needhelp1

Hi All, Since installing the September Windows updates, my IE 11 has been crashing when opening. Have any of you experienced this as well? Any suggestions to resolve it? Thanks!

The computer seems to be running fine. Thanks for checking the logs!

Log Name: Application Source: Microsoft-Windows-Wininit Date: 12/31/2015 2:17:58 AM Event ID: 1001 Task Category: None Level: Information Keywords: Classic User: N/A Computer: SD70 Description: Checking file system on D: The type of the file system is NTFS. Volume label is DATA. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 1898496 file records processed. File verification completed. 26 large file records processed. 0 bad file records processed. 0 EA records processed. 0 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 1900368 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 1898496 file SDs/SIDs processed. Cleaning up 126 unused index entries from index $SII of file 0x9. Cleaning up 126 unused index entries from index $SDH of file 0x9. Cleaning up 126 unused security descriptors. Security descriptor verification completed. 937 data files processed. CHKDSK is verifying Usn Journal... 37649192 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... 1898480 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 56656382 free clusters processed. Free space verification is complete. Windows has checked the file system and found no problems. 1157235711 KB total disk space. 927811056 KB in 1897332 files. 762184 KB in 938 indexes. 0 KB in bad sectors. 2036939 KB in use by the system. 65536 KB occupied by the log file. 226625532 KB available on disk. 4096 bytes in each allocation unit. 289308927 total allocation units on disk. 56656383 allocation units available on disk. Internal Info: 00 f8 1c 00 2a f7 1c 00 cb cc 39 00 00 00 00 00 ....*.....9..... 8c 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" /> <EventID Qualifiers="16384">1001</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2015-12-31T08:17:58.000000000Z" /> <EventRecordID>103939</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>SD70</Computer> <Security /> </System> <EventData> <Data> Checking file system on D: The type of the file system is NTFS. Volume label is DATA. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 1898496 file records processed. File verification completed. 26 large file records processed. 0 bad file records processed. 0 EA records processed. 0 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 1900368 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 1898496 file SDs/SIDs processed. Cleaning up 126 unused index entries from index $SII of file 0x9. Cleaning up 126 unused index entries from index $SDH of file 0x9. Cleaning up 126 unused security descriptors. Security descriptor verification completed. 937 data files processed. CHKDSK is verifying Usn Journal... 37649192 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... 1898480 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 56656382 free clusters processed. Free space verification is complete. Windows has checked the file system and found no problems. 1157235711 KB total disk space. 927811056 KB in 1897332 files. 762184 KB in 938 indexes. 0 KB in bad sectors. 2036939 KB in use by the system. 65536 KB occupied by the log file. 226625532 KB available on disk. 4096 bytes in each allocation unit. 289308927 total allocation units on disk. 56656383 allocation units available on disk. Internal Info: 00 f8 1c 00 2a f7 1c 00 cb cc 39 00 00 00 00 00 ....*.....9..... 8c 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ </Data> </EventData> </Event> Addition1231.txt FRST1231.txt

Hi Advanced - I typed in the command to check D drive and the below message displayed. How would you like to proceed? Chkdsk cannot run because the volume is in use by another process. Chkdsk may run if this volume is dismounted first. ALL OPENED HANDLES TO THIS VOLUME WOULD THEN BY INVALID. Would you like to force a dismount on this volume? (Y/N)

Hi AdvancedSetup - here's the log for drive C, I will work on D later today. Log Name: Application Source: Microsoft-Windows-Wininit Date: 12/29/2015 2:43:40 AM Event ID: 1001 Task Category: None Level: Information Keywords: Classic User: N/A Computer: SD70 Description: Checking file system on C: The type of the file system is NTFS. Volume label is WIN7. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 402176 file records processed. File verification completed. 1788 large file records processed. 0 bad file records processed. 0 EA records processed. 59 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 490264 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 402176 file SDs/SIDs processed. Cleaning up 3090 unused index entries from index $SII of file 0x9. Cleaning up 3090 unused index entries from index $SDH of file 0x9. Cleaning up 3090 unused security descriptors. Security descriptor verification completed. 44045 data files processed. CHKDSK is verifying Usn Journal... 34840472 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... 402160 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 155056028 free clusters processed. Free space verification is complete. CHKDSK discovered free space marked as allocated in the master file table (MFT) bitmap. CHKDSK discovered free space marked as allocated in the volume bitmap. Windows has made corrections to the file system. 781404159 KB total disk space. 160435748 KB in 346629 files. 215124 KB in 44046 indexes. 0 KB in bad sectors. 529171 KB in use by the system. 65536 KB occupied by the log file. 620224116 KB available on disk. 4096 bytes in each allocation unit. 195351039 total allocation units on disk. 155056029 allocation units available on disk. Internal Info: 00 23 06 00 1d f6 05 00 f1 d5 0a 00 00 00 00 00 .#.............. d2 05 00 00 3b 00 00 00 00 00 00 00 00 00 00 00 ....;........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" /> <EventID Qualifiers="16384">1001</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2015-12-29T08:43:40.000000000Z" /> <EventRecordID>103770</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>SD70</Computer> <Security /> </System> <EventData> <Data> Checking file system on C: The type of the file system is NTFS. Volume label is WIN7. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 402176 file records processed. File verification completed. 1788 large file records processed. 0 bad file records processed. 0 EA records processed. 59 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 490264 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 402176 file SDs/SIDs processed. Cleaning up 3090 unused index entries from index $SII of file 0x9. Cleaning up 3090 unused index entries from index $SDH of file 0x9. Cleaning up 3090 unused security descriptors. Security descriptor verification completed. 44045 data files processed. CHKDSK is verifying Usn Journal... 34840472 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... 402160 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 155056028 free clusters processed. Free space verification is complete. CHKDSK discovered free space marked as allocated in the master file table (MFT) bitmap. CHKDSK discovered free space marked as allocated in the volume bitmap. Windows has made corrections to the file system. 781404159 KB total disk space. 160435748 KB in 346629 files. 215124 KB in 44046 indexes. 0 KB in bad sectors. 529171 KB in use by the system. 65536 KB occupied by the log file. 620224116 KB available on disk. 4096 bytes in each allocation unit. 195351039 total allocation units on disk. 155056029 allocation units available on disk. Internal Info: 00 23 06 00 1d f6 05 00 f1 d5 0a 00 00 00 00 00 .#.............. d2 05 00 00 3b 00 00 00 00 00 00 00 00 00 00 00 ....;........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts. </Data> </EventData> </Event>

Hi Daledoc, FRST and Addition attached. I have a C and a D drive, should I run a Check Disk on both? FRST.txt Addition.txt

Hi, Following up on a malware check, I was advised by DaleDoc that I might have a failing hard drive according to the messages below and to post to this forum. I'm new to checking a hard drive for errors so DaleDoc advised that I run a check disk first, should I go ahead and do that? System errors: ============= Error: (12/26/2015 01:57:21 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume WIN7. Error: (12/26/2015 01:57:19 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume WIN7. Error: (12/26/2015 01:57:17 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume WIN7. Error: (12/26/2015 01:51:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Defender service terminated with the following error: %%126 Error: (12/26/2015 01:51:13 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 12:29:21 PM on ‎12/‎26/‎2015 was unexpected. <------our residence lost power unexpectedly Error: (12/26/2015 11:53:31 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk6\DR7. Error: (12/26/2015 11:53:30 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk6\DR7. Error: (12/26/2015 11:53:30 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk6\DR7. Error: (12/26/2015 11:53:29 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk6\DR7. Error: (12/26/2015 11:24:37 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20.

Thanks for checking. No other issues at this time. I appreciate it.

RogueKiller V11.0.4.0 [Dec 20 2015] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/software/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : PWS [Administrator] Started from : C:\Users\X\Desktop\RogueKiller.exe Mode : Scan -- Date : 12/26/2015 15:04:30 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 8 ¤¤¤ [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-809943335-2564626158-2276789416-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com/ -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-809943335-2564626158-2276789416-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com/ -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-809943335-2564626158-2276789416-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com/ -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-809943335-2564626158-2276789416-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com/ -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-809943335-2564626158-2276789416-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-809943335-2564626158-2276789416-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-809943335-2564626158-2276789416-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-809943335-2564626158-2276789416-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 1 ¤¤¤ [PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> Found ¤¤¤ Hosts File : 2 ¤¤¤ [C:\Windows\System32\drivers\etc\Hosts] 127.0.0.1 localhost [C:\Windows\System32\drivers\etc\Hosts] ::1 localhost ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD20EARX-22PASB0 ATA Device +++++ --- User --- [MBR] d2716205458f24aa9a1397ad20eaac4f [bSP] b7f1af624ca415852c3eb9ae77b37bea : HP MBR Code Partition table: 0 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 2048 | Size: 14524 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 29747200 | Size: 763090 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1592555520 | Size: 1130113 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive3: Generic- SM/xD Picture USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive5: HP Officejet Pro 68 USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. )

I did use RogueKiller right afterwards and I remember that it did produce a log. But it doesn't seem to have saved it as a .log format, but rather a .json format that I can't open. Would you like me to run it again?

