x] -> FOUND [V1][sUSP PATH] At2.job : C:\Users\Dean\AppData\Local\Temp\tbmain.exe [x] -> FOUND [V1][sUSP PATH] At3.job : C:\Windows\TEMP\esentutlb.exe [x] -> FOUND [V1][sUSP PATH] At4.job : C:\Windows\TEMP\esentutlb.exe [x] -> FOUND [V1][sUSP PATH] At5.job : C:\Windows\TEMP\esentutlb.exe [x] -> FOUND [V1][sUSP PATH] At6.job : C:\Windows\TEMP\esentutlb.exe [x] -> FOUND [V1][sUSP PATH] At7.job : C:\Windows\TEMP\esentutlb.exe [x] -> FOUND [V1][sUSP PATH] At8.job : C:\Windows\TEMP\esentutlb.exe [x] -> FOUND [V1][sUSP PATH] At9.job : C:\Windows\TEMP\esentutlb.exe [x] -> FOUND [V2][sUSP PATH] At1 : C:\Users\Dean\AppData\Local\Temp\tbmain.exe [x] -> FOUND [V2][sUSP PATH] At10 : C:\Windows\TEMP\esentutlb.exe [x] -> FOUND [V2][sUSP PATH] At11 : C:\Windows\TEMP\esentutlb.exe [x] -> FOUND [V2][sUSP PATH] At2 : C:\Users\Dean\AppData\Local\Temp\tbmain.exe [x] -> FOUND [V2][sUSP PATH] At3 : C:\Windows\TEMP\esentutlb.exe [x] -> FOUND [V2][sUSP PATH] At4 : C:\Windows\TEMP\esentutlb.exe [x] -> FOUND [V2][sUSP PATH] At5 : C:\Windows\TEMP\esentutlb.exe [x] -> FOUND [V2][sUSP PATH] At6 : C:\Windows\TEMP\esentutlb.exe [x] -> FOUND [V2][sUSP PATH] At7 : C:\Windows\TEMP\esentutlb.exe [x] -> FOUND [V2][sUSP PATH] At8 : C:\Windows\TEMP\esentutlb.exe [x] -> FOUND [V2][sUSP PATH] At9 : C:\Windows\TEMP\esentutlb.exe [x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK3255GSX ATA Device +++++ --- User --- [MBR] 65c4b937a463004e9f20900d505ca31d [bSP] c89859bf5fea8b50d97d3a12fca46979 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 292665 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 599379968 | Size: 12576 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_02182014_100204.txt >>
- February 18, 2014
- 12 replies
I Believe My Computer is Infected

fujymo posted a topic in Resolved Malware Removal Logs

Hello, I believe my computer is infected with some kind of malware. It was infected a couple weeks ago, do not remember with what, and malwarebytes and ESET online appeared to take care of it. Now it seems slow and takes a minute or two to connect to the internet on startup--prior to the scans it connected instantly. Thanks, Fujymo DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2 Run by Dean at 9:26:46 on 2014-02-18 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.1938 [GMT -5:00] . AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe C:\Program Files (x86)\SMINST\BLService.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\DRIVERS\xaudio64.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\ehome\ehmsas.exe C:\Windows\SysWOW64\C2MP\UpdateChecker.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files (x86)\Hp\QuickPlay\QPService.exe C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe C:\Windows\SysWOW64\schtasks.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\splwow64.exe C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE C:\Users\Dean\AppData\Local\Logos4\System\LogosCom.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uProxyServer = 127.0.0.1:7212 uProxyOverride = <local>;*.local;192.168.*.* mWinlogon: Userinit = userinit.exe, BHO: {0A87E45F-537A-40B4-B812-E2544C21A09F} - <orphaned> BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\ipsbho.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coieplg.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coieplg.dll EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe uRun: [Google Update] "C:\Users\Dean\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" mRun: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon mRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" dRun: [QNB2EB90WX] C:\Windows\TEMP\Nv0.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CODECP~1.LNK - C:\Windows\SysWOW64\C2MP\UpdateChecker.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Convert link target to Adobe PDF - <no file> IE: Convert link target to existing PDF - <no file> IE: Convert selected links to Adobe PDF - <no file> IE: Convert selected links to existing PDF - <no file> IE: Convert selection to Adobe PDF - <no file> IE: Convert selection to existing PDF - <no file> IE: Convert to Adobe PDF - <no file> IE: Convert to existing PDF - <no file> IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1 TCP: Interfaces\{E40715EC-36A3-42AD-8919-164D2B295ED7} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 TCP: Interfaces\{E40715EC-36A3-42AD-8919-164D2B295ED7}\14355535 : DHCPNameServer = 192.168.1.1 184.63.160.69 TCP: Interfaces\{E40715EC-36A3-42AD-8919-164D2B295ED7}\14356434 : DHCPNameServer = 10.5.0.2 TCP: Interfaces\{E40715EC-36A3-42AD-8919-164D2B295ED7}\24F696E676F60284F6473707F647 : DHCPNameServer = 10.1.0.2 TCP: Interfaces\{E40715EC-36A3-42AD-8919-164D2B295ED7}\25A44477962756C6563737 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{E40715EC-36A3-42AD-8919-164D2B295ED7}\2637577657563747 : DHCPNameServer = 10.64.4.7 10.0.4.7 TCP: Interfaces\{E40715EC-36A3-42AD-8919-164D2B295ED7}\6596C6C61676560284F6573756 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 SSODL: WebCheck - <orphaned> mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\uqt5zcqf.