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-12-2015 Ran by X (2015-12-26 13:56:12) Running from C:\Users\X\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2011-12-18 18:24:35) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-809943335-2564626158-2276789416-500 - Administrator - Disabled) Guest (S-1-5-21-809943335-2564626158-2276789416-501 - Limited - Disabled) X (S-1-5-21-809943335-2564626158-2276789416-1001 - Limited - Enabled) => C:\Users\X X (S-1-5-21-809943335-2564626158-2276789416-1000 - Administrator - Enabled) => C:\Users\X ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 1.2.0 - Hewlett-Packard) Hidden Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated) Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated) AI Manager (HKLM-x32\...\{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}) (Version: 1.09.06 - ASUSTeK Computer Inc.) AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.01.12 - ASUSTeK) Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) ASUS Backup Wizard (HKLM-x32\...\{124C9BD0-8C52-40AB-8238-0605703B1C28}) (Version: 1.00.10 - ASUSTeK Computer Inc.) AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.628 - ASUSTEK) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Canadian Pacfic Mactier Subdivision Route (Version 1.5) (HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\Canadian Pacfic Mactier Subdivision Route (Version 1.5)) (Version: - ) Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.1.10049.0 - Cisco Consumer Products LLC) Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.1.0.30 - Citrix Systems, Inc.) Citrix XenApp Web Plugin (HKLM-x32\...\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}) (Version: 11.0.0.5357 - Citrix Systems, Inc.) Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation) Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink) EMET (HKLM-x32\...\{DE7A5DDF-47B3-42FF-A082-E158DEA37392}) (Version: 3.0.0 - Microsoft) ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Free M4a to MP3 Converter 7.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com) Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.) Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden HP Officejet Pro 6830 Basic Device Software (HKLM\...\{98040AB6-D667-409C-81E7-DB65836B3EE0}) (Version: 33.1.73.49987 - Hewlett-Packard Co.) HP Officejet Pro 6830 Help (HKLM-x32\...\{28693307-6F99-4B5D-9FA3-4D9132DDA716}) (Version: 34.0.0 - Hewlett Packard) HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}) (Version: 22.50.231.0 - Hewlett-Packard Co.) HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard) HP Officejet Pro 8500 A910 Product Improvement Study (HKLM\...\{0308919C-E317-4293-8D3C-97EF307BCDBC}) (Version: 22.50.231.0 - Hewlett-Packard Co.) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LightScribe System Software 1.10.13.1 (x32 Version: 1.10.13.1 - hxxp://www.lightscribe.com) Hidden Malwarebytes Anti-Exploit version 1.8.1.1045 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1045 - Malwarebytes) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Marketsplash Shortcuts (HKLM-x32\...\{16FCDD97-AE09-476B-88CD-261D852BD34C}) (Version: 1.0.1.7 - Hewlett-Packard) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Flight Simulator 2004 A Century of Flight (HKLM-x32\...\Flight Simulator 9.0) (Version: 9.0 - Microsoft) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Train Simulator (HKLM-x32\...\Train Simulator 1.0) (Version: - ) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) MLT Greater Toronto Area (HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\MLT Greater Toronto Area) (Version: - ) MSTS Patch 1.8.0521 EN (HKLM-x32\...\{587A2120-41D3-11DB-3D6C-00E19E4D4AE1}) (Version: 1.8.052113 - George) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) Nero 7 Essentials (HKLM-x32\...\{8E72B982-D54F-486F-B35A-C24B6F171033}) (Version: 7.03.0581 - Nero AG) Norton Security Suite (HKLM-x32\...\N360) (Version: 20.6.0.27 - Symantec Corporation) NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation) QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.) RailDriver for MSTS (HKLM-x32\...\{32C47C66-6393-413B-92D6-295E8A1D65DC}) (Version: - ) RealDownloader (x32 Version: 17.0.10 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.10 - RealNetworks) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek) Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6235 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Roxio Easy Video Copy and Convert 5 (HKLM-x32\...\{DC7FB4DA-8260-472E-8A31-88712EE14BBE}) (Version: 5.0 - Roxio) Run8 Amtrak01 (HKLM-x32\...\Run8 Amtrak01051813) (Version: 051813 - Run8 Studios, Ltd.) Run8 Autoracks01 AddOn (HKLM-x32\...\Run8 Autoracks01 AddOn030613) (Version: 030613 - Run8 Studios, Ltd.) Run8 Default Amtrak01 (HKLM-x32\...\Run8 Default Amtrak01051813) (Version: 051813 - Run8 Studios, Ltd.) Safari (HKLM-x32\...\{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}) (Version: 5.34.52.7 - Apple Inc.) Sandboxie 5.06 (64-bit) (HKLM\...\Sandboxie) (Version: 5.06 - Sandboxie Holdings, LLC) Seagate Dashboard 2.0 (HKLM-x32\...\{43C423D9-E6D6-4607-ADC9-EBB54F690C57}) (Version: 2.0.29.0 - Seagate) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TC (HKLM-x32\...\{9D244037-7E69-4D6E-9729-0797D9294831}) (Version: 1.00.000 - ) Track Builder 3 (HKLM-x32\...\{0D4999B8-3990-4026-A744-D842CE8C886A}) (Version: 3.1 - Signal Computer Consultants) Train Dispatcher 3 (HKLM-x32\...\{1306CFD5-28AE-486C-A298-90B50DA5DC5E}) (Version: 3.1 - Signal Computer Consultants) Train Simulator 2015 (HKLM-x32\...\Steam App 24010) (Version: - Dovetail Games) Transfer Utility (HKLM-x32\...\{0ECE15AC-CB68-40EC-B70D-1B220717844C}) (Version: 1.00.012 - PIXELA) UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 31.0.2014.0 - BillP Studios) WOT for Internet Explorer (HKLM\...\{C0DA129B-1E45-494D-A362-5CD0109C306B}) (Version: 11.11.7.0 - WOT Services Oy) WOT for Internet Explorer (HKLM-x32\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version: 12.8.2.0 - WOT Services Oy) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {03FC218F-F244-4545-B117-D43BC067958B} - System32\Tasks\ReclaimerUpdateXML_PWS => C:\Users\PWS\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe [2015-02-03] (RealNetworks, Inc.) Task: {07B5E37D-0B6B-4291-BCD8-E067A249E0EE} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-809943335-2564626158-2276789416-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-05-23] (RealNetworks, Inc.) Task: {1820F88E-99AF-4100-8DB6-AA00EB31D85A} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-809943335-2564626158-2276789416-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-05-13] (RealNetworks, Inc.) Task: {1887E18E-3FB5-4966-9D45-39DAED019A25} - System32\Tasks\PWS1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-05-04] (Seagate Technology LLC) Task: {1C1AD8BB-BF73-4125-849F-55692B6A6DE0} - System32\Tasks\hpwebreg_xxxxxxxxxx => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe [2010-11-16] (Hewlett-Packard Co.) Task: {1E54F33F-1F80-450C-9DD0-1DD9ED82A53A} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-809943335-2564626158-2276789416-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-05-23] (RealNetworks, Inc.) Task: {231AAAC3-168C-47C1-81E1-F16FD6AE206B} - System32\Tasks\ASUS\AsBackupWizard_Run => C:\Program Files (x86)\ASUS\\AsBackupWizard\\AsRunBkWizardHelper.exe [2010-04-23] (ASUSTeK Computer Inc.) Task: {3D08450B-CCE5-4DBD-963F-9F4112B93EEB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {42329046-086D-49C1-BDD6-2CD354BCE6AF} - System32\Tasks\PLF1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-05-04] (Seagate Technology LLC) Task: {4324954A-1F61-45ED-B3F8-BF8A02671DA4} - System32\Tasks\PWS DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2012-05-04] (Seagate Technology LLC) Task: {4B02A1CC-5EB8-4315-904A-E2BEB042DE99} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\WSCStub.exe [2015-07-27] (Symantec Corporation) Task: {55D7FC5C-AC94-4A21-A844-C969947923D5} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation) Task: {58D54F20-1CD7-455C-B9F5-2886FBF9D0DE} - System32\Tasks\PLF3 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-05-04] (Seagate Technology LLC) Task: {61D0EC1D-A8BD-4C70-A137-D8AE4B272458} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-21] (Google Inc.) Task: {69AE8860-491D-4FC9-A8DC-76FC283030CC} - System32\Tasks\hpwebreg_CN18IDM234 => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe [2010-11-16] (Hewlett-Packard Co.) Task: {6A72AD64-D40B-47E3-940B-34F59D9DB8B9} - System32\Tasks\PLF DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2012-05-04] (Seagate Technology LLC) Task: {6D93339B-8E47-46BB-B779-62A5A46E4C79} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {6DCE1B62-C59F-410A-9FD1-E4242DBD7C7B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-809943335-2564626158-2276789416-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-05-13] (RealNetworks, Inc.) Task: {756F9A53-6CC4-49E1-8F30-0F56F2D1A9BA} - System32\Tasks\PWS Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-05-04] (Seagate Technology LLC) Task: {79C40808-E0C0-4378-B45A-374B4FE8DA28} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-809943335-2564626158-2276789416-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-05-23] (RealNetworks, Inc.) Task: {7D8BD40A-D7D1-4656-B6E7-C70B43477A2A} - System32\Tasks\PWS3 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-05-04] (Seagate Technology LLC) Task: {7E2888DD-0BF8-4AA1-AB3F-1D950ED1EC30} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation) Task: {828FDCEE-64F9-424F-8282-B2AD0AAC79F5} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.) Task: {8A9D0612-3D7B-47FA-9CDF-F06E76899CCE} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-809943335-2564626158-2276789416-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-05-23] (RealNetworks, Inc.) Task: {946A93B8-24F7-46B2-9D6E-26E9ABFC6CD0} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-809943335-2564626158-2276789416-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-05-13] (RealNetworks, Inc.) Task: {970D8C20-34F1-45BD-83EB-7D8FA282B9C0} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-809943335-2564626158-2276789416-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-05-13] (RealNetworks, Inc.) Task: {99037230-0697-473B-A026-4CCFC694084F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-21] (Google Inc.) Task: {A407DF8B-5563-4844-BAC4-5169997839DE} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2015-07-27] (Symantec Corporation) Task: {A5806F40-5784-4D9B-BD44-E97324DD3400} - System32\Tasks\{8AB9B27D-32B0-4B41-84C6-4758B0E325BE} => pcalua.exe -a "K:\New Folder\SETUPEX.EXE" -d "K:\New Folder" Task: {ACC3A3EB-A07E-4E12-8259-0DFD0EEA2E63} - System32\Tasks\hpUtility.exe_{EADA3CBF-9B49-46E9-AB5A-0D481E360275} => C:\Program Files\HP\HP Officejet 4630 series\Bin\utils\hpUtility.exe Task: {B9570047-7A3F-44F7-A37E-97D6221FB8B6} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-809943335-2564626158-2276789416-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-05-23] (RealNetworks, Inc.) Task: {BB1898EB-B3A0-4BC7-8DFF-69383EA7A34E} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2012-05-04] (Seagate Technology LLC) Task: {BFB52EC2-86CB-4DA9-B87B-8F6A457D1219} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-809943335-2564626158-2276789416-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-05-13] (RealNetworks, Inc.) Task: {C1311A5A-FC53-4DB0-9E64-BDFFE4D7EF44} - System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910 => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.) Task: {C4104C0F-C501-4D21-BB76-1813CDBE40CF} - System32\Tasks\PLF2 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-05-04] (Seagate Technology LLC) Task: {CB98D9A0-799F-4149-9C15-CCDA8E7BCB10} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-809943335-2564626158-2276789416-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-05-23] (RealNetworks, Inc.) Task: {D47F181C-1C51-4E7B-AD48-0D248ABFC79C} - System32\Tasks\hpUtility.exe_{3CE71C11-F78D-4C70-9366-489050E797C0} => C:\Program Files\HP\HP Officejet Pro 6830\Bin\utils\hpUtility.exe [2014-07-18] (Hewlett-Packard Development Company, LP) Task: {DB0BB800-6FBE-4C1C-A158-57DF1F4E214F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-809943335-2564626158-2276789416-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-05-23] (RealNetworks, Inc.) Task: {DD4AD375-9AFA-4B20-9D8B-496CD8D9076B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.) Task: {E35260E9-7E2F-4939-B384-184531C7A1DA} - System32\Tasks\PWS => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-05-04] (Seagate Technology LLC) Task: {E3CF4776-0E2E-4F1D-91DF-76B3A2656592} - System32\Tasks\PWS2 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-05-04] (Seagate Technology LLC) Task: {E6C75919-20B3-4A93-AFDB-4F0E9CC087B1} - System32\Tasks\{F2F1AAB0-9618-47A7-9DC2-43BD9E03A5D4} => pcalua.exe -a C:\Users\PWS\Desktop\MLTGTAV1setup.exe -d C:\Users\PWS\Desktop Task: {EA421F14-5D56-418D-8A88-66BFEB796AF2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-11] (Adobe Systems Incorporated) Task: {ECDC7495-9C97-4AA5-A181-33832C4AF1B7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-809943335-2564626158-2276789416-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-05-13] (RealNetworks, Inc.) Task: {ECFE364E-BEF9-4F2F-AC04-F03DC6AB970B} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-809943335-2564626158-2276789416-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-05-23] (RealNetworks, Inc.) Task: {EFD105FE-D650-4640-847D-4D3B898BFE20} - System32\Tasks\PLF => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-05-04] (Seagate Technology LLC) Task: {F4CCFE1C-78D8-4670-85E1-6009DF8486DB} - System32\Tasks\PLF Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-05-04] (Seagate Technology LLC) Task: {F88B5FE5-5FBF-4F0B-989F-A64261E4AA0C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {FA0D0190-DDCD-4F85-B9AF-E28638291A11} - System32\Tasks\PLF4 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-05-04] (Seagate Technology LLC) Task: {FAA75705-C8F9-4416-A8B9-29501D8FFA36} - System32\Tasks\ReclaimerUpdateFiles_PWS => C:\Users\PWS\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe [2015-02-03] (RealNetworks, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\hpwebreg_CN18IDM234.job => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HpWebReg.exe Task: C:\Windows\Tasks\hpwebreg_xxxxxxxxxx.job => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HpWebReg.exe Task: C:\Windows\Tasks\ReclaimerUpdateFiles_PWS.job => C:\Users\PWS\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe Task: C:\Windows\Tasks\ReclaimerUpdateXML_PWS.job => C:\Users\PWS\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2011-05-31 14:54 - 2010-11-03 03:30 - 00918144 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe 2011-05-31 14:54 - 2010-11-19 02:56 - 00915072 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe 2011-05-31 14:54 - 2010-10-21 03:52 - 00586880 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe 2014-05-13 12:10 - 2014-05-13 12:10 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2014-05-23 00:34 - 2014-05-23 00:34 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2012-03-19 21:09 - 2012-03-19 21:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-05-31 14:54 - 2015-12-26 13:51 - 00020992 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\PEbiosinterface32.dll 2011-05-31 14:54 - 2010-06-28 20:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\ATKEX.dll 2014-06-07 12:20 - 2014-06-07 12:20 - 00861784 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2014-12-17 22:12 - 2012-05-30 08:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON SECURITY SUITE\ENGINE\20.6.0.27\wincfi39.dll 2007-07-12 13:55 - 2007-07-12 13:55 - 01581056 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll 2007-08-14 15:43 - 2007-08-14 15:43 - 06365184 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll 2007-07-12 13:55 - 2007-07-12 13:55 - 00131072 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll 2015-11-22 19:16 - 2010-07-01 20:29 - 00364544 ____N () C:\Program Files (x86)\PIXELA\Transfer Utility\pxl_m17n_tool.dll 2014-06-07 12:20 - 2014-06-07 12:20 - 00573528 _____ () c:\program files (x86)\real\realplayer\RPDS\Lib\r1api.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 AlternateDataStreams: C:\Users\PWS\Desktop\launch.ica.e0ocsjp.partial:icasource AlternateDataStreams: C:\Users\PWS\Downloads\launch.ica.je0lxcn.partial:icasource ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\allstate.com -> hxxps://remotedesktop.allstate.com IE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\1001movie.com -> 1001movie.com There are 6091 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2012-04-21 19:42 - 00000098 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-809943335-2564626158-2276789416-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\PWS\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{2D8EBDF0-1F43-407D-87B9-1A090AD2D3A0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{EF5D5A04-3D3B-4754-9E55-D084460CB7ED}] => (Allow) LPort=2869 FirewallRules: [{1AC75879-8FB6-4F21-A462-F5EBC72A0399}] => (Allow) LPort=1900 FirewallRules: [{5972C2C7-BC35-4EB0-AD3B-89D9A7A7CC68}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{2068568A-06F7-4238-B3AF-D11901084B8C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{88F3B2C5-4F8A-4771-9EB9-DF6B382B7CF5}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe FirewallRules: [{831E691C-C3F2-4B80-9B89-5511FE9D588A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe FirewallRules: [{A01D245C-95C4-4D76-AA84-93783C3D11FE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe FirewallRules: [{3D9FA8CA-F8BD-4A68-AEC1-62F95EDE9F28}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe FirewallRules: [{268706B9-0CC7-42C1-B934-A15245A4A16F}] => (Allow) C:\Users\PWS\AppData\Local\Temp\7zS532E.tmp\SymNRT.exe FirewallRules: [{11E1891C-7A1C-4698-AC79-73547872B1AF}] => (Allow) C:\Users\PWS\AppData\Local\Temp\7zS532E.tmp\SymNRT.exe FirewallRules: [{5457A169-80A3-4D1E-96BB-506C7169A3F5}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe FirewallRules: [{833309BF-CA5F-4697-8E09-483B75F2E9AE}] => (Allow) LPort=5357 FirewallRules: [{F2C2C91A-C4A1-4398-B4A1-FECEF516E347}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\FaxApplications.exe FirewallRules: [{9F6B3D1F-33A0-4334-9EDA-5309FAA25741}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\DigitalWizards.exe FirewallRules: [{5B749F95-A6B4-4B0E-BB6D-6A564B27C8C6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\SendAFax.exe FirewallRules: [{3EADBF1B-719D-418B-A262-18B8EB55B8E6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\DeviceSetup.exe FirewallRules: [{501B3DE3-427B-46D4-BA43-A3684B4E86F4}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{65D0ECF8-F157-4D9F-831F-7E673B409295}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{0C326791-4FE7-403C-9AD9-D62F7B34BFBA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{0656FAE8-6D97-457B-A7FF-A4D91F6280A2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{37B1A259-3AF0-4548-9F19-0F356D17AF0A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{9B00130B-C497-4B3C-9826-346EC3D9FCBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorks.exe FirewallRules: [{F81289C8-99E5-4CC2-B915-19C07D27FE1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorks.exe FirewallRules: [{F154E8D4-107B-416D-BD3D-3161BDED15A5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{8698725B-7607-4C51-AE76-AAF679AA5256}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{4A53A8C9-59E4-4E34-B7A9-7B091E4FBA9E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{17FADAEB-34F2-4BEE-A471-7421D1134885}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{660A2B82-BE38-4E34-BD46-0BE261E0DBA9}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{26BE8CC7-1BEB-40C7-A7CB-6B471AF12902}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{7C0EB3D9-30D9-403D-9BC0-0E36CADD99F5}C:\program files (x86)\run 8 studios\run 8 train simulator\run-8 train simulator.exe] => (Block) C:\program files (x86)\run 8 studios\run 8 train simulator\run-8 train simulator.exe FirewallRules: [uDP Query User{3E886BDD-D2A0-459F-AA21-6DF9C1FF4404}C:\program files (x86)\run 8 studios\run 8 train simulator\run-8 train simulator.exe] => (Block) C:\program files (x86)\run 8 studios\run 8 train simulator\run-8 train simulator.exe ==================== Restore Points ========================= 17-12-2015 13:12:53 Windows Update 24-12-2015 16:54:27 Norton Security Suite Registry ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/25/2015 09:10:28 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {832521cc-0db8-4ab4-a093-4e0c1a29c3e8} Error: (12/25/2015 08:48:25 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {832521cc-0db8-4ab4-a093-4e0c1a29c3e8} Error: (12/24/2015 04:35:08 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {31a2886a-f41d-46f1-9c66-8443fe88cd26} Error: (12/24/2015 02:41:56 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {31a2886a-f41d-46f1-9c66-8443fe88cd26} Error: (12/23/2015 04:06:13 PM) (Source: Seagate Dashboard Services) (EventID: 0) (User: ) Description: Service cannot be started. The service process could not connect to the service controller Error: (12/21/2015 07:49:09 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Seagate.Dashboard.Uploader.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: Microsoft.VisualBasic.ApplicationServices.CantStartSingleInstanceException Stack: at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Run(System.String[]) at Seagate.Dashboard.Uploader.Program.Main() Error: (12/16/2015 11:54:32 PM) (Source: MsiInstaller) (EventID: 1024) (User: SD70) Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F094E6F00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Error: (12/15/2015 11:13:30 PM) (Source: MsiInstaller) (EventID: 1024) (User: SD70) Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F094E6F00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Error: (12/15/2015 11:05:04 PM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY) Description: The service process could not connect to the service controller. Error: (12/15/2015 11:02:12 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Seagate.Dashboard.Uploader.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: Microsoft.VisualBasic.ApplicationServices.CantStartSingleInstanceException Stack: at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Run(System.String[]) at Seagate.Dashboard.Uploader.Program.Main() System errors: ============= Error: (12/26/2015 01:57:21 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume WIN7. Error: (12/26/2015 01:57:19 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume WIN7. Error: (12/26/2015 01:57:17 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume WIN7. Error: (12/26/2015 01:51:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Defender service terminated with the following error: %%126 Error: (12/26/2015 01:51:13 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 12:29:21 PM on ‎12/‎26/‎2015 was unexpected. Error: (12/26/2015 11:53:31 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk6\DR7. Error: (12/26/2015 11:53:30 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk6\DR7. Error: (12/26/2015 11:53:30 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk6\DR7. Error: (12/26/2015 11:53:29 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk6\DR7. Error: (12/26/2015 11:24:37 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. ==================== Memory info =========================== Processor: Intel® Core i5-2320 CPU @ 3.00GHz Percentage of memory in use: 19% Total physical RAM: 12199.23 MB Available physical RAM: 9816.9 MB Total Virtual: 24396.67 MB Available Virtual: 22009.6 MB ==================== Drives ================================ Drive c: (WIN7) (Fixed) (Total:745.21 GB) (Free:593.11 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:1103.63 GB) (Free:218.08 GB) NTFS Drive k: (LEXAR) (Removable) (Total:0.97 GB) (Free:0.48 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1863 GB) (Disk ID: CB5BD2B2) Partition 1: (Not Active) - (Size=14.2 GB) - (Type=1B) Partition 2: (Active) - (Size=745.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=1103.6 GB) - (Type=07 NTFS) ======================================================== Disk: 6 (MBR Code: Windows XP) (Size: 991.5 MB) (Disk ID: C3072E18) Partition 1: (Not Active) - (Size=991 MB) - (Type=04) ==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-12-2015 Ran by X (administrator) on X (26-12-2015 13:54:50) Running from C:\Users\X\Desktop Loaded Profiles: X (Available Profiles: X & X) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe () C:\Program Files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (ASUSTeK Computer Inc.) C:\Windows\SysWOW64\AsHookDevice.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\ccsvchst.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\ccsvchst.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (Citrix Systems, Inc.) C:\Users\PWS\AppData\Local\Citrix\ICA Client\concentr.exe (Microsoft Corporation) C:\Program Files (x86)\EMET\EMET_notifier.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Citrix Systems, Inc.) C:\Users\PWS\AppData\Local\Citrix\ICA Client\wfcrun32.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" HKLM-x32\...\Run: [RunAIShell] => C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.) HKLM-x32\...\Run: [ConnectionCenter] => C:\Users\PWS\AppData\Local\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.) HKLM-x32\...\Run: [EMET Notifier] => C:\Program Files (x86)\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation) HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-06-07] (RealNetworks, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1454184 2012-05-04] (Seagate Technology LLC) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2621240 2015-11-18] (Malwarebytes Corporation) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [455968 2007-08-23] (Hewlett-Packard Company) HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG) HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\Run: [uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [119440 2012-05-04] (Seagate Technology LLC) HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation) HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [1128000 2014-06-03] (BillP Studios) HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\Run: [sandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-10-22] (Sandboxie Holdings, LLC) HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation) HKU\S-1-5-21-809943335-2564626158-2276789416-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation) ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.6.0.27\buShell.dll [2013-05-28] (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.6.0.27\buShell.dll [2013-05-28] (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.6.0.27\buShell.dll [2013-05-28] (Symantec Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\asusvibelauncher.lnk [2012-12-25] ShortcutTarget: asusvibelauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-06-07] ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Transfer Utility Camera Monitor.lnk [2015-11-22] ShortcutTarget: Transfer Utility Camera Monitor.lnk -> C:\Program Files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION) Startup: C:\Users\PLF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 6830.lnk [2015-12-26] ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 6830.lnk -> C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP) GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{B572E52D-654C-4037-A505-6BF565430247}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-809943335-2564626158-2276789416-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-809943335-2564626158-2276789416-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-809943335-2564626158-2276789416-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com/ SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-809943335-2564626158-2276789416-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869 BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-05-13] (RealDownloader) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2011-11-03] () BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-05-13] (RealDownloader) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\coIEPlg.dll [2015-06-29] (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\IPS\IPSBHO.DLL [2012-08-10] (Symantec Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] () Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2011-11-03] () Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] () Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\coIEPlg.dll [2015-06-29] (Symantec Corporation) Toolbar: HKU\S-1-5-21-809943335-2564626158-2276789416-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2011-11-03] () Toolbar: HKU\S-1-5-21-809943335-2564626158-2276789416-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2011-11-03] () Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] () Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=17.0.10.8 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-06-07] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.10 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2014-05-13] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.10 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-05-13] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.10 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2014-05-13] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=17.0.10.8 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-06-07] (RealPlayer Cloud) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\PWS\AppData\Roaming\mozilla\plugins\cgpcfg.dll [2008-08-16] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\PWS\AppData\Roaming\mozilla\plugins\CgpCore.dll [2008-08-16] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\PWS\AppData\Roaming\mozilla\plugins\confmgr.dll [2008-08-16] () FF Plugin ProgramFiles/Appdata: C:\Users\PWS\AppData\Roaming\mozilla\plugins\ctxlogging.dll [2008-08-16] () FF Plugin ProgramFiles/Appdata: C:\Users\PWS\AppData\Roaming\mozilla\plugins\ctxmui.dll [2008-08-16] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\PWS\AppData\Roaming\mozilla\plugins\icafile.dll [2008-08-16] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\PWS\AppData\Roaming\mozilla\plugins\icalogon.dll [2008-08-16] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\PWS\AppData\Roaming\mozilla\plugins\msvcm80.dll [2008-05-21] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Users\PWS\AppData\Roaming\mozilla\plugins\msvcp80.dll [2008-05-21] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Users\PWS\AppData\Roaming\mozilla\plugins\msvcr80.dll [2008-05-21] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Users\PWS\AppData\Roaming\mozilla\plugins\npicaN.dll [2008-08-16] () FF Plugin ProgramFiles/Appdata: C:\Users\PWS\AppData\Roaming\mozilla\plugins\sslsdk_b.dll [2008-06-05] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\PWS\AppData\Roaming\mozilla\plugins\TcpPServ.dll [2008-08-16] (Citrix Systems, Inc.) FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext => not found FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn [2015-12-26] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn [2013-03-28] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{7ADCCCD0-FDEC-4A18-A329-550A87710223}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-07] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [{4963C948-9C4E-40B8-9291-CE0234B47210}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn Chrome: ======= CHR Profile: C:\Users\PWS\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\PWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-26] CHR Extension: (Google Docs) - C:\Users\PWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-26] CHR Extension: (Google Drive) - C:\Users\PWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-26] CHR Extension: (Norton Security Toolbar) - C:\Users\PWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2015-12-26] CHR Extension: (YouTube) - C:\Users\PWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-26] CHR Extension: (Google Search) - C:\Users\PWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-26] CHR Extension: (Google Sheets) - C:\Users\PWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-26] CHR Extension: (Google Docs Offline) - C:\Users\PWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-26] CHR Extension: (RealPlayer Downloader) - C:\Users\PWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-12-26] CHR Extension: (Norton Identity Safe) - C:\Users\PWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-12-26] CHR Extension: (Chrome Web Store Payments) - C:\Users\PWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-26] CHR Extension: (Gmail) - C:\Users\PWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-26] CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-17] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-17] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-05-13] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] () R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe [915072 2010-11-19] () R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe [586880 2010-10-21] () R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [739640 2015-11-18] (Malwarebytes Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed] R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed] R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-05-13] () R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-06-07] (RealNetworks, Inc.) R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-05-23] () [File not signed] S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1095824 2012-06-02] (Corel Corporation) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-10-22] (Sandboxie Holdings, LLC) R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [14496 2012-05-04] (Seagate Technology LLC) S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] () R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] () R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20151218.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1406000.01B\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-17] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-17] (Symantec Corporation) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-11-18] () R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20151225.001\IDSvia64.sys [767224 2015-12-04] (Symantec Corporation) R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-26] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20151225.001\ENG64.SYS [138488 2015-11-24] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20151225.001\EX64.SYS [2148080 2015-11-24] (Symantec Corporation) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-05-02] (Corel Corporation) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192648 2015-10-22] (Sandboxie Holdings, LLC) R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1406000.01B\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1406000.01B\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1406000.01B\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-16] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1406000.01B\Ironx64.SYS [224416 2012-07-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1406000.01B\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2015-12-24] () S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-26 13:54 - 2015-12-26 13:55 - 00032172 _____ C:\Users\PWS\Desktop\FRST.txt 2015-12-26 13:53 - 2015-12-26 11:57 - 02370560 _____ (Farbar) C:\Users\PWS\Desktop\FRST64.exe 2015-12-26 12:03 - 2015-12-26 12:03 - 00047457 _____ C:\Users\PLF\Desktop\FRST1.txt 2015-12-26 12:00 - 2015-12-26 11:57 - 02370560 _____ (Farbar) C:\Users\PLF\Desktop\FRST64.exe 2015-12-26 11:57 - 2015-12-26 11:57 - 02370560 _____ (Farbar) C:\Users\PWS\Downloads\frst64.exe 2015-12-26 11:52 - 2015-12-26 11:52 - 00000000 ____D C:\Users\PWS\AppData\Local\Steam 2015-12-26 11:52 - 2015-12-26 11:52 - 00000000 ____D C:\Users\PWS\AppData\Local\GWX 2015-12-26 11:52 - 2015-12-26 11:52 - 00000000 ____D C:\Users\PWS\AppData\Local\CEF 2015-12-24 14:30 - 2015-12-24 14:30 - 00003760 _____ C:\{2DB8C4FA-A9AF-439D-A901-139351B7273F} 2015-12-24 12:17 - 2015-12-24 12:17 - 00011930 _____ C:\Users\PWS\Desktop\rk_B26D.tmp.txt 2015-12-22 17:21 - 2015-12-26 12:22 - 00003328 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-809943335-2564626158-2276789416-1001 2015-12-21 20:39 - 2015-12-21 20:39 - 00000000 ____D C:\Users\PWS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Run8 Version 12.16.2015 Upgrade 2015-12-21 20:36 - 2015-12-21 20:37 - 231134445 _____ C:\Users\PLF\Desktop\run8_upgrade_121615.exe 2015-12-11 12:38 - 2015-11-20 12:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-12-11 12:38 - 2015-11-20 12:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-12-11 12:38 - 2015-11-20 12:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-12-11 12:38 - 2015-11-20 12:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-12-11 12:38 - 2015-11-20 12:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-12-11 12:38 - 2015-11-20 12:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-12-11 12:38 - 2015-11-20 12:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-12-11 12:38 - 2015-11-20 12:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-12-11 12:38 - 2015-11-20 12:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-12-11 12:38 - 2015-11-20 12:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-12-11 12:38 - 2015-11-20 12:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-12-11 12:38 - 2015-11-20 12:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-12-11 12:38 - 2015-11-20 12:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-12-11 12:38 - 2015-11-20 12:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-12-11 12:38 - 2015-11-20 12:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-12-11 12:38 - 2015-11-20 12:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-12-11 12:38 - 2015-11-11 15:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-12-11 12:38 - 2015-11-11 14:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-12-11 12:38 - 2015-11-11 12:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll 2015-12-11 12:38 - 2015-11-11 12:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll 2015-12-11 12:38 - 2015-11-11 12:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll 2015-12-11 12:38 - 2015-11-11 12:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll 2015-12-11 12:38 - 2015-11-11 10:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-12-11 12:38 - 2015-11-11 10:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-12-11 12:38 - 2015-11-11 09:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-12-11 12:38 - 2015-11-11 09:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-12-11 12:38 - 2015-11-11 09:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-12-11 12:38 - 2015-11-11 09:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-12-11 12:38 - 2015-11-11 08:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-12-11 12:38 - 2015-11-10 12:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-12-11 12:38 - 2015-11-10 12:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-12-11 12:38 - 2015-11-10 12:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2015-12-11 12:38 - 2015-11-10 12:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-12-11 12:38 - 2015-11-10 12:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2015-12-11 12:38 - 2015-11-10 11:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-12-11 12:38 - 2015-11-09 18:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-12-11 12:38 - 2015-11-09 18:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-12-11 12:38 - 2015-11-09 18:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-12-11 12:38 - 2015-11-09 18:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-12-11 12:38 - 2015-11-09 18:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-12-11 12:38 - 2015-11-09 18:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-12-11 12:38 - 2015-11-09 18:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-12-11 12:38 - 2015-11-09 18:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-12-11 12:38 - 2015-11-09 18:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-12-11 12:38 - 2015-11-09 18:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-12-11 12:38 - 2015-11-09 18:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-12-11 12:38 - 2015-11-09 18:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-12-11 12:38 - 2015-11-09 18:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-12-11 12:38 - 2015-11-09 17:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-12-11 12:38 - 2015-11-09 17:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-12-11 12:38 - 2015-11-09 17:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-12-11 12:38 - 2015-11-09 17:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2015-12-11 12:38 - 2015-11-09 17:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-12-11 12:38 - 2015-11-09 17:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-12-11 12:38 - 2015-11-09 17:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-12-11 12:38 - 2015-11-09 17:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-12-11 12:38 - 2015-11-09 17:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-12-11 12:38 - 2015-11-09 17:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-12-11 12:38 - 2015-11-09 17:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-12-11 12:38 - 2015-11-08 16:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-12-11 12:38 - 2015-11-08 16:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-12-11 12:38 - 2015-11-08 16:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-12-11 12:38 - 2015-11-08 16:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-12-11 12:38 - 2015-11-08 16:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-12-11 12:38 - 2015-11-08 16:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-12-11 12:38 - 2015-11-08 16:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-12-11 12:38 - 2015-11-08 16:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-12-11 12:38 - 2015-11-08 16:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-12-11 12:38 - 2015-11-08 16:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-12-11 12:38 - 2015-11-08 16:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-12-11 12:38 - 2015-11-08 16:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-12-11 12:38 - 2015-11-08 16:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-12-11 12:38 - 2015-11-08 16:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-12-11 12:38 - 2015-11-08 16:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-12-11 12:38 - 2015-11-08 16:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-12-11 12:38 - 2015-11-08 15:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-12-11 12:38 - 2015-11-08 15:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-12-11 12:38 - 2015-11-08 15:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-12-11 12:38 - 2015-11-08 15:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-12-11 12:38 - 2015-11-08 15:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-12-11 12:38 - 2015-11-08 15:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-12-11 12:38 - 2015-11-08 15:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-12-11 12:38 - 2015-11-08 15:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-12-11 12:38 - 2015-11-08 15:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-12-11 12:38 - 2015-11-08 15:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-12-11 12:38 - 2015-11-08 15:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-12-11 12:38 - 2015-11-08 15:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-12-11 12:38 - 2015-11-08 14:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-12-11 12:38 - 2015-11-08 14:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-12-11 12:38 - 2015-11-08 14:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-12-11 12:38 - 2015-11-05 13:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll 2015-12-11 12:38 - 2015-11-05 13:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll 2015-12-11 12:38 - 2015-11-05 13:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-12-11 12:38 - 2015-11-05 13:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2015-12-11 12:38 - 2015-11-05 03:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys 2015-12-11 12:38 - 2015-11-03 13:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2015-12-11 12:38 - 2015-11-03 13:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll 2015-12-11 12:38 - 2015-11-03 12:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2015-12-11 12:38 - 2015-11-03 12:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll 2015-11-26 16:30 - 2015-12-25 18:27 - 00003350 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-809943335-2564626158-2276789416-1001 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-26 13:54 - 2015-08-01 09:34 - 00000000 ____D C:\Windows\System32\Tasks\Remediation 2015-12-26 13:54 - 2012-04-21 02:03 - 00000000 ____D C:\FRST 2015-12-26 13:53 - 2015-08-02 18:26 - 00000000 ____D C:\Program Files (x86)\Steam 2015-12-26 13:52 - 2015-02-21 00:09 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-26 13:52 - 2015-02-03 18:37 - 00003350 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-809943335-2564626158-2276789416-1000 2015-12-26 13:52 - 2014-06-07 12:21 - 00003212 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-809943335-2564626158-2276789416-1000 2015-12-26 13:52 - 2014-04-24 21:48 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-12-26 13:51 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-26 12:27 - 2009-07-13 22:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-26 12:27 - 2009-07-13 22:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-12-26 12:22 - 2015-08-03 17:11 - 00003190 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-809943335-2564626158-2276789416-1001 2015-12-26 12:05 - 2012-03-30 08:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-12-26 12:01 - 2015-02-08 23:39 - 00047457 _____ C:\Users\PLF\Desktop\FRST.txt 2015-12-26 11:56 - 2015-02-21 00:09 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-26 11:55 - 2009-07-13 23:13 - 00797890 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-26 11:55 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf 2015-12-26 11:53 - 2013-02-25 21:20 - 00002028 _____ C:\Windows\Sandboxie.ini 2015-12-26 11:53 - 2009-07-13 21:20 - 00000000 ____D C:\Windows 2015-12-25 19:32 - 2011-12-29 13:47 - 00005840 _____ C:\Windows\Tasks\hpwebreg_xxxxxxxxxx.job 2015-12-25 18:27 - 2014-06-07 12:07 - 00003212 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-809943335-2564626158-2276789416-1001 2015-12-25 13:33 - 2011-12-18 13:43 - 00000000 ____D C:\ProgramData\Norton 2015-12-25 13:15 - 2015-02-22 19:20 - 00000000 ____D C:\Users\PLF\Desktop\FB pics 2015-12-24 16:52 - 2015-02-08 16:51 - 00000358 _____ C:\Windows\Tasks\ReclaimerUpdateXML_PWS.job 2015-12-24 14:53 - 2015-02-08 16:51 - 00000362 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_PWS.job 2015-12-24 12:17 - 2014-07-13 11:47 - 00000000 ____D C:\ProgramData\RogueKiller 2015-12-24 12:06 - 2014-07-13 11:47 - 00030848 _____ C:\Windows\system32\Drivers\TrueSight.sys 2015-12-24 12:04 - 2015-02-09 11:14 - 20834888 _____ C:\Users\PLF\Desktop\RogueKiller.exe 2015-12-19 19:15 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache 2015-12-17 13:13 - 2015-04-06 23:54 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-12-17 13:13 - 2015-04-06 23:54 - 00000000 ___SD C:\Windows\system32\GWX 2015-12-17 00:01 - 2015-11-07 12:15 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-12-16 23:57 - 2015-02-21 00:15 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-12-12 20:50 - 2009-07-13 22:45 - 00456512 _____ C:\Windows\system32\FNTCACHE.DAT 2015-12-11 15:31 - 2012-12-29 11:38 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-12-11 15:05 - 2013-07-16 16:09 - 00000000 ____D C:\Windows\system32\MRT 2015-12-11 13:31 - 2011-12-20 12:23 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-12-11 13:05 - 2012-03-30 08:15 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-12-11 13:05 - 2012-03-30 08:15 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-12-11 13:05 - 2011-12-26 00:11 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-12-05 00:51 - 2015-02-21 00:09 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-05 00:51 - 2015-02-21 00:09 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Files in the root of some directories ======= 2011-12-18 17:16 - 2015-03-18 22:47 - 0000000 _____ () C:\Users\PWS\AppData\Roaming\FileIn.cns 2011-12-18 17:16 - 2015-03-18 22:47 - 0000000 _____ () C:\Users\PWS\AppData\Roaming\FileOut.cns 2013-07-29 08:44 - 2015-08-25 12:30 - 0007599 _____ () C:\Users\PWS\AppData\Local\Resmon.ResmonCfg 2014-10-23 21:07 - 2014-10-23 21:07 - 0000057 _____ () C:\ProgramData\Ament.ini Some files in TEMP: ==================== C:\Users\PWS\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-12-21 20:08 ==================== End of FRST.txt ============================