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: network.proxy.socks - 127.0.0.1 FF - prefs.js: network.proxy.socks_port - 9050 FF - prefs.js: network.proxy.type - 0 FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll FF - plugin: C:\Users\Dean\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll FF - ExtSQL: !HIDDEN! 2010-01-06 12:33; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-22 55280] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1501000.012\SymDS64.sys [2013-11-29 493656] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1501000.012\SymEFA64.sys [2013-11-29 1147480] R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [2014-2-7 1526488] R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1501000.012\ccSetx64.sys [2013-11-29 162392] R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140217.001\IDSviA64.sys [2014-2-17 521944] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1501000.012\Ironx64.sys [2013-11-29 264280] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1501000.012\symnets.sys [2013-11-29 590936] R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2009-6-23 127352] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-1-27 226624] R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [2013-11-29 264360] R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-4-20 365952] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-11-5 1153368] R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2007-10-31 293376] R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-4-20 227896] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-12-3 137648] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-7-10 139264] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-6 216064] R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-7-24 219632] S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-16 111616] S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2009-1-29 9216] S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2010-4-1 26624] S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2010-1-25 10240] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 RoxMediaDB12;RoxMediaDB12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-7-24 1116656] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-20 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-29 1255736] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] . =============== File Associations =============== . ShellExec: FRONTPG.EXE: edit=C:\PROGRA~2\MICROS~2\Office10\FRONTPG.EXE . =============== Created Last 30 ================ . 2014-02-16 12:35:49 548864 ----a-w- C:\Windows\System32\vbscript.dll 2014-02-16 12:35:49 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll 2014-02-15 02:58:54 93808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe 2014-02-13 21:35:49 1882112 ----a-w- C:\Windows\System32\msxml3.dll 2014-02-13 21:34:51 3928064 ----a-w- C:\Windows\System32\d2d1.dll 2014-02-13 21:34:51 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll 2014-02-13 21:34:51 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2014-02-13 21:34:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll 2014-02-07 18:41:38 -------- d-----w- C:\Windows\SysWow64\C2MP 2014-02-07 15:32:02 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll . ==================== Find3M ==================== . 2014-02-11 14:50:31 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-02-11 14:50:31 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll 2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll 2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll 2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll 2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll 2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll 2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll 2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll 2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll 2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll 2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll 2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe 2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe 2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe 2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe 2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll 2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll 2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll 2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll 2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll 2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe 2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe 2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe 2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe 2013-11-30 01:02:30 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys 2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys 2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys 2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll 2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll . ============= FINISH: 9:27:06.88 =============== DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 1/6/2010 2:14:12 PM System Uptime: 2/17/2014 9:10:21 PM (12 hours ago) . Motherboard: Wistron | | 3612 Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz | CPU | 2100/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 286 GiB total, 39.279 GiB free. D: is FIXED (NTFS) - 12 GiB total, 1.956 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP361: 12/11/2013 5:20:54 PM - Windows Update RP362: 12/15/2013 12:37:42 PM - Windows Update RP363: 12/18/2013 10:30:54 PM - Installed Logos Bible Software 4 RP364: 12/27/2013 4:33:28 PM - Scheduled Checkpoint RP365: 1/5/2014 5:43:31 PM - Scheduled Checkpoint RP366: 1/5/2014 10:02:06 PM - Removed Samsung Kies RP367: 1/5/2014 10:57:54 PM - Removed SUABnR RP368: 1/16/2014 6:24:44 PM - Windows Update RP369: 1/25/2014 2:08:50 PM - Scheduled Checkpoint RP370: 2/1/2014 8:15:51 PM - Scheduled Checkpoint RP371: 2/7/2014 10:17:57 AM - Removed Java 7 Update 45 RP372: 2/7/2014 10:31:11 AM - Installed Java 7 Update 51 RP373: 2/16/2014 7:30:52 AM - Windows Update RP374: 2/16/2014 8:31:23 AM - Windows Update . ==== Installed Programs ====================== . 64 Bit HP CIO Components Installer ACDSee Acrobat.com Adobe AIR Adobe Community Help Adobe Flash Player 12 ActiveX Adobe Flash Player 12 Plugin Adobe Photoshop CS5 Adobe Photoshop Elements 6.0 Adobe Reader XI (11.0.06) Amazon Kindle AnswerWorks 5.0 English Runtime Any Video Converter 3.5.8 Apple Application Support Apple Mobile Device Support Apple Software Update Bonjour CamStudio Canon Easy-WebPrint EX Canon IJ Network Scanner Selector EX Canon IJ Network Tool Canon IJ Scan Utility Canon MG6300 series MP Drivers Canon MG6300 series On-screen Manual Canon MG6300 series User Registration Canon My Image Garden Canon My Image Garden Design Files Canon My Printer Canon Quick Menu CCleaner CDCheck CinemaNow Media Manager Cisco Connect Comcast Access Compatibility Pack for the 2007 Office system CyberLink DVD Suite CyberLink YouCam DirectX 9 Runtime DivX Converter DivX Player DivX Plus DirectShow Filters DivX Setup DivX Version Checker DivX Web Player DVDFab 8.0.7.3 (29/01/2011) eMule MorphXT 12.6 ESET Online Scanner v3 ESU for Microsoft Vista Google Chrome Google Earth Google Update Helper HDAUDIO Soft Data Fax Modem with SmartCP HP Doc Viewer HP DVD Play 3.7 HP Quick Launch Buttons Intel® Graphics Media Accelerator Driver iTunes Java 7 Update 51 Java Auto Updater Juno Preloader K-Lite Codec Pack 4.0.0 (Full) LightScribe System Software Logos 4 Prerequisites Logos Bible Software 4 Malwarebytes Anti-Malware version 1.75.0.1300 MariusSoft Disk Scrubber Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft .NET Framework 4 Client Profile Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office XP Professional with FrontPage Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Microsoft_VC80_ATL_x86 Microsoft_VC80_ATL_x86_x64 Microsoft_VC80_CRT_x86 Microsoft_VC80_CRT_x86_x64 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFC_x86_x64 Microsoft_VC80_MFCLOC_x86 Microsoft_VC80_MFCLOC_x86_x64 Microsoft_VC90_ATL_x86 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFC_x86_x64 MotoHelper 2.0.45 Driver 5.0.0 MotoHelper MergeModules Motorola Mobile Drivers Installation 5.0.0 Mozilla Firefox 27.0.1 (x86 en-US) Mozilla Maintenance Service MP4 Player MSVCRT Redists MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee Reveal NetWaiting Norton Security Suite NTFS Undelete v0.94 Octoshape add-in for Adobe Flash Player PDF Settings CS5 PDF Split And Merge Basic Player Power2Go PowerDirector QLBCASL Quicken 2010 QuickTime REA's TESTware for CLEP Western Civilization II Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek USB 2.0 Card Reader Roxio Activation Module Roxio Burn Roxio Burn Manager Roxio Burn Manager CDB Roxio CinePlayer Roxio CinePlayer Decoder Pack Roxio Creator 2009 Special Edition Roxio Creator 2010 Content Roxio Creator 2010 Special Edition Roxio PhotoShow Roxio Venue Roxio Video Capture USB Safari Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2) Sid Meier's Civilization 4 Sigil 0.6.0 SmartSound Quicktracks Plugin Spybot - Search & Destroy Synaptics Pointing Device Driver Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) VC80CRTRedist - 8.0.50727.6195 VD64Inst VDownloader 1.0 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Visual C++ 8.0 Runtime Setup Package (x64) VLC media player 2.1.3 Windows 7 Codec Pack 4.0.8 WinRAR archiver Xvid 1.2.2 final uninstall . ==== Event Viewer Messages From Past Week ======== . 