Hi, I had a drive by download attempt the other day from what appeared to be the angler exploit kit. It looks like my AV stopped the page redirect before it could get to the exploit kit and my browser was sandboxed at the time (I also have the log from when the AV stopped the redirect if you need it). But could one of you take quick look and see if anything got through? Thanks! Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-12-2015Ran by X (ATTENTION: The user is not administrator) on X (26-12-2015 12:00:33)Running from C:\Users\X\DesktopLoaded Profiles: X (Available Profiles: X & X)Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: IE)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exeFailed to access process -> csrss.exeFailed to access process -> wininit.exeFailed to access process -> services.exeFailed to access process -> lsass.exeFailed to access process -> lsm.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> SbieSvc.exeFailed to access process -> svchost.exeFailed to access process -> spoolsv.exeFailed to access process -> svchost.exeFailed to access process -> armsvc.exeFailed to access process -> AppleMobileDeviceService.exeFailed to access process -> atkexComSvc.exeFailed to access process -> aaHMSvc.exeFailed to access process -> AsSysCtrlService.exeFailed to access process -> mDNSResponder.exeFailed to access process -> AsHookDevice.exeFailed to access process -> svchost.exeFailed to access process -> LSSrvc.exeFailed to access process -> mbae-svc.exeFailed to access process -> mbamscheduler.exeFailed to access process -> mbae64.exeFailed to access process -> conhost.exeFailed to access process -> mbamservice.exeFailed to access process -> ccsvchst.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> rndlresolversvc.exeFailed to access process -> rpdsvc.exeFailed to access process -> RealPlayerUpdateSvc.exeFailed to access process -> Seagate.Dashboard.DASWindowsService.exeFailed to access process -> svchost.exeFailed to access process -> WLIDSVC.EXEFailed to access process -> WLIDSVCM.EXEFailed to access process -> WmiPrvSE.exeFailed to access process -> SearchIndexer.exeFailed to access process -> svchost.exeFailed to access process -> WUDFHost.exeFailed to access process -> NMIndexingService.exeFailed to access process -> iPodService.exeFailed to access process -> LMS.exeFailed to access process -> UNS.exeFailed to access process -> TrustedInstaller.exeFailed to access process -> svchost.exeFailed to access process -> taskeng.exeFailed to access process -> SearchProtocolHost.exeFailed to access process -> csrss.exeFailed to access process -> winlogon.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe(Microsoft Corporation) C:\Program Files (x86)\EMET\EMET_notifier.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\ccsvchst.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exeFailed to access process -> sppsvc.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\nacl64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\nacl64.exe(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\coNatHst.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"HKLM-x32\...\Run: [RunAIShell] => C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)HKLM-x32\...\Run: [ConnectionCenter] => "C:\Users\PWS\AppData\Local\Citrix\ICA Client\concentr.exe" /startupHKLM-x32\...\Run: [EMET Notifier] => C:\Program Files (x86)\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-06-07] (RealNetworks, Inc.)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1454184 2012-05-04] (Seagate Technology LLC)HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2621240 2015-11-18] (Malwarebytes Corporation)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-809943335-2564626158-2276789416-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [455968 2007-08-23] (Hewlett-Packard Company)HKU\S-1-5-21-809943335-2564626158-2276789416-1001\...\Run: [uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [119440 2012-05-04] (Seagate Technology LLC)HKU\S-1-5-21-809943335-2564626158-2276789416-1001\...\Run: [sandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-10-22] (Sandboxie Holdings, LLC)HKU\S-1-5-21-809943335-2564626158-2276789416-1001\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)HKU\S-1-5-21-809943335-2564626158-2276789416-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [1128000 2014-06-03] (BillP Studios)HKU\S-1-5-21-809943335-2564626158-2276789416-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.6.0.27\buShell.dll [2013-05-28] (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.6.0.27\buShell.dll [2013-05-28] (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.6.0.27\buShell.dll [2013-05-28] (Symantec Corporation)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\asusvibelauncher.lnk [2012-12-25]ShortcutTarget: asusvibelauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-06-07]ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Transfer Utility Camera Monitor.lnk [2015-11-22]ShortcutTarget: Transfer Utility Camera Monitor.lnk -> C:\Program Files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)Startup: C:\Users\PLF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 6830.lnk [2015-12-26]ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 6830.lnk -> C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)GroupPolicy: Restriction - Chrome <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76Tcpip\..\Interfaces\{B572E52D-654C-4037-A505-6BF565430247}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer:==================HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-809943335-2564626158-2276789416-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com/SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBoxSearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-809943335-2564626158-2276789416-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-05-13] (RealDownloader)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2011-11-03] ()BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-05-13] (RealDownloader)BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\coIEPlg.dll [2015-06-29] (Symantec Corporation)BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\IPS\IPSBHO.DLL [2012-08-10] (Symantec Corporation)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] ()Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] ()Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\coIEPlg.dll [2015-06-29] (Symantec Corporation)Toolbar: HKU\S-1-5-21-809943335-2564626158-2276789416-1001 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()Toolbar: HKU\S-1-5-21-809943335-2564626158-2276789416-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileDPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabDPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cabHandler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] ()Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File FireFox:========FF Plugin: @microsoft.com/GENUINE -> disabled [No File]FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)FF Plugin-x32: @real.com/nppl3260;version=17.0.10.8 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-06-07] (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.10 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2014-05-13] (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.10 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-05-13] (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.10 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2014-05-13] (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpplugin;version=17.0.10.8 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-06-07] (RealPlayer Cloud)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext => not foundFF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgnFF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn [2015-12-26]FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgnFF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn [2013-03-28] [not signed]FF HKLM-x32\...\Firefox\Extensions: [{7ADCCCD0-FDEC-4A18-A329-550A87710223}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-07] [not signed]FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF HKLM-x32\...\Firefox\Extensions: [{4963C948-9C4E-40B8-9291-CE0234B47210}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn Chrome: =======CHR Profile: C:\Users\PLF\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\PLF\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-21]CHR Extension: (Google Docs) - C:\Users\PLF\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-21]CHR Extension: (Google Drive) - C:\Users\PLF\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]CHR Extension: (Norton Security Toolbar) - C:\Users\PLF\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2015-08-06]CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\PLF\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-12-26]CHR Extension: (YouTube) - C:\Users\PLF\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]CHR Extension: (Google Search) - C:\Users\PLF\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]CHR Extension: (Google Sheets) - C:\Users\PLF\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-21]CHR Extension: (Google Docs Offline) - C:\Users\PLF\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-26]CHR Extension: (RealPlayer Downloader) - C:\Users\PLF\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-02-21]CHR Extension: (Norton Identity Safe) - C:\Users\PLF\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-02-21]CHR Extension: (Chrome Web Store Payments) - C:\Users\PLF\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-06]CHR Extension: (Gmail) - C:\Users\PLF\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-19]CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-17]CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-17]CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-05-13]CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe [915072 2010-11-19] ()R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe [586880 2010-10-21] ()R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [739640 2015-11-18] (Malwarebytes Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-05-13] ()R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-06-07] () [File not signed]R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-05-23] () [File not signed]S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1095824 2012-06-02] (Corel Corporation)R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-10-22] (Sandboxie Holdings, LLC)R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [14496 2012-05-04] (Seagate Technology LLC)S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] ()R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20151218.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1406000.01B\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-17] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-17] (Symantec Corporation)R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-11-18] ()R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20151225.001\IDSvia64.sys [767224 2015-12-04] (Symantec Corporation)R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-26] (Malwarebytes)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20151225.001\ENG64.SYS [138488 2015-11-24] (Symantec Corporation)R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20151225.001\EX64.SYS [2148080 2015-11-24] (Symantec Corporation)R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-05-02] (Corel Corporation)R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192648 2015-10-22] (Sandboxie Holdings, LLC)R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1406000.01B\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1406000.01B\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)R0 SymDS; C:\Windows\System32\drivers\N360x64\1406000.01B\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\N360x64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-16] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\N360x64\1406000.01B\Ironx64.SYS [224416 2012-07-27] (Symantec Corporation)R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1406000.01B\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2015-12-24] ()S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-26 12:00 - 2015-12-26 11:57 - 02370560 _____ (Farbar) C:\Users\X\Desktop\FRST64.exe2015-12-24 14:30 - 2015-12-24 14:30 - 00003760 _____ C:\{2DB8C4FA-A9AF-439D-A901-139351B7273F}2015-12-21 20:36 - 2015-12-21 20:37 - 231134445 _____ C:\Users\X\Desktop\run8_upgrade_121615.exe2015-12-11 12:38 - 2015-11-20 12:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2015-12-11 12:38 - 2015-11-20 12:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2015-12-11 12:38 - 2015-11-20 12:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2015-12-11 12:38 - 2015-11-20 12:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2015-12-11 12:38 - 2015-11-20 12:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2015-12-11 12:38 - 2015-11-20 12:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2015-12-11 12:38 - 2015-11-20 12:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll2015-12-11 12:38 - 2015-11-20 12:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2015-12-11 12:38 - 2015-11-20 12:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2015-12-11 12:38 - 2015-11-20 12:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll2015-12-11 12:38 - 2015-11-20 12:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll2015-12-11 12:38 - 2015-11-20 12:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2015-12-11 12:38 - 2015-11-20 12:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2015-12-11 12:38 - 2015-11-20 12:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2015-12-11 12:38 - 2015-11-20 12:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2015-12-11 12:38 - 2015-11-20 12:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2015-12-11 12:38 - 2015-11-11 15:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2015-12-11 12:38 - 2015-11-11 14:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2015-12-11 12:38 - 2015-11-11 12:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll2015-12-11 12:38 - 2015-11-11 12:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll2015-12-11 12:38 - 2015-11-11 12:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll2015-12-11 12:38 - 2015-11-11 12:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll2015-12-11 12:38 - 2015-11-11 10:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-12-11 12:38 - 2015-11-11 10:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-12-11 12:38 - 2015-11-11 09:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2015-12-11 12:38 - 2015-11-11 09:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2015-12-11 12:38 - 2015-11-11 09:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-12-11 12:38 - 2015-11-11 09:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-12-11 12:38 - 2015-11-11 08:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2015-12-11 12:38 - 2015-11-10 12:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll2015-12-11 12:38 - 2015-11-10 12:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll2015-12-11 12:38 - 2015-11-10 12:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll2015-12-11 12:38 - 2015-11-10 12:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2015-12-11 12:38 - 2015-11-10 12:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll2015-12-11 12:38 - 2015-11-10 11:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-12-11 12:38 - 2015-11-09 18:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2015-12-11 12:38 - 2015-11-09 18:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-12-11 12:38 - 2015-11-09 18:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2015-12-11 12:38 - 2015-11-09 18:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2015-12-11 12:38 - 2015-11-09 18:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2015-12-11 12:38 - 2015-11-09 18:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2015-12-11 12:38 - 2015-11-09 18:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-12-11 12:38 - 2015-11-09 18:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2015-12-11 12:38 - 2015-11-09 18:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2015-12-11 12:38 - 2015-11-09 18:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2015-12-11 12:38 - 2015-11-09 18:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2015-12-11 12:38 - 2015-11-09 18:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-12-11 12:38 - 2015-11-09 18:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2015-12-11 12:38 - 2015-11-09 17:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2015-12-11 12:38 - 2015-11-09 17:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2015-12-11 12:38 - 2015-11-09 17:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-12-11 12:38 - 2015-11-09 17:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2015-12-11 12:38 - 2015-11-09 17:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2015-12-11 12:38 - 2015-11-09 17:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-12-11 12:38 - 2015-11-09 17:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-12-11 12:38 - 2015-11-09 17:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2015-12-11 12:38 - 2015-11-09 17:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-12-11 12:38 - 2015-11-09 17:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-12-11 12:38 - 2015-11-09 17:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2015-12-11 12:38 - 2015-11-08 16:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2015-12-11 12:38 - 2015-11-08 16:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2015-12-11 12:38 - 2015-11-08 16:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2015-12-11 12:38 - 2015-11-08 16:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-12-11 12:38 - 2015-11-08 16:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-12-11 12:38 - 2015-11-08 16:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2015-12-11 12:38 - 2015-11-08 16:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2015-12-11 12:38 - 2015-11-08 16:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2015-12-11 12:38 - 2015-11-08 16:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2015-12-11 12:38 - 2015-11-08 16:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2015-12-11 12:38 - 2015-11-08 16:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-12-11 12:38 - 2015-11-08 16:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2015-12-11 12:38 - 2015-11-08 16:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-12-11 12:38 - 2015-11-08 16:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2015-12-11 12:38 - 2015-11-08 16:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2015-12-11 12:38 - 2015-11-08 16:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2015-12-11 12:38 - 2015-11-08 15:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2015-12-11 12:38 - 2015-11-08 15:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2015-12-11 12:38 - 2015-11-08 15:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2015-12-11 12:38 - 2015-11-08 15:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2015-12-11 12:38 - 2015-11-08 15:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2015-12-11 12:38 - 2015-11-08 15:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll2015-12-11 12:38 - 2015-11-08 15:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2015-12-11 12:38 - 2015-11-08 15:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-12-11 12:38 - 2015-11-08 15:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2015-12-11 12:38 - 2015-11-08 15:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-12-11 12:38 - 2015-11-08 15:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2015-12-11 12:38 - 2015-11-08 15:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-12-11 12:38 - 2015-11-08 14:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-12-11 12:38 - 2015-11-08 14:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-12-11 12:38 - 2015-11-08 14:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2015-12-11 12:38 - 2015-11-05 13:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll2015-12-11 12:38 - 2015-11-05 13:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll2015-12-11 12:38 - 2015-11-05 13:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2015-12-11 12:38 - 2015-11-05 13:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2015-12-11 12:38 - 2015-11-05 03:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys2015-12-11 12:38 - 2015-11-03 13:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll2015-12-11 12:38 - 2015-11-03 13:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll2015-12-11 12:38 - 2015-11-03 12:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll2015-12-11 12:38 - 2015-11-03 12:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-26 12:00 - 2015-02-08 23:39 - 00030959 _____ C:\Users\X\Desktop\FRST.txt2015-12-26 12:00 - 2012-04-21 02:03 - 00000000 ____D C:\FRST2015-12-26 11:59 - 2015-02-21 00:09 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-12-26 11:57 - 2009-07-13 22:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-12-26 11:57 - 2009-07-13 22:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-12-26 11:56 - 2015-02-21 00:09 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-12-26 11:55 - 2009-07-13 23:13 - 00797890 _____ C:\Windows\system32\PerfStringBackup.INI2015-12-26 11:55 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf2015-12-26 11:53 - 2015-08-02 18:26 - 00000000 ____D C:\Program Files (x86)\Steam2015-12-26 11:53 - 2013-02-25 21:20 - 00002028 _____ C:\Windows\Sandboxie.ini2015-12-26 11:53 - 2009-07-13 21:20 - 00000000 ____D C:\Windows2015-12-26 11:52 - 2014-04-24 21:48 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-12-26 11:08 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-12-26 02:05 - 2012-03-30 08:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2015-12-25 19:32 - 2011-12-29 13:47 - 00005840 _____ C:\Windows\Tasks\hpwebreg_xxxxxxxxxx.job2015-12-25 13:33 - 2011-12-18 13:43 - 00000000 ____D C:\ProgramData\Norton2015-12-25 13:15 - 2015-02-22 19:20 - 00000000 ____D C:\Users\PLF\Desktop\FB pics2015-12-24 16:52 - 2015-02-08 16:51 - 00000358 _____ C:\Windows\Tasks\ReclaimerUpdateXML_PWS.job2015-12-24 14:53 - 2015-02-08 16:51 - 00000362 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_PWS.job2015-12-24 12:17 - 2014-07-13 11:47 - 00000000 ____D C:\ProgramData\RogueKiller2015-12-24 12:06 - 2014-07-13 11:47 - 00030848 _____ C:\Windows\system32\Drivers\TrueSight.sys2015-12-24 12:04 - 2015-02-09 11:14 - 20834888 _____ C:\Users\PLF\Desktop\RogueKiller.exe2015-12-19 19:15 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache2015-12-17 13:13 - 2015-04-06 23:54 - 00000000 ___SD C:\Windows\SysWOW64\GWX2015-12-17 13:13 - 2015-04-06 23:54 - 00000000 ___SD C:\Windows\system32\GWX2015-12-17 00:01 - 2015-11-07 12:15 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk2015-12-16 23:57 - 2015-02-21 00:15 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-12-12 20:50 - 2009-07-13 22:45 - 00456512 _____ C:\Windows\system32\FNTCACHE.DAT2015-12-11 15:31 - 2012-12-29 11:38 - 00000000 ____D C:\ProgramData\Microsoft Help2015-12-11 15:05 - 2013-07-16 16:09 - 00000000 ____D C:\Windows\system32\MRT2015-12-11 13:31 - 2011-12-20 12:23 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-12-11 13:05 - 2012-03-30 08:15 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-12-11 13:05 - 2011-12-26 00:11 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2012-09-01 00:46 - 2012-12-16 21:08 - 0000000 _____ () C:\Users\PLF\AppData\Roaming\FileIn.cns2012-09-01 00:46 - 2012-12-16 21:08 - 0000000 _____ () C:\Users\PLF\AppData\Roaming\FileOut.cns2015-08-01 13:45 - 2015-08-01 13:45 - 0006656 _____ () C:\Users\PLF\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-04-24 20:44 - 2015-11-22 19:00 - 0381228 _____ () C:\Users\PLF\AppData\Local\rx_image32.Cache2014-10-23 21:07 - 2014-10-23 21:07 - 0000057 _____ () C:\ProgramData\Ament.ini ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD. The user is not administrator ==================== End of FRST.txt ============================