2/17/2014 9:17:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service. 2/16/2014 8:36:37 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 2/16/2014 8:35:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect. 2/16/2014 7:56:48 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 for x64-based Systems (KB2919469). 2/16/2014 7:56:47 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2898857). 2/16/2014 11:52:54 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service. 2/16/2014 11:21:54 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service. . ==== End Of File ===========================
- February 18, 2014
- 12 replies
Not able to Update Win XP

fujymo posted a topic in Resolved Malware Removal Logs

Hello, The computer has had several things on it that Malwarebytes has been able to catch. A couple weeks ago everything was hidden on the computer and now nothing can be updated and I cannot intstall antivirus protection software. Thanks for your help. attach.txt dds.txt
- March 6, 2012
- 2 replies
Help Removing Malware Win 7

fujymo posted a topic in Resolved Malware Removal Logs

Hello, Thanks in advance. This is my daughters computer and she informed me all the computer data was gone. upon looking the computer over everything was hidden. After many attempts I mangaged to get Malwarebytes installed and scanned the computer. Popups were almost non-stop and any new Icons such as Malwarebytes were being deleted and hidden as fast as I could get them installed. I managed to get them manageable, however now nothing will update and I cannot install any new virus protecton software. Everyime the computer is scanned in safe made somthing new comes up. Thanks Again, DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_21 Run by mom at 21:02:52 on 2012-03-05 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1151.405 [GMT -5:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\Power Management\CePMTray.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\EzButton\EzButton.EXE C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\SFT\GuardedID\gidd.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe C:\Documents and Settings\All Users\Documents\Norton\{3A7FA539-8005-4603-87D2-SOS1-NSS-v5}\Norton_Download_Manager.exe C:\Program Files\Constant Guard Protection Suite\IDVault.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\svchost.exe -k imgsvc c:\Toshiba\Ivp\Swupdate\swupdtmr.exe C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe C:\WINDOWS\system32\wuauclt.exe c:\progra~1\common~1\instal~1\update~1\isuspm.exe C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\xfin_portal\CIDGlobalLight.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\WINDOWS\system32\wuauclt.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://xfinity.comcast.net/?cid=cgps02192012 uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com uURLSearchHooks: H - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\program files\constant guard protection suite\NativeBHO.dll BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - c:\program files\xfin_portal\auxi\comcastAu.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File TB: {DD02A4EB-4AFD-4D60-99D8-E67F964CA813} - No File uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [sonic RecordNow!] uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide uRun: [Norton Download Manager{3A7FA539-8005-4603-87D2-SOS1-NSS-v5}] c:\documents and settings\all users\documents\norton\{3a7fa539-8005-4603-87d2-sos1-nss-v5}\Norton_Download_Manager.exe /m mRun: [CeEKEY] c:\program files\toshiba\e-key\CeEKey.exe mRun: [CeEPOWER] c:\program files\toshiba\power management\CePMTray.exe mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [EzButton] c:\program files\ezbutton\EzButton.EXE mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe mRun: [NDSTray.exe] NDSTray.exe mRun: [CFSServ.exe] CFSServ.exe -NoClient mRun: [Notebook Maximizer] c:\program files\notebook maximizer\maximizer_startup.exe mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg mRun: [uSB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [GIDDesktop] c:\program files\sft\guardedid\gidd.exe /s mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" dRun: [dplaysvr] %APPDATA%\dplaysvr.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe mPolicies-system: NoDispSettingsPage = 0 (0x0) IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML IE: &Search - ?p=ZJfox000 IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm IE: { - c:\program files\messenger\msmsgs.