Thanks guys for your input. Scoop, that appears to be exactly what the issue was. Norton is my AV and the timeline and description of the issue in the link you provided fits perfectly. Of all the possibilities, I didn't think the AV would have been the cause of the issue, learn something new everyday! Thanks again!

Hi all, Last night I encountered an odd behavior for Internet Explorer. I had a webpage up for a while and all of the sudden the message "Internet Explorer has encountered a problem and needs to close" appeared and the program became unresponsive (IE has been working fine for me for years, this was the first time). So I closed and re-opened the program - same result but this time the message appeared as soon as the program opened. I then did some research and tried a few things to correct the issue, but no luck for any of them (below). I was able to get Chrome onto the machine through a thumb drive off another computer so I can at least access the internet. From the problem event name, it appears that the issue was a buffer overflow. I have the machine up to date with the latest patches. Do any of you experts have any suggestions to correct the issue? Ran IE without addons Reset IE Restarted the computer Re installed IE Ran IE outside of Sandboxie Disabled Malwarebytes anti exploit Below was the message found in the reliability history log: DescriptionFaulting Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Problem signatureProblem Event Name: BEXApplication Name: IEXPLORE.EXEApplication Version: 10.0.9200.17229Application Timestamp: 54b478dfFault Module Name: IPSEng32.dllFault Module Version: 14.2.1.9Fault Module Timestamp: 54c8223bException Offset: 000c61e2Exception Code: c0000417Exception Data: 00000000OS Version: 6.1.7601.2.1.0.768.3Locale ID: 1033Additional Information 1: 5d6eAdditional Information 2: 5d6ef9135253aecf38a5211f52813d05Additional Information 3: 0d78Additional Information 4: 0d78b5f7b5aa516f13d946df3667918d

Everything seems to be working ok. Thanks Kevin! We can close out.

The system seems to be working okay, no issues noticed. Thank you very much for giving the system a quick look! PayPal will be coming your way tomorrow. One question I've been meaning to ask. For a while, one svchost in task manager is taking up around 286,000k while the others are taking around 10,000k. In TCPview a svchost sometimes will connect to an address. Does this sound like normal behavior?

Thanks Kevin, logs below: RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : PWS [Administrator] Mode : Scan -- Date : 02/09/2015 11:19:40 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 14 ¤¤¤ [PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-809943335-2564626158-2276789416-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-809943335-2564626158-2276789416-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 8 ¤¤¤ [suspicious.Path] \\PLF -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe ("C:\Users\PLF\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\PLF.nji") -> Found [suspicious.Path] \\PLF Merge -- "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe" ("C:\Users\PLF\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\PLF Merge.nji") -> Found [suspicious.Path] \\PLF1 -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe ("C:\Users\PLF\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\PLF1.nji") -> Found [suspicious.Path] \\PLF2 -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe ("C:\Users\PLF\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\PLF2.nji") -> Found [suspicious.Path] \\PLF3 -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe ("C:\Users\PLF\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\PLF3.nji") -> Found [suspicious.Path] \\PWS -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe ("C:\Users\PWS\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\PWS.nji") -> Found [suspicious.Path] \\PWS Merge -- "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe" ("C:\Users\PWS\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\PWS Merge.nji") -> Found [suspicious.Path] \\PWS2 -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe ("C:\Users\PWS\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\PWS2.nji") -> Found ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 2 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost [C:\Windows\System32\drivers\etc\hosts] ::1 localhost ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD20EARX-22PASB0 ATA Device +++++ --- User --- [MBR] d2716205458f24aa9a1397ad20eaac4f [bSP] b7f1af624ca415852c3eb9ae77b37bea : HP MBR Code Partition table: 0 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 2048 | Size: 14524 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 29747200 | Size: 763090 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1592555520 | Size: 1130113 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive3: Generic- SM/xD Picture USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive5: HP Officejet Pro 68 USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) ============================================ RKreport_SCN_07132014_125550.log - RKreport_SCN_12122014_233420.log - RKreport_SCN_12292014_235639.log HerdProtect: Saved date: 2/9/2015 1:01:00 PM Files detected: 84 Files scanned: 10,339 Processes scanned: 74 Modules scanned: 764 ASEPs scanned: 497 Downloads scanned: 2 Deep analysis: 2/0 --------------------------------------------------------------------------------- Files --------------------------------------------------------------------------------- File path: c:\program files (x86)\asus\ai suite ii\asroutinecontroller.exe Publisher: ASUSTeK Computer Inc. Signer: ASUSTeK Computer Inc. MD5: 576c72830e3fd6ace2910545b6130803 SHA-1: 0c6aa51f08695ed83472f35930006564c8bb5566 Created: 5/31/2011 3:54:22 PM Detections: 1 Determination: Ignore detections (false positive) - Rising Antivirus as PE:Malware.XPACK/RDM!5.1 --------------------------------------------------------------------------------- File path: c:\program files (x86)\common files\ahead\lib\nmindexstoresvr.exe Publisher: Nero AG Signer: Nero AG MD5: ffbd5650348d4f9e0aa8e72938dc6478 SHA-1: 17a719cbf59a68c5c11bb030710c4e1e24576f10 Created: 6/27/2007 8:04:00 PM Detections: 1 Determination: Ignore detections (false positive) - Boost by Reason as Optional.NeroAG.P --------------------------------------------------------------------------------- File path: c:\program files (x86)\common files\ahead\lib\nmbgmonitor.exe Publisher: Nero AG Signer: Nero AG MD5: 86f0d0b3a07c142c81dab47e8495a822 SHA-1: 27179230ec6323d58bd51cdcfbfb6151a1a6f6ed Created: 6/27/2007 8:03:40 PM Detections: 2 Determination: Ignore detections (false positive) - Boost by Reason as Optional.Startup.NeroAG.L - Prevx as Heuristic: Suspicious Self Modifying File (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\asus\axsp\1.00.13\pebiosinterface32.dll Publisher: MD5: fdd0ca75e21bebdfd1dfcd94eaf21147 SHA-1: 8e8b626230e5609d7e19851d0fa11cb4cc9052da Created: 5/31/2011 3:54:01 PM Detections: 2 Determination: Ignore detections (false positive) - Trend Micro House Call as PAK_Generic.001 - Trend Micro as PAK_Generic.001 --------------------------------------------------------------------------------- File path: c:\program files (x86)\nero\nero 7\core\nero.exe Publisher: Nero AG Signer: Nero AG MD5: 8f47a3c28086829f25251b763ff7509f SHA-1: 0a4f86789215592271e71fb4e7c68bccb5d70568 Created: 7/27/2007 12:40:06 PM Detections: 1 Determination: Ignore detections (false positive) - Rising Antivirus as PE:Malware.XPACK/RDM!5.1 --------------------------------------------------------------------------------- File path: c:\program files (x86)\free m4a to mp3 converter\m4a_menu.dll Publisher: MD5: 22828e87a47716d1563663c939a3cd6d SHA-1: 190e89eda8c472ccee40873362a71fabd71bb1b9 Created: 12/30/2011 9:56:37 PM Detections: 1 Determination: Ignore detections (false positive) - Bkav FE as HW32.CDB (Undefined) --------------------------------------------------------------------------------- File path: c:\users\pws\downloads\mstspatch1.8.052113en\patch 1.8.052113en.exe Publisher: Lindersoft MD5: b81d2389c0fd6fe98b299019aefa9c99 SHA-1: 0c1f22897c8d43e26fbc0e419ff2d68b909c6e3e Created: 5/21/2008 2:58:48 PM Detections: 1 Determination: Ignore detections (false positive) - The Hacker as Trojan/Packed (Undefined) --------------------------------------------------------------------------------- File path: c:\users\pws\desktop\otl.exe Publisher: OldTimer Tools MD5: be23867d18238526b9cddde6f1e3022a SHA-1: ca59f8a95d0acff2c1c759b83984af63c71e6ea9 Created: 5/5/2012 10:37:12 PM Detections: 4 Determination: Ignore detections (false positive) - Trend Micro House Call as TROJ_GEN.R06H1DS (Undefined) - eSafe as Suspicious File - Agnitum Outpost as Packed/PECompact - Antiy Labs AVL as Trojan/win32.agent.gen (Undefined) --------------------------------------------------------------------------------- File path: c:\users\pws\desktop\roguekiller.exe Publisher: Tigzy MD5: 1ef27dcca7f8ed4c23e1e060f1904ce1 SHA-1: 01c99c945be0da7da63dccfe6144792f9a422eb2 Created: 10/26/2012 4:30:37 PM Detections: 1 Determination: Ignore detections (false positive) - Trend Micro House Call as TROJ_GEN.F47V1024 (Undefined) --------------------------------------------------------------------------------- File path: c:\users\pws\desktop\securitycheck.exe Publisher: MD5: 31f3cf74759be9196408eebfe9e93626 SHA-1: 6a9c8da3e0edb9519d2a10ec02fc338126480a86 Created: 12/26/2012 11:23:59 PM Detections: 3 Determination: Inconclusive - Trend Micro House Call as TROJ_GEN.F47V1125 (Undefined) - Sophos as NirCmd - Antiy Labs AVL as Trojan/Win32.Chifrax.gen (Undefined) --------------------------------------------------------------------------------- File path: c:\users\pws\desktop\td35.exe Publisher: Signal Computer Consultants MD5: fdc53217d35607f89c42a6a20329b74e SHA-1: 8cd699480d30b80c149550b9de8a371d7b9e1630 Created: 4/27/2012 11:39:00 AM Detections: 1 Determination: Ignore detections (false positive) - CMC Antivirus as RemoteAdmin.Win32.WinVNC-based!O --------------------------------------------------------------------------------- File path: c:\users\pws\desktop\tfc.exe Publisher: OldTimer Tools MD5: 5b5d56738c261634c281c7ba1ca1a2df SHA-1: 0f5cb90f64e936e8de187e7eae5b6dbf085afc37 Created: 4/22/2012 11:16:10 AM Detections: 3 Determination: Ignore detections (false positive) - Bkav FE as HW32.CDB (Undefined) - Rising Antivirus as PE:Trojan.Win32.Generic.12723435!309474357 (Undefined) - AVG as Dropper.Generic9 (Undefined) --------------------------------------------------------------------------------- File path: c:\windows\syswow64\iscsicpl.dll Publisher: Microsoft Corporation MD5: f945adcef203e6104aec8ec9c337cfd0 SHA-1: 85fe50b2c2fcbec2c09c5039c8f8c1d38523780a Created: 7/13/2009 6:46:13 PM Detections: 1 Determination: Ignore detections (false positive) - Bkav FE as W32.HfsAutoA (Undefined) --------------------------------------------------------------------------------- File path: c:\programdata\application data\flexnet\connect\11\issch.exe Publisher: Flexera Software, Inc. Signer: Flexera Software, Inc. MD5: 452101503e1334511cb185081aec5e9d SHA-1: e2bd7151fec2013ae2f52f6c144fdc6ef89b187b Created: 5/21/2010 1:40:28 PM Detections: 1 Determination: Ignore detections (false positive) - Boost by Reason as Optional.FlexeraSoftware.F --------------------------------------------------------------------------------- File path: c:\programdata\application data\flexnet\connect\11\isusweb.dll Publisher: MD5: d41d8cd98f00b204e9800998ecf8427e SHA-1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Created: 5/17/2010 2:09:34 PM Detections: 5 Determination: Ignore detections (false positive) - Lavasoft Ad-Aware as Gen:Variant.Zusy.122341 (Undefined) - ESET NOD32 as Win32/Sality.NBA virus (Undefined) - Avira AntiVirus as TR/Dropper.Gen (Undefined) - Kaspersky as not-a-virus:WebToolbar.Win32.CrossRider (Adware) - Dr.Web as Adware.Downware.1751 (Adware) --------------------------------------------------------------------------------- File path: c:\programdata\application data\installmate\{4bb7a109-fdb5-45e3-9db9-ecb2ea7b80ee}\tsudll.dll Publisher: Tarma Software Research Pty Ltd Signer: Tarma Software Research Pty Ltd MD5: 1857130611ec555f0d0ca0ed34731121 SHA-1: fccd9eba37d3c0dd0d60713263527c15c62edea3 Created: 9/5/2013 7:00:45 PM Detections: 1 Determination: Ignore detections (false positive) - Rising Antivirus as PE:Malware.XPACK/RDM!5.1 --------------------------------------------------------------------------------- File path: c:\programdata\application data\installmate\{84481a87-2316-4923-8fab-3ba8ca29323d}\tsudll.dll Publisher: Tarma Software Research Pty Ltd Signer: Tarma Software Research Pty Ltd MD5: 1857130611ec555f0d0ca0ed34731121 SHA-1: fccd9eba37d3c0dd0d60713263527c15c62edea3 Created: 12/29/2013 1:47:12 PM Detections: 1 Determination: Ignore detections (false positive) - Rising Antivirus as PE:Malware.XPACK/RDM!5.1 --------------------------------------------------------------------------------- File path: c:\programdata\application data\macrovision\flexnet connect\11\agent.exe Publisher: Flexera Software, Inc. Signer: Flexera Software, Inc. MD5: fe5a7418919660104cdcdac1066a9021 SHA-1: 9fb60833413de41940e6f5fd426f448ec9e9f378 Created: 5/21/2010 1:40:38 PM Detections: 1 Determination: Ignore detections (false positive) - Boost by Reason as Optional.FlexeraSoftware.F --------------------------------------------------------------------------------- File path: c:\programdata\application data\macrovision\flexnet connect\6\agent.exe Publisher: Flexera Software, Inc. Signer: Flexera Software, Inc. MD5: cc2af4ea32a61c1df04437890523fced SHA-1: 33095693ad222509aae346619956107775f74ebe Created: 5/21/2010 1:40:36 PM Detections: 1 Determination: Ignore detections (false positive) - Boost by Reason as Optional.FlexeraSoftware.F --------------------------------------------------------------------------------- File path: c:\programdata\flexnet\connect\11\issch.exe Publisher: Flexera Software, Inc. Signer: Flexera Software, Inc. MD5: 452101503e1334511cb185081aec5e9d SHA-1: e2bd7151fec2013ae2f52f6c144fdc6ef89b187b Created: 5/21/2010 1:40:28 PM Detections: 1 Determination: Ignore detections (false positive) - Boost by Reason as Optional.FlexeraSoftware.F --------------------------------------------------------------------------------- File path: c:\programdata\flexnet\connect\11\isusweb.dll Publisher: MD5: d41d8cd98f00b204e9800998ecf8427e SHA-1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Created: 5/17/2010 2:09:34 PM Detections: 5 Determination: Ignore detections (false positive) - Lavasoft Ad-Aware as Gen:Variant.Zusy.122341 (Undefined) - ESET NOD32 as Win32/Sality.NBA virus (Undefined) - Avira AntiVirus as TR/Dropper.Gen (Undefined) - Kaspersky as not-a-virus:WebToolbar.Win32.CrossRider (Adware) - Dr.Web as Adware.Downware.1751 (Adware) --------------------------------------------------------------------------------- File path: c:\programdata\installmate\{4bb7a109-fdb5-45e3-9db9-ecb2ea7b80ee}\tsudll.dll Publisher: Tarma Software Research Pty Ltd Signer: Tarma Software Research Pty Ltd MD5: 1857130611ec555f0d0ca0ed34731121 SHA-1: fccd9eba37d3c0dd0d60713263527c15c62edea3 Created: 9/5/2013 7:00:45 PM Detections: 1 Determination: Ignore detections (false positive) - Rising Antivirus as PE:Malware.XPACK/RDM!5.1 --------------------------------------------------------------------------------- File path: c:\programdata\installmate\{84481a87-2316-4923-8fab-3ba8ca29323d}\tsudll.dll Publisher: Tarma Software Research Pty Ltd Signer: Tarma Software Research Pty Ltd MD5: 1857130611ec555f0d0ca0ed34731121 SHA-1: fccd9eba37d3c0dd0d60713263527c15c62edea3 Created: 12/29/2013 1:47:12 PM Detections: 1 Determination: Ignore detections (false positive) - Rising Antivirus as PE:Malware.XPACK/RDM!5.1 --------------------------------------------------------------------------------- File path: c:\programdata\macrovision\flexnet connect\11\agent.exe Publisher: Flexera Software, Inc. Signer: Flexera Software, Inc. MD5: fe5a7418919660104cdcdac1066a9021 SHA-1: 9fb60833413de41940e6f5fd426f448ec9e9f378 Created: 5/21/2010 1:40:38 PM Detections: 1 Determination: Ignore detections (false positive) - Boost by Reason as Optional.FlexeraSoftware.F --------------------------------------------------------------------------------- File path: c:\programdata\macrovision\flexnet connect\6\agent.exe Publisher: Flexera Software, Inc. Signer: Flexera Software, Inc. MD5: cc2af4ea32a61c1df04437890523fced SHA-1: 33095693ad222509aae346619956107775f74ebe Created: 5/21/2010 1:40:36 PM Detections: 1 Determination: Ignore detections (false positive) - Boost by Reason as Optional.FlexeraSoftware.F --------------------------------------------------------------------------------- File path: c:\users\pws\appdata\local\citrix\ica client\ctxmui.dll Publisher: Citrix Systems, Inc. Signer: Citrix Systems, Inc. MD5: bc068d663903d1fa569eb02b0a8ef692 SHA-1: 18fac09015232975b74eb73a490ef91260e8fea0 Created: 10/12/2010 4:32:02 PM Detections: 1 Determination: Ignore detections (false positive) - Bkav FE as HW32.Laneul (Undefined) --------------------------------------------------------------------------------- File path: c:\users\pws\appdata\local\citrix\ica client\resource\en\cstui.dll Publisher: Citrix Systems, Inc. Signer: Citrix Systems, Inc. MD5: 46f8b71289a5cdb0f4c67b7aad01873f SHA-1: eba69dd4bbbfd507e0a39eb1cb8fa97c5a1c0d41 Created: 10/12/2010 4:22:10 PM Detections: 1 Determination: Ignore detections (false positive) - Bkav FE as HW32.Stranfom (Undefined) --------------------------------------------------------------------------------- File path: c:\users\pws\appdata\local\citrix\ica client\resource\en\progressnotificationcommonui.dll Publisher: Citrix Systems, Inc. Signer: Citrix Systems, Inc. MD5: 0ba3e881e50c6cc5efe00205f8c54be5 SHA-1: edc3cd737897c9f08b08f63a318464671d6a113d Created: 10/12/2010 4:22:32 PM Detections: 1 Determination: Ignore detections (false positive) - Bkav FE as HW32.Stranfom (Undefined) --------------------------------------------------------------------------------- File path: c:\users\pws\appdata\local\citrix\ica client\resource\en\wfcrunui.dll Publisher: Citrix Systems, Inc. Signer: Citrix Systems, Inc. MD5: 204aa6d6f4e0ede48ce9f5ae0bea5e79 SHA-1: 13d4b776f60c995b98c509803c0b7d5a1c729b1c Created: 10/12/2010 4:24:36 PM Detections: 1 Determination: Ignore detections (false positive) - Bkav FE as HW32.Stranfom (Undefined) --------------------------------------------------------------------------------- File path: c:\Users\PWS\AppData\Roaming\Real\Update\temp\~Upg0\rnupgagent.exe Publisher: RealNetworks, Inc. Signer: RealNetworks, Inc. MD5: 6a05110733966830f85bc2fe957c79eb SHA-1: ba8113ef98f537f7b0c2c56c87968625cba49f9b Created: 9/24/2012 1:26:49 PM Detections: 5 Determination: Inconclusive - Bkav FE as W32.Clod052.Trojan (Undefined) - nProtect as Trojan/W32.Agent.449176 (Undefined) - The Hacker as Trojan/Agent.bjvu (Undefined) - Trend Micro House Call as HV_AGENT_BK083C37.TOMC (Undefined) - Dr.Web as Trojan.Click2.59112 (Undefined) --------------------------------------------------------------------------------- File path: c:\program files\hp\hp officejet pro 6830\driverstore\yeti\v3\i386\unidrv.dll Publisher: Microsoft Corporation MD5: c53976c5d2437d3bb2a2c85f684e7018 SHA-1: 2f8cf8403e978330abedcf1c098e0f686761c17d Created: 6/20/2014 9:35:20 PM Detections: 1 Determination: Ignore detections (false positive) - AegisLab AV Signature as W32.W.Mabezat (Undefined) --------------------------------------------------------------------------------- File path: c:\program files\microsoft games\train simulator\uninst_msts patch 1.8.0521 en.exe Publisher: Lindersoft MD5: a24aa6931ef9d16dff5e70ec294cb94a SHA-1: 2596f73bdc11bb80c73f66033b5af0c6d3920bdc Created: 12/18/2011 4:59:56 PM Detections: 1 Determination: Ignore detections (false positive) - The Hacker as Trojan/Packed (Undefined) --------------------------------------------------------------------------------- File path: c:\program files\microsoft games\train simulator\routes\sandpatch\uninstall\uninstall.exe Publisher: MD5: f0dd33bfdfee3841340b935872cd1fd4 SHA-1: 0ce5c10df6090de3f880e84ce483f494d0eb4279 Created: 12/18/2011 5:05:15 PM Detections: 3 Determination: Inconclusive - nProtect as Trojan/W32.Agent.79813 (Undefined) - The Hacker as Trojan/VB.zp (Undefined) - AhnLab V3 Security as Dropper/Malware.79813 (Undefined) --------------------------------------------------------------------------------- File path: c:\program files\microsoft games\train simulator\routes\usa1\activities\7017.exe Publisher: MD5: 6dd271507796760247650fa134ed2fd6 SHA-1: be17e628df21358cb828d85cbcd116f875260d92 Created: 12/18/2011 5:04:29 PM Detections: 1 Determination: Inconclusive - ESET NOD32 as Detection.Undefined (Undefined) --------------------------------------------------------------------------------- File path: c:\program files\microsoft games\train simulator\trains\trainset\bn_eng_setup.exe Publisher: MD5: 6ec9a8d7c81f77ad3b7904046893e21b SHA-1: 5d9e66dd2fd27876d1c3fbed36d59b67399e1dcc Created: 12/18/2011 4:59:56 PM Detections: 1 Determination: Ignore detections (false positive) - Sunbelt AntiMalware as Trojan-Spy.Win32.Banpaes.X (Undefined) --------------------------------------------------------------------------------- File path: c:\program files\microsoft games\train simulator\trains\trainset\cnsd60f.exe Publisher: MD5: 43ae4c981e95ce45e925830225d889f4 SHA-1: 7fdd547ddb4a43bf36c8d56e5c6a2b10d9dad383 Created: 12/18/2011 4:59:57 PM Detections: 1 Determination: Ignore detections (false positive) - CMC Antivirus as Server-FTP.Win32.SlimFTPd!O (Undefined) --------------------------------------------------------------------------------- File path: c:\program files\microsoft games\train simulator\trains\trainset\mbtaf45.exe Publisher: MD5: 49aa010792b1cc707e91255bd39a65bf SHA-1: ea4d191da2d7c6809085ed0ddc40f55dca5293f4 Created: 12/18/2011 4:59:57 PM Detections: 2 Determination: Ignore detections (false positive) - CMC Antivirus as Backdoor.Win32.DSSdoor!O (Undefined) - Antiy Labs AVL as Trojan[backdoor]/Win32.DSSdoor (Undefined) --------------------------------------------------------------------------------- File path: c:\program files\microsoft games\train simulator\trains\trainset\bn_sd9\t-trains_sd9.exe Publisher: MD5: 93de5d0124a42fa9551d0f9791947711 SHA-1: 9a6fdf6d0246e927cf9eaf4e2d30e2cb42857d25 Created: 12/18/2011 5:02:38 PM Detections: 1 Determination: Ignore detections (false positive) - ByteHero BDV as Virus.Win32.Part.a (Undefined) --------------------------------------------------------------------------------- File path: c:\program files\microsoft games\train simulator\trains\trainset\coaster msts\coaster.exe Publisher: MD5: 6af0667097ff5fc67fac76e0ec0ec841 SHA-1: 2d848b202c81e14b81ddd07b70088c90f7b73499 Created: 12/18/2011 5:02:30 PM Detections: 1 Determination: Ignore detections (false positive) - Bkav FE as W32.SevenyearsK1.Trojan (Undefined) --------------------------------------------------------------------------------- File path: c:\program files\microsoft games\train simulator\trains\trainset\coaster msts\coasteractivity.exe Publisher: MD5: f085d706abe5c4e9583edec342775594 SHA-1: b81e2b31e22a834741b8faafd270c70b6eced5a0 Created: 12/18/2011 5:02:30 PM Detections: 3 Determination: Inconclusive - Bkav FE as W32.SevenyearsK1.Trojan (Undefined) - Trend Micro House Call as PAK_Generic.005 - Trend Micro as PAK_Generic.005 --------------------------------------------------------------------------------- File path: c:\program files\microsoft games\train simulator\trains\trainset\coaster msts\coasterconsists.exe Publisher: MD5: 9f44814e49eeed255cbd458378df745a SHA-1: beb8de72d12ec0d0b4d494b1c741d3f6191bcad5 Created: 12/18/2011 5:02:30 PM Detections: 1 Determination: Ignore detections (false positive) - Bkav FE as W32.SevenyearsK1.Trojan (Undefined) --------------------------------------------------------------------------------- File path: c:\program files\microsoft games\train simulator\trains\trainset\common.snd\genesis\gen_snd2.exe Publisher: MD5: ff97ad3e7f646e0facf0119af630c572 SHA-1: 202ab810d70c335a13b2c020e29fa29ffbe5fc71 Created: 12/18/2011 5:02:19 PM Detections: 2 Determination: Ignore detections (false positive) - Jiangmin as Client-IRC.mIRC.o (Undefined) - ByteHero BDV as Virus.Win32.Part.a (Undefined) --------------------------------------------------------------------------------- File path: c:\program files\microsoft games\train simulator\trains\trainset\cstr2103\coaster_f40ph_2103.exe Publisher: MD5: ccffaa319d84d8b93a257c99a47b363f SHA-1: 7ed02edba6936b4c8d6c584779adae502e2e2e76 Created: 12/18/2011 5:02:13 PM Detections: 1 Determination: Ignore detections (false positive) - ByteHero BDV as Virus.Win32.Part.a (Undefined) --------------------------------------------------------------------------------- File path: c:\program files\microsoft games\train simulator\trains\trainset\cta2400\cta2400.exe Publisher: MD5: 2d443da912b83f1d36ced19b9e417f20 SHA-1: 0dca31702703738c164ebb8e31423a16d50f1dc6 Created: 12/18/2011 5:02:07 PM Detections: 1 Determination: Ignore detections (false positive) - ByteHero BDV as Virus.Win32.Part.a (Undefined) --------------------------------------------------------------------------------- File path: c:\program files\microsoft games\train simulator\trains\trainset\f40pat\f40_pat1\f40_pat1.exe Publisher: MD5: fb85bfb4615e29ca490c45eb62330668 SHA-1: 2a4cb3534b0af3d2d12799e3c21e3e93d009f520 Created: 12/18/2011 5:02:05 PM Detections: 1 Determination: Ignore detections (false positive) - ByteHero BDV as Virus.Win32.Part.a (Undefined) --------------------------------------------------------------------------------- File path: c:\program files\microsoft games\train simulator\trains\trainset\hhp\gp40_snd\gp40_snd.exe Publisher: MD5: 50f80345935612aa20c56bbad2e48761 SHA-1: 0c273f3c49eaff4c1b046082778f98a24a3f7763 Created: 12/18/2011 5:01:51 PM Detections: 1 Determination: Ignore detections (false positive) - ByteHero BDV as Virus.Win32.Part.a (Undefined) --------------------------------------------------------------------------------- File path: c:\program files\microsoft games\train simulator\trains\trainset\metxf40\install.exe Publisher: MD5: 920fefc557f86a462ecb1f7cbcf4a29d SHA-1: fba4449016f784aa9c17243567e5a78438d6d22e Created: 12/18/2011 5:01:42 PM Detections: 2 Determination: Ignore detections (false positive) - The Hacker as Backdoor/mIRC-based.d (Undefined) - Jiangmin as Backdoor/IRCBot.khl (Undefined) --------------------------------------------------------------------------------- File path: c:\program files\microsoft games\train simulator\trains\trainset\new folder\f45cab.exe Publisher: MD5: 6f3a22743ad1ece7084ef5c3fa73adaf SHA-1: 342657fc9f7a14cb5f88529286af116232577973 Created: 12/18/2011 5:01:15 PM Detections: 1 Determination: Ignore detections (false positive) - ByteHero BDV as Virus.Win32.Part.a (Undefined) --------------------------------------------------------------------------------- File path: c:\program files\microsoft games\train simulator\trains\trainset\nycfreewaresetup\nycfreewaresetup.exe Publisher: MD5: 1571fd4ef8b0029fc11c7fc3fda34248 SHA-1: ee40819bb73b4c43aa6d3360940f815716149a04 Created: 12/18/2011 5:01:09 PM Detections: 1 Determination: Ignore detections (false positive) - CMC Antivirus as Trojan-Dropper.Win32.Halk!O (Undefined) --------------------------------------------------------------------------------- File path: c:\program files\td3\metra-elgin1.exe Publisher: MD5: aa53b720101a9ec34f0b351fd065edfc SHA-1: 49842d2bde6a67ac3bcba2d7e7b65ece4620f45f Created: 12/18/2011 2:25:17 PM Detections: 2 Determination: Ignore detections (false positive) - The Hacker as Trojan/Avanzado (Undefined) - ByteHero BDV as Trojan.Malware.Obscu.Gen.001 (Undefined) --------------------------------------------------------------------------------- File path: c:\program files\td3\t418.exe Publisher: MD5: 918d23c799f67568744c36a2144d5c86 SHA-1: c19f04cb59cb132a4a0827922ba462f92e6ebe10 Created: 12/18/2011 2:25:14 PM Detections: 2 Determination: Ignore detections (false positive) - The Hacker as Trojan/Avanzado (Undefined) - ByteHero BDV as Trojan.Malware.Obscu.Gen.001 (Undefined) --------------------------------------------------------------------------------- File path: c:\program files\train simulator\uninst_msts patch 1.8.0521 en.exe Publisher: Lindersoft MD5: a24aa6931ef9d16dff5e70ec294cb94a SHA-1: 2596f73bdc11bb80c73f66033b5af0c6d3920bdc Created: 12/18/2011 4:59:16 PM Detections: 1 Determination: Ignore detections (false positive) - The Hacker as Trojan/Packed (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\asus\ai manager\page\isecurity.dll Publisher: ASUSTeK MD5: 5943eb1b1bd7e41878df610776981fcd SHA-1: 6c8ed025ae0f9d83ca497504d9d4910b4abc7bb9 Created: 5/31/2011 3:53:53 PM Detections: 1 Determination: Ignore detections (false positive) - Bkav FE as HW32.Pedka (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\asus\ai suite ii\sensor graph\aahmlib_graph.dll Publisher: MD5: b3e8652841e38ec2559347dd77666329 SHA-1: f017ef3cfda93854a51451375b7494faec826686 Created: 5/31/2011 3:54:25 PM Detections: 1 Determination: Ignore detections (false positive) - McAfee Web Gateway as Heuristic.BehavesLike.Win32.Suspicious.H --------------------------------------------------------------------------------- File path: c:\program files (x86)\billp studios\winpatrol\sqlite3.dll Publisher: MD5: da991d435930f6adc5c570e2284f73f6 SHA-1: d10ec559487a3db7f5073e54daa21a81f270b529 Created: 11/27/2012 10:19:37 PM Detections: 1 Determination: Ignore detections (false positive) - Bkav FE as W32.HfsAutoB (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\common files\ahead\lib\nmbcwriter.exe Publisher: Nero AG Signer: Nero AG MD5: d573bd732632d885b0f0e7468fdc9b78 SHA-1: 746da90b9c8ef13d2155ba216eaddb13ae0ce2d1 Created: 6/27/2007 8:03:38 PM Detections: 1 Determination: Ignore detections (false positive) - WebWasher Gateway as BlockReason.0 (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\common files\ahead\nas\vis_nas.dll Publisher: Nero AG Signer: Nero AG MD5: 3f350e67d820c4853d3619786246c1f9 SHA-1: 25fa7c18dcf95d1039509c2b333964eb4ad3c63c Created: 6/27/2007 8:02:48 PM Detections: 1 Determination: Ignore detections (false positive) - Clam AntiVirus as PUA.Packed.ASPack --------------------------------------------------------------------------------- File path: c:\program files (x86)\common files\ahead\remotecontrol\neroremotectrlhandler.exe Publisher: Nero AG Signer: Nero AG MD5: ef2e5b7cf0da165f5abfe0c707ba797b SHA-1: 69920e307450ff52b849e2f98acd0a2a85733b52 Created: 6/27/2007 8:03:20 PM Detections: 1 Determination: Ignore detections (false positive) - WebWasher Gateway as BlockReason.0 (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\common files\roxio shared\9.0\divx\divx.dll Publisher: DivX, Inc. Signer: DivX, Inc. MD5: 799e5d243a168bdb4671c5df9a154540 SHA-1: f2beec7807bc263350323c88b41f5bfe45d0a9d4 Created: 6/16/2008 1:12:36 PM Detections: 2 Determination: Ignore detections (false positive) - eSafe as Suspicious File - Clam AntiVirus as PUA.Packed.PECompact-1 --------------------------------------------------------------------------------- File path: c:\program files (x86)\common files\roxio shared\roxiosharedapi\stdole.dll Publisher: Microsoft Corporation MD5: 2878e2cea511af5562dad618218c632a SHA-1: e0b783b11ee1c030c7339720f9746eeff3a18303 Created: 10/23/2008 12:47:06 PM Detections: 1 Determination: Ignore detections (false positive) - Emsisoft Anti-Malware as Gen:Variant.Kazy.290352 (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\erunt\autoback.exe Publisher: MD5: e00de20f0f6bed5cd2160247ddc9443b SHA-1: 73a0f69e8deb45974c6d64ccc946fc9a8b86d493 Created: 10/20/2005 12:04:08 PM Detections: 1 Determination: Ignore detections (false positive) - The Hacker as Posible_Worm32 (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\free m4a to mp3 converter\bass_alac.dll Publisher: MaresWEB MD5: e5e6efa3505b93fc0962e9d4ead609e3 SHA-1: fb39a571f87b83e8f06dd60a82728acfea85048c Created: 12/30/2011 9:56:36 PM Detections: 1 Determination: Ignore detections (false positive) - Bkav FE as HW32.CDB (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\hp photo creations\uninst.exe Publisher: Signer: Visan Industries MD5: 5a18957d6a3f95983149d6407136bcaf SHA-1: 3f2247699064799ecdb2e7792bc62125f0f07755 Created: 3/20/2012 2:00:02 PM Detections: 1 Determination: Ignore detections (false positive) - Trend Micro House Call as HV_ZYX_CA2255FC.TOMC (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\microsoft games\flight simulator 9\fs9.exe Publisher: Microsoft Corporation MD5: a5af28914637d2d6ee2174f52dd366fb SHA-1: 9b0d9cca99ae93ac663b0695d650b73371109a9e Created: 6/12/2003 10:07:49 PM Detections: 1 Determination: Ignore detections (false positive) - Rising Antivirus as PE:Malware.XPACK-LNR/Heur!1.5594 (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\microsoft games\flight simulator 9\uninstal.exe Publisher: Microsoft Corporation MD5: 5f434096437050003ae46009ddffbcc6 SHA-1: 582675b2d79d8b996312540f57419c998fcce0a1 Created: 6/13/2003 1:02:27 AM Detections: 1 Determination: Ignore detections (false positive) - Rising Antivirus as PE:Trojan.DL.Zlob!1.6606 (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\microsoft games\train simulator\mstsbin installer.exe Publisher: MD5: a24b149b55707931ef1e6fdc92ebe418 SHA-1: 558a57bf0763946a3c2d8172e9b58d4d973fbfa7 Created: 5/11/2013 6:43:45 PM Detections: 1 Determination: Ignore detections (false positive) - The Hacker as Backdoor/Delf.abve (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\microsoft games\train simulator\uninst_msts patch 1.8.0521 en.exe Publisher: Lindersoft MD5: a24aa6931ef9d16dff5e70ec294cb94a SHA-1: 2596f73bdc11bb80c73f66033b5af0c6d3920bdc Created: 12/28/2011 10:30:50 PM Detections: 1 Determination: Ignore detections (false positive) - The Hacker as Trojan/Packed (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\microsoft games\train simulator\trains\trainset\common.snd\genesis\gen_snd2.exe Publisher: MD5: ff97ad3e7f646e0facf0119af630c572 SHA-1: 202ab810d70c335a13b2c020e29fa29ffbe5fc71 Created: 2/19/2012 12:02:13 PM Detections: 2 Determination: Ignore detections (false positive) - Jiangmin as Client-IRC.mIRC.o (Undefined) - ByteHero BDV as Virus.Win32.Part.a (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\nero\nero 7\core\audiopluginmgr.dll Publisher: Nero AG Signer: Nero AG MD5: fceebcacc5a42ddfcd552ec54946160e SHA-1: 3c6a039a44860c1e33413dab88e1e7b3fdd588ae Created: 6/22/2007 4:34:42 PM Detections: 1 Determination: Ignore detections (false positive) - Sunbelt AntiMalware as Trojan-Downloader.S (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\nero\nero 7\nero backitup\nerofiles\neroapi.dll Publisher: Nero AG Signer: Nero AG MD5: 43a4e262475d9a1b7fd71741bb862b2f SHA-1: 12cebcd4f2404667f263c71b90c86e0e7e802caf Created: 9/10/2007 11:00:54 AM Detections: 1 Determination: Ignore detections (false positive) - ByteHero BDV as Trojan.Malware.Win32.xPack.g (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\nero\nero 7\nero coverdesigner\coverdes.exe Publisher: Nero AG Signer: Nero AG MD5: 3df4066b2104f646895147b16472b22b SHA-1: 33843c2363e19b7bd6fde4e742c151dd573c629e Created: 7/24/2007 4:43:36 PM Detections: 1 Determination: Ignore detections (false positive) - Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\nero\nero 7\nero home\nerohome.exe Publisher: Nero AG Signer: Nero AG MD5: 7f471d168b27e4fd7005f42d5449bdd6 SHA-1: 546bf3536d0162684cf0166adfd4a7823e006c56 Created: 6/27/2007 8:02:38 PM Detections: 1 Determination: Ignore detections (false positive) - The Hacker as Trojan/KillAV.nhz (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\nero\nero 7\nero mediahome\neromediahome.exe Publisher: Nero AG Signer: Nero AG MD5: f679dbb4694fd402921b064840f5f65e SHA-1: 11b3d38909770a80754c45771a1cbcf898455129 Created: 6/27/2007 8:04:52 PM Detections: 1 Determination: Ignore detections (false positive) - The Hacker as Trojan/KillAV.nhz (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\nero\nero 7\nero photosnap\photosnap.exe Publisher: Nero AG Signer: Nero AG MD5: 78f72e57307744a22f38ae7fdab0af57 SHA-1: d8210baca3fe828ea9599d2492fe3a4fd9265a14 Created: 5/23/2007 11:08:06 AM Detections: 1 Determination: Ignore detections (false positive) - The Hacker as Trojan/KillAV.nhz (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\nero\nero 7\nero vision\dvdblockacc.dll Publisher: Nero AG Signer: Nero AG MD5: c7b21be6f8df776909a1bde4723af5e5 SHA-1: 2ee7f256e102be8f9ab102c3ffd1657b3603679c Created: 9/10/2007 11:02:02 AM Detections: 1 Determination: Ignore detections (false positive) - Rising Antivirus as Suspicious --------------------------------------------------------------------------------- File path: c:\program files (x86)\nero\nero 7\nero vision\dvddoc.dll Publisher: Nero AG Signer: Nero AG MD5: 3241530d2e9915d5f259afe1f6a5d5a4 SHA-1: 764e0dbd7202759be4d89d10a627589157c29777 Created: 8/3/2007 3:58:02 PM Detections: 1 Determination: Ignore detections (false positive) - ByteHero BDV as Trojan.Malware.Win32.xPack.g (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\nero\nero 7\nero vision\htmlgallery.dll Publisher: Nero AG Signer: Nero AG MD5: 06aa74a60a1e7ed2b2b036599be40b44 SHA-1: f8fa252de47393eafb0881b2d0dbe4bcf19a0e45 Created: 8/3/2007 3:58:36 PM Detections: 1 Determination: Ignore detections (false positive) - Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\nero\nero 7\nero vision\nerovision.exe Publisher: Nero AG Signer: Nero AG MD5: 300be75501fd44c4cc513b11dcc89523 SHA-1: 88f4192039bb0ffcd61ef68ac655db4e6d6a3f83 Created: 8/3/2007 3:58:36 PM Detections: 1 Determination: Ignore detections (false positive) - Avira AntiVirus as TR/Agent.1042480 (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\nero\nero 7\nero vision\vcdlib.dll Publisher: Nero AG Signer: Nero AG MD5: a726ffb862bd8322d90380d71a6d65cf SHA-1: 03baf21bc4b286fff75c1b726b59ea02f17efa22 Created: 8/3/2007 3:58:48 PM Detections: 1 Determination: Ignore detections (false positive) - ByteHero BDV as Trojan.Malware.Win32.xPack.g (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\real\realplayer\setup\vc9_runtime.msi Publisher: MD5: 40a13534ba71777483a8e6cefb0c60d8 SHA-1: 5eb25bd3a5a77167c4e50a00c90bfdbdd1870b94 Created: 6/7/2014 1:19:58 PM Detections: 1 Determination: Ignore detections (false positive) - eSafe as Suspicious File --------------------------------------------------------------------------------- File path: c:\program files (x86)\roxio 2012\virtual drive\emudisk\winnt\amd64\c2scsi64.sys Publisher: Sonic Solutions Signer: Sonic Solutions MD5: 59626ab5920f316bdbfdc8b47521a882 SHA-1: d305e23e6ce6af46502aacbfb9dedef23b673458 Created: 6/6/2012 11:41:06 AM Detections: 1 Determination: Ignore detections (false positive) - Fortinet FortiGate as W32/Swisyn.AMLS!tr (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\seagate\seagate dashboard 2.0\microsoft.practices.servicelocation.dll Publisher: Microsoft Signer: Microsoft Corporation MD5: 6df78bb163d443d95b21f58808320af7 SHA-1: a0263ec61435d1ee4c18a92a06ac3ea2c42eb730 Created: 4/1/2012 4:42:50 PM Detections: 1 Determination: Inconclusive - XVirus List as Win.Detected (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\seagate\seagate dashboard 2.0\de-de\backitup.resources.dll Publisher: Nero AG Signer: Nero AG MD5: 81602be7c5b50c2ff13be844c82bedb2 SHA-1: c3c1af458a817b840d6f630f1b724fb5e89a5df0 Created: 4/1/2012 4:42:46 PM Detections: 1 Determination: Ignore detections (false positive) - Jiangmin as Backdoor/VB.bhx (Undefined) --------------------------------------------------------------------------------- File path: c:\program files (x86)\seagate\seagate dashboard 2.0\en-us\backitup.resources.dll Publisher: Nero AG Signer: Nero AG MD5: 3cbed9009bf054f1097f3f377bf98718 SHA-1: d411a7676bfd307980f71350501fb188dfcf01cd Created: 4/1/2012 4:42:46 PM Detections: 1 Determination: Ignore detections (false positive) - Jiangmin as Backdoor/VB.bhx (Undefined)