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - hxxp://download.abacast.com/download/files/abasetup162.cab TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 TCP: Interfaces\{53BDD093-E69D-4519-A965-0327408B864E} : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{53BDD093-E69D-4519-A965-0327408B864E} : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 Notify: GIDLogonXP - GIDLogonXP.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v Hosts: 94.63.147.16 www.google.com Hosts: 94.63.147.17 www.bing.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\mom\application data\mozilla\firefox\profiles\zqm59rzq.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2086743&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2086743&q= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 62545 FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\mom\application data\mozilla\firefox\profiles\zqm59rzq.default\extensions\{4b9bcce8-a70b-402a-a7e1-db96831ee26f}\components\dtTransparency.dll FF - component: c:\documents and settings\mom\application data\mozilla\firefox\profiles\zqm59rzq.default\extensions\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}\components\FFExternalAlert.dll FF - component: c:\documents and settings\mom\application data\mozilla\firefox\profiles\zqm59rzq.default\extensions\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}\components\RadioWMPCore.dll FF - plugin: c:\documents and settings\mom\application data\facebook\npfbplugin_1_0_1.dll FF - plugin: c:\documents and settings\mom\application data\mozilla\firefox\profiles\zqm59rzq.default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll FF - plugin: c:\documents and settings\mom\application data\mozilla\firefox\profiles\zqm59rzq.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPcol308.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npImgCtl.dll FF - plugin: c:\program files\mozilla firefox\plugins\NpIpx32.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com FF - Ext: Coupon Manager: {0C7E3F01-99E9-4095-9BDC-F84724960B57} - %profile%\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: PHPNukeEN Toolbar: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - %profile%\extensions\{dd02a4eb-4afd-4d60-99d8-e67f964ca813} FF - Ext: XFINITYToolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - %profile%\extensions\{4b9bcce8-a70b-402a-a7e1-db96831ee26f} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff . ============= SERVICES / DRIVERS =============== . R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2012-2-19 25232] R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2008-12-20 33824] R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408] R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2012-2-15 65096] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-17 652360] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-17 20464] S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;d:\kelsey\elements 9 organizer\photoshopelementsfileagent.exe --> d:\kelsey\elements 9 organizer\PhotoshopElementsFileAgent.exe [?] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 SydexFDD;Sydex Diskette Driver;c:\windows\system32\drivers\sydexfdd.sys --> c:\windows\system32\drivers\sydexfdd.sys [?] . =============== Created Last 30 ================ . 2012-03-02 00:34:12 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-02-29 01:39:36 -------- d-----w- C:\spoolerlogs 2012-02-20 04:05:07 -------- d-----w- c:\documents and settings\mom\application data\comcasttb 2012-02-20 03:17:43 -------- d-----w- c:\documents and settings\all users\application data\Norton 2012-02-20 02:45:07 -------- d-----w- c:\documents and settings\all users\application data\IsolatedStorage 2012-02-20 02:45:03 -------- d-----w- c:\documents and settings\mom\local settings\application data\ID Vault 2012-02-20 02:44:02 -------- d-----w- c:\documents and settings\mom\application data\ID Vault 2012-02-20 02:43:14 25232 ------w- c:\windows\system32\drivers\gidv2.sys 2012-02-20 02:43:08 -------- d-----w- c:\documents and settings\all users\GID 2012-02-20 02:43:03 -------- d-----w- c:\program files\SFT 2012-02-20 02:42:44 -------- d-----w- c:\documents and settings\mom\application data\CallingID 2012-02-20 02:42:30 -------- d-----w- c:\program files\comcasttb 2012-02-20 02:42:17 -------- d-----w- c:\program files\CA 2012-02-20 02:41:33 -------- d-----w- c:\documents and settings\mom\application data\xfin_portal 2012-02-20 02:41:28 -------- d-----w- c:\program files\xfin_portal 2012-02-20 02:41:15 -------- d-----w- c:\program files\Constant Guard Protection Suite 2012-02-20 02:40:45 -------- d-----w- c:\documents and settings\all users\application data\White Sky, Inc 2012-02-18 17:00:01 -------- d-----w- c:\documents and settings\mom\application data\PriceGong 2012-02-18 14:52:21 -------- d-----w- C:\7052d45f17328a2256 2012-02-18 04:29:04 -------- d-----w- c:\documents and settings\mom\application data\Malwarebytes 2012-02-18 04:28:46 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-02-18 04:28:41 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-18 04:28:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-18 03:57:52 -------- d-----w- c:\documents and settings\mom\application data\6C408 2012-02-17 05:17:01 -------- d-----w- C:\6C408 2012-02-17 05:16:11 -------- d-----w- c:\program files\0871F 2012-02-17 05:15:28 -------- d-----w- c:\program files\LP 2012-02-13 15:24:21 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2012-02-13 15:24:19 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2012-02-13 15:22:04 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys . ==================== Find3M ==================== . 2012-02-21 03:47:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 . CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process. device: opened successfully user: error reading MBR . Disk trace: called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8889549F]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8889c738]; MOV EAX, [0x8889c8ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x88B85AB8] 3 CLASSPNP[0xBA108FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\0000007c[0x88B43980] 5 ACPI[0xBA05F620] -> nt!IofCallDriver[0x804E13B9] -> [0x88B2DD98] \Driver\atapi[0x8888B1F8] -> IRP_MJ_CREATE -> 0x8889549F kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV SI, 0x7be; MOV CL, 0x4; CMP [sI], CH; JL 0x2d; JNZ 0x3b; } detected disk devices: detected hooks: \Driver\atapi DriverStartIo -> 0x888952C6 user != kernel MBR !!! Warning: possible TDL4 rootkit infection ! TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix. . ============= FINISH: 21:06:10.56 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 04/05/2005 9:12:51 PM System Uptime: 03/05/2012 8:51:43 PM (1 hours ago) . Motherboard: TOSHIBA | | EDW10 Processor: Mobile Intel® Pentium® 4 CPU 3.20GHz | NWD | 3200/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 75 GiB total, 1.513 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1511: 02/13/2012 12:42:45 PM - System Checkpoint RP1512: 02/13/2012 5:36:39 PM - Software Distribution Service 3.0 RP1513: 02/14/2012 7:36:25 AM - Software Distribution Service 3.0 RP1514: 02/15/2012 10:52:30 AM - System Checkpoint RP1515: 02/17/2012 1:52:30 AM - System Checkpoint . ==== Installed Programs ====================== . Abacast Client Acrobat.com Ad-Aware SE Personal Adobe AIR Adobe Community Help Adobe Flash Player 11 Plugin Adobe Flash Player ActiveX Adobe Photoshop Elements 9 Adobe Photoshop.com Inspiration Browser Adobe Premiere Elements 9 Adobe Reader 8.1.4 Adobe Shockwave Player Algebra 1 Teaching Textbook ALPS Touch Pad Driver Apple Mobile Device Support Apple Software Update ArcSoft Software Suite Ashampoo WinOptimizer 4.30 Atheros Client Utility Atheros Wireless LAN MiniPCI card Driver ATI - Software Uninstall Utility ATI Control Panel ATI Display Driver Audio/Video Conference 4.2+ AutoUpdate AVS Update Manager 1.0 AVS Video Converter 7 AVS Video Editor 4 AVS Video Recorder 2.4 AVS YouTube Uploader version 2.1 AVS4YOU Software Navigator 1.4 Barbie of Swan Lake Bonjour CA Pest Patrol Realtime Protection CD/DVD Drive Acoustic Silencer Chemistry 3.5 Composition 2.1 Constant Guard Protection Suite Critical Update for Windows Media Player 11 (KB959772) Debut Video Capture Software Direct Show Ogg Vorbis Filter (remove only) DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player DVD-MovieAlbumSE 3 for DVDCAM DVD-RAM Driver DVD Architect Pro 5.0 Easy Button Edu-Track Home School Elements 9 Organizer Elements STI Installer Facebook Plug-In Geometry 3.1 getPlus® GuardedID High Achiever Grammar High Achiever Spelling Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) InstaVerse InterActual Player InterVideo WinDVD for TOSHIBA iPod for Windows 2006-01-10 iTunes J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 3 J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 9 Japanese Fonts Support For Adobe Reader 8 Java 2 Runtime Environment, SE v1.4.2_05 Java Auto Updater Java 6 Update 2 Java 6 Update 21 Java 6 Update 3 Java 6 Update 5 Java 6 Update 7 Java SE Runtime Environment 6 Update 1 JumpStart Pre-K v1.2 Learn2 Player (Uninstall Only) Macromedia Flash Player 8 Malwarebytes Anti-Malware version 1.60.1.1000 Math 6 Teaching Textbook Math 7 Teaching Textbook Mathematics 2 2.0 Mathematics 3 2.0 McAfee Security Scan Plus Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office XP Professional with FrontPage Microsoft Picture It! Photo 2002 Microsoft Silverlight Microsoft Text-to-Speech Engine 4.0 (English) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_CRT_x86 Mozilla Firefox (3.5.8) MSN Music Assistant MSVCRT Redists MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser msxml4SP2 Music Coach Player Notebook Maximizer PHPNukeEN Toolbar Pinnacle Instant DVD Recorder Pinnacle USB device drivers 2 QuickTime QuickTime for Windows (32-bit) RealPlayer Realtek AC'97 Audio Realtek Fast Ethernet Adapter Driver Roxio Burn Engine Safari Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB2416400) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB911565) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) SmartSound Quicktracks for Premiere Elements 9.0 SMSC IrCC V5.1.3600.3 SP1 Snapshot Viewer 9.0 Sonic DLA Sonic RecordNow! Spelling Dictionaries Support For Adobe Reader 9 SpellQuizzer 1.0.1 Spybot - Search & Destroy Spybot - Search & Destroy 1.4 SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.2 Study Skills 2.0 TBS WMP Plug-in Timez Attack Free TOSHIBA Access TOSHIBA ConfigFree TOSHIBA Console TOSHIBA Fax Extension TOSHIBA Hotkey Utility TOSHIBA PC Diagnostic Tool TOSHIBA Power Management Utility Toshiba Registration TOSHIBA Software Modem TOSHIBA Software Upgrades TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 Toshiba Tbiosdrv Driver Touch and Launch TouchPad On/Off Utility Uninstall Dual Mode Camera Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 7 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) US History 1.0 Vegas Pro 9.0 VideoLive Mail WebFldrs XP Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 XFINITY Toolbar . ==== Event Viewer Messages From Past Week ======== . 03/05/2012 8:53:01 PM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0. 03/04/2012 9:36:08 PM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible. 03/01/2012 8:03:29 PM, error: PlugPlayManager [11] - The device Root\LEGACY_TMCOMM\0000 disappeared from the system without first being prepared for removal. 02/29/2012 9:39:51 PM, error: SRService [104] - The System Restore initialization process failed. 02/29/2012 9:37:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 02/29/2012 8:54:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 02/29/2012 5:26:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT oreans32 RasAcd Rdbss SrvcEKIOMngr SrvcEPECioctl SrvcEPIOMngr SrvcSSIOMngr SrvcTPIOMngr Tcpip 02/29/2012 5:26:02 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: Access is denied. 02/29/2012 5:26:02 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 02/29/2012 5:26:02 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 02/29/2012 5:26:02 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 02/29/2012 5:26:02 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning. 02/29/2012 5:26:02 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 02/29/2012 5:26:02 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 02/29/2012 4:51:02 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s). 02/29/2012 4:47:30 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 02/29/2012 4:46:54 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2572073). 02/29/2012 4:46:54 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2518864). 02/29/2012 4:45:38 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 02/28/2012 6:54:13 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service. 02/27/2012 9:52:41 AM, error: Service Control Manager [7022] - The CGPS Service service hung on starting. . ==== End Of File =========================== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 04/05/2005 9:12:51 PM System Uptime: 03/05/2012 8:51:43 PM (1 hours ago) . Motherboard: TOSHIBA | | EDW10 Processor: Mobile Intel® Pentium® 4 CPU 3.20GHz | NWD | 3200/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 75 GiB total, 1.513 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1511: 02/13/2012 12:42:45 PM - System Checkpoint RP1512: 02/13/2012 5:36:39 PM - Software Distribution Service 3.0 RP1513: 02/14/2012 7:36:25 AM - Software Distribution Service 3.0 RP1514: 02/15/2012 10:52:30 AM - System Checkpoint RP1515: 02/17/2012 1:52:30 AM - System Checkpoint . ==== Installed Programs ====================== . Abacast Client Acrobat.com Ad-Aware SE Personal Adobe AIR Adobe Community Help Adobe Flash Player 11 Plugin Adobe Flash Player ActiveX Adobe Photoshop Elements 9 Adobe Photoshop.com Inspiration Browser Adobe Premiere Elements 9 Adobe Reader 8.1.4 Adobe Shockwave Player Algebra 1 Teaching Textbook ALPS Touch Pad Driver Apple Mobile Device Support Apple Software Update ArcSoft Software Suite Ashampoo WinOptimizer 4.30 Atheros Client Utility Atheros Wireless LAN MiniPCI card Driver ATI - Software Uninstall Utility ATI Control Panel ATI Display Driver Audio/Video Conference 4.2+ AutoUpdate AVS Update Manager 1.0 AVS Video Converter 7 AVS Video Editor 4 AVS Video Recorder 2.4 AVS YouTube Uploader version 2.1 AVS4YOU Software Navigator 1.4 Barbie of Swan Lake Bonjour CA Pest Patrol Realtime Protection CD/DVD Drive Acoustic Silencer Chemistry 3.5 Composition 2.1 Constant Guard Protection Suite Critical Update for Windows Media Player 11 (KB959772) Debut Video Capture Software Direct Show Ogg Vorbis Filter (remove only) DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player DVD-MovieAlbumSE 3 for DVDCAM DVD-RAM Driver DVD Architect Pro 5.0 Easy Button Edu-Track Home School Elements 9 Organizer Elements STI Installer Facebook Plug-In Geometry 3.1 getPlus® GuardedID High Achiever Grammar High Achiever Spelling Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) InstaVerse InterActual Player InterVideo WinDVD for TOSHIBA iPod for Windows 2006-01-10 iTunes J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 3 J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 9 Japanese Fonts Support For Adobe Reader 8 Java 2 Runtime Environment, SE v1.4.2_05 Java Auto Updater Java 6 Update 2 Java 6 Update 21 Java 6 Update 3 Java 6 Update 5 Java 6 Update 7 Java SE Runtime Environment 6 Update 1 JumpStart Pre-K v1.2 Learn2 Player (Uninstall Only) Macromedia Flash Player 8 Malwarebytes Anti-Malware version 1.60.1.1000 Math 6 Teaching Textbook Math 7 Teaching Textbook Mathematics 2 2.0 Mathematics 3 2.0 McAfee Security Scan Plus Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office XP Professional with FrontPage Microsoft Picture It! Photo 2002 Microsoft Silverlight Microsoft Text-to-Speech Engine 4.0 (English) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_CRT_x86 Mozilla Firefox (3.5.8) MSN Music Assistant MSVCRT Redists MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser msxml4SP2 Music Coach Player Notebook Maximizer PHPNukeEN Toolbar Pinnacle Instant DVD Recorder Pinnacle USB device drivers 2 QuickTime QuickTime for Windows (32-bit) RealPlayer Realtek AC'97 Audio Realtek Fast Ethernet Adapter Driver Roxio Burn Engine Safari Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB2416400) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB911565) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) SmartSound Quicktracks for Premiere Elements 9.0 SMSC IrCC V5.1.3600.3 SP1 Snapshot Viewer 9.0 Sonic DLA Sonic RecordNow! Spelling Dictionaries Support For Adobe Reader 9 SpellQuizzer 1.0.1 Spybot - Search & Destroy Spybot - Search & Destroy 1.4 SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.2 Study Skills 2.0 TBS WMP Plug-in Timez Attack Free TOSHIBA Access TOSHIBA ConfigFree TOSHIBA Console TOSHIBA Fax Extension TOSHIBA Hotkey Utility TOSHIBA PC Diagnostic Tool TOSHIBA Power Management Utility Toshiba Registration TOSHIBA Software Modem TOSHIBA Software Upgrades TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 Toshiba Tbiosdrv Driver Touch and Launch TouchPad On/Off Utility Uninstall Dual Mode Camera Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 7 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) US History 1.0 Vegas Pro 9.0 VideoLive Mail WebFldrs XP Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 XFINITY Toolbar . ==== Event Viewer Messages From Past Week ======== . 03/05/2012 8:53:01 PM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0. 03/04/2012 9:36:08 PM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible. 03/01/2012 8:03:29 PM, error: PlugPlayManager [11] - The device Root\LEGACY_TMCOMM\0000 disappeared from the system without first being prepared for removal. 02/29/2012 9:39:51 PM, error: SRService [104] - The System Restore initialization process failed. 02/29/2012 9:37:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 02/29/2012 8:54:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 02/29/2012 5:26:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT oreans32 RasAcd Rdbss SrvcEKIOMngr SrvcEPECioctl SrvcEPIOMngr SrvcSSIOMngr SrvcTPIOMngr Tcpip 02/29/2012 5:26:02 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: Access is denied. 02/29/2012 5:26:02 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 02/29/2012 5:26:02 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 02/29/2012 5:26:02 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 02/29/2012 5:26:02 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning. 02/29/2012 5:26:02 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 02/29/2012 5:26:02 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 02/29/2012 4:51:02 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s). 02/29/2012 4:47:30 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 02/29/2012 4:46:54 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2572073). 02/29/2012 4:46:54 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2518864). 02/29/2012 4:45:38 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 02/28/2012 6:54:13 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service. 02/27/2012 9:52:41 AM, error: Service Control Manager [7022] - The CGPS Service service hung on starting. . ==== End Of File ===========================
- March 6, 2012
- 2 replies

Events

Profiles

Forums

Everything posted by fujymo

Important Information