Hi, Today I had a drive by download attempt on my computer. My AV stated that it blocked it and I was running Sandboxie at the time as well, but the exploit page did display and it froze my browser pretty good. Afterwards I ran a quick scan with my AV and MBAM and both came up clean. Could one of you take a quick look just to be sure nothing got through? FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015 Ran by PLF (ATTENTION: The logged in user is not administrator) on SD70 on 08-02-2015 23:39:55 Running from C:\Users\PLF\Desktop Loaded Profiles: PLF (Available profiles: PWS & PLF) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 10 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exe Failed to access process -> csrss.exe Failed to access process -> wininit.exe Failed to access process -> csrss.exe Failed to access process -> winlogon.exe Failed to access process -> services.exe Failed to access process -> lsass.exe Failed to access process -> lsm.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> SbieSvc.exe Failed to access process -> svchost.exe Failed to access process -> spoolsv.exe Failed to access process -> svchost.exe Failed to access process -> armsvc.exe Failed to access process -> AppleMobileDeviceService.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe Failed to access process -> atkexComSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe Failed to access process -> aaHMSvc.exe Failed to access process -> AsSysCtrlService.exe Failed to access process -> mDNSResponder.exe Failed to access process -> AsHookDevice.exe Failed to access process -> LSSrvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe Failed to access process -> mbae-svc.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe Failed to access process -> mbae64.exe Failed to access process -> mbamscheduler.exe Failed to access process -> conhost.exe Failed to access process -> mbamservice.exe Failed to access process -> ccsvchst.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> rndlresolversvc.exe Failed to access process -> rpdsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe Failed to access process -> RealPlayerUpdateSvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\ccsvchst.exe Failed to access process -> Seagate.Dashboard.DASWindowsService.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Microsoft Corporation) C:\Program Files (x86)\EMET\EMET_notifier.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe Failed to access process -> svchost.exe Failed to access process -> WLIDSVC.EXE Failed to access process -> WLIDSVCM.EXE Failed to access process -> WmiPrvSE.exe Failed to access process -> NMIndexingService.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe Failed to access process -> iPodService.exe Failed to access process -> SearchIndexer.exe Failed to access process -> svchost.exe Failed to access process -> SearchProtocolHost.exe Failed to access process -> WUDFHost.exe Failed to access process -> SearchFilterHost.exe Failed to access process -> svchost.exe Failed to access process -> SbieSvc.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieCrypto.exe (RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe Failed to access process -> LMS.exe Failed to access process -> sppsvc.exe Failed to access process -> taskeng.exe Failed to access process -> UNS.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" HKLM-x32\...\Run: [RunAIShell] => C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.) HKLM-x32\...\Run: [ConnectionCenter] => "C:\Users\PWS\AppData\Local\Citrix\ICA Client\concentr.exe" /startup HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1454184 2012-05-04] (Seagate Technology LLC) HKLM-x32\...\Run: [EMET Notifier] => C:\Program Files (x86)\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation) HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-06-07] (RealNetworks, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-809943335-2564626158-2276789416-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [455968 2007-08-23] (Hewlett-Packard Company) HKU\S-1-5-21-809943335-2564626158-2276789416-1001\...\Run: [uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [119440 2012-05-04] (Seagate Technology LLC) HKU\S-1-5-21-809943335-2564626158-2276789416-1001\...\Run: [sandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784904 2014-10-14] (Sandboxie Holdings, LLC) HKU\S-1-5-21-809943335-2564626158-2276789416-1001\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG) HKU\S-1-5-21-809943335-2564626158-2276789416-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [1128000 2014-06-03] (BillP Studios) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\asusvibelauncher.lnk ShortcutTarget: asusvibelauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.) Startup: C:\Users\PLF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 6830.lnk ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 6830.lnk -> C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP) ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.6.0.27\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.6.0.27\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.6.0.27\buShell.dll (Symantec Corporation) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-809943335-2564626158-2276789416-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/ HKU\S-1-5-21-809943335-2564626158-2276789416-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/ SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-809943335-2564626158-2276789416-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869 BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll () BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll () Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll () Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\coIEPlg.dll (Symantec Corporation) Toolbar: HKU\S-1-5-21-809943335-2564626158-2276789416-1001 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () Toolbar: HKU\S-1-5-21-809943335-2564626158-2276789416-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll () Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll () Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=17.0.10.8 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.10 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.10 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.10 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=17.0.10.8 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn [2015-02-08] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF [2013-10-09] FF HKLM-x32\...\Firefox\Extensions: [{7ADCCCD0-FDEC-4A18-A329-550A87710223}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-07] Chrome: ======= CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-17] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-17] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-05-13] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] () R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe [915072 2010-11-19] () R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe [586880 2010-10-21] () R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed] R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation) R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed] R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-05-13] () R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-06-07] () [File not signed] R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-05-23] () [File not signed] S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1095824 2012-06-02] (Corel Corporation) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC) R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [14496 2012-05-04] (Seagate Technology LLC) S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] () R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] () R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1406000.01B\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-12] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-12] (Symantec Corporation) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] () R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20150206.001\IDSvia64.sys [669400 2015-02-05] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-08] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20150208.001\ENG64.SYS [129752 2015-01-20] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20150208.001\EX64.SYS [2137304 2015-01-20] (Symantec Corporation) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-05-02] (Corel Corporation) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC) R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1406000.01B\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1406000.01B\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1406000.01B\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-16] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1406000.01B\Ironx64.SYS [224416 2012-07-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1406000.01B\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-08 23:39 - 2015-02-08 23:40 - 00026505 _____ () C:\Users\PLF\Desktop\FRST.txt 2015-02-08 23:34 - 2015-02-08 23:34 - 02132992 _____ (Farbar) C:\Users\PLF\Desktop\FRST64.exe 2015-02-08 16:51 - 2015-02-08 16:55 - 00000362 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_PWS.job 2015-02-08 16:51 - 2015-02-08 16:55 - 00000358 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_PWS.job 2015-02-02 21:03 - 2015-02-02 21:03 - 00001757 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-02-02 21:03 - 2015-02-02 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-02-02 21:02 - 2015-02-02 21:03 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-02-02 21:02 - 2015-02-02 21:03 - 00000000 ____D () C:\Program Files\iTunes 2015-02-02 21:02 - 2015-02-02 21:02 - 00000000 ____D () C:\Program Files\iPod 2015-02-02 21:02 - 2015-02-02 21:02 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-01-23 22:24 - 2015-01-23 22:24 - 00852573 _____ () C:\Users\PLF\Desktop\securitycheck.exe 2015-01-21 15:06 - 2015-01-21 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auran 2015-01-21 15:05 - 2015-01-21 15:05 - 00001684 _____ () C:\Users\Public\Desktop\TC.lnk 2015-01-21 15:05 - 2015-01-21 15:05 - 00000000 ____D () C:\Program Files (x86)\Auran 2015-01-19 00:41 - 2015-01-19 00:41 - 00002204 _____ () C:\Users\Public\Desktop\HP Officejet Pro 6830.lnk 2015-01-19 00:41 - 2015-01-19 00:41 - 00001156 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 6830.lnk 2015-01-19 00:41 - 2014-07-18 19:48 - 00763968 ____N (Hewlett-Packard Development Company, LP) C:\Windows\system32\HPDiscoPM7212.dll 2015-01-15 18:47 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-15 18:47 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-15 18:47 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-15 18:47 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-15 18:47 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-15 18:47 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-15 18:47 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-15 18:47 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-15 18:47 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-15 18:47 - 2014-12-11 11:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-15 18:47 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-15 18:47 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-15 18:47 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-08 23:40 - 2011-12-18 12:16 - 01299965 _____ () C:\Windows\WindowsUpdate.log 2015-02-08 23:39 - 2012-04-21 02:03 - 00000000 ____D () C:\FRST 2015-02-08 23:36 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-08 23:36 - 2009-07-13 22:51 - 00152004 _____ () C:\Windows\setupact.log 2015-02-08 23:35 - 2009-07-13 22:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-08 23:35 - 2009-07-13 22:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-08 23:30 - 2014-04-24 21:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-08 23:13 - 2013-02-25 21:20 - 00001676 _____ () C:\Windows\Sandboxie.ini 2015-02-08 23:05 - 2012-03-30 08:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-08 22:31 - 2014-09-20 10:22 - 00000000 ____D () C:\Users\PLF\Documents\Flight Simulator Files 2015-02-05 23:14 - 2011-12-18 13:43 - 00000000 ____D () C:\ProgramData\Norton 2015-02-05 23:05 - 2012-03-30 08:15 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-05 23:05 - 2011-12-26 00:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-03 18:39 - 2012-08-15 20:19 - 00000000 ____D () C:\ProgramData\TEMP 2015-02-03 18:39 - 2012-08-15 20:19 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2015-02-03 18:31 - 2012-08-28 16:23 - 00000000 ____D () C:\Users\PLF\AppData\Roaming\Apple Computer 2015-02-02 21:02 - 2011-12-18 14:29 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-02-02 20:22 - 2010-11-20 21:47 - 00926980 _____ () C:\Windows\PFRO.log 2015-02-01 15:15 - 2014-07-27 22:29 - 00000000 ____D () C:\Users\PLF\Desktop\sunset pics 2015-01-31 12:51 - 2012-12-11 22:47 - 00000000 ____D () C:\Users\PLF\Desktop\Metra AC 2015-01-21 15:31 - 2012-09-01 00:47 - 00000000 ____D () C:\Users\PLF\AppData\Local\CrashDumps 2015-01-21 15:09 - 2011-05-31 15:02 - 00038578 _____ () C:\Windows\DirectX.log 2015-01-21 15:04 - 2011-12-18 12:24 - 00000000 ____D () C:\Users\PWS 2015-01-19 00:56 - 2011-12-29 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2015-01-19 00:56 - 2011-12-29 13:43 - 00000000 ____D () C:\Program Files (x86)\HP 2015-01-19 00:56 - 2011-12-29 13:42 - 00000000 ____D () C:\Program Files\HP 2015-01-19 00:43 - 2012-08-28 22:35 - 00000000 ____D () C:\Users\PLF\AppData\Local\HP 2015-01-19 00:41 - 2011-12-29 13:43 - 00000000 ____D () C:\ProgramData\HP 2015-01-19 00:19 - 2009-07-13 23:13 - 00797890 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-16 00:11 - 2013-07-16 16:09 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-16 00:03 - 2011-12-20 12:23 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Files in the root of some directories ======= 2012-09-01 00:46 - 2012-12-16 21:08 - 0000000 _____ () C:\Users\PLF\AppData\Roaming\FileIn.cns 2012-09-01 00:46 - 2012-12-16 21:08 - 0000000 _____ () C:\Users\PLF\AppData\Roaming\FileOut.cns 2013-04-24 20:44 - 2014-11-16 21:40 - 0299308 _____ () C:\Users\PLF\AppData\Local\rx_image32.Cache 2014-10-23 21:07 - 2014-10-23 21:07 - 0000057 _____ () C:\ProgramData\Ament.ini ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD. Check to make sure user is administrator or see Addition.txt for additional information. ==================== End Of Log ============================ Additon.TXT: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015 Ran by PLF at 2015-02-08 23:40:38 Running from C:\Users\PLF\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 1.2.0 - Hewlett-Packard) Hidden Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) AI Manager (HKLM-x32\...\{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}) (Version: 1.09.06 - ASUSTeK Computer Inc.) AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.01.12 - ASUSTeK) Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASUS Backup Wizard (HKLM-x32\...\{124C9BD0-8C52-40AB-8238-0605703B1C28}) (Version: 1.00.10 - ASUSTeK Computer Inc.) AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.628 - ASUSTEK) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.1.10049.0 - Cisco Consumer Products LLC) Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.1.0.30 - Citrix Systems, Inc.) Citrix XenApp Web Plugin (HKLM-x32\...\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}) (Version: 11.0.0.5357 - Citrix Systems, Inc.) Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation) Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink) EMET (HKLM-x32\...\{DE7A5DDF-47B3-42FF-A082-E158DEA37392}) (Version: 3.0.0 - Microsoft) ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Free M4a to MP3 Converter 7.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com) Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden HP Officejet Pro 6830 Basic Device Software (HKLM\...\{98040AB6-D667-409C-81E7-DB65836B3EE0}) (Version: 33.1.73.49987 - Hewlett-Packard Co.) HP Officejet Pro 6830 Help (HKLM-x32\...\{28693307-6F99-4B5D-9FA3-4D9132DDA716}) (Version: 34.0.0 - Hewlett Packard) HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}) (Version: 22.50.231.0 - Hewlett-Packard Co.) HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard) HP Officejet Pro 8500 A910 Product Improvement Study (HKLM\...\{0308919C-E317-4293-8D3C-97EF307BCDBC}) (Version: 22.50.231.0 - Hewlett-Packard Co.) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LightScribe System Software 1.10.13.1 (x32 Version: 1.10.13.1 - http://www.lightscribe.com) Hidden Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Marketsplash Shortcuts (HKLM-x32\...\{16FCDD97-AE09-476B-88CD-261D852BD34C}) (Version: 1.0.1.7 - Hewlett-Packard) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Flight Simulator 2004 A Century of Flight (HKLM-x32\...\Flight Simulator 9.0) (Version: 9.0 - Microsoft) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Train Simulator (HKLM-x32\...\Train Simulator 1.0) (Version: - ) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MSTS Patch 1.8.0521 EN (HKLM-x32\...\{587A2120-41D3-11DB-3D6C-00E19E4D4AE1}) (Version: 1.8.052113 - George) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) Nero 7 Essentials (HKLM-x32\...\{8E72B982-D54F-486F-B35A-C24B6F171033}) (Version: 7.03.0581 - Nero AG) Norton Security Suite (HKLM-x32\...\N360) (Version: 20.6.0.27 - Symantec Corporation) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) RailDriver for MSTS (HKLM-x32\...\{32C47C66-6393-413B-92D6-295E8A1D65DC}) (Version: - ) RealDownloader (x32 Version: 17.0.10 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.10 - RealNetworks) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek) Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6235 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Roxio Easy Video Copy and Convert 5 (HKLM-x32\...\{DC7FB4DA-8260-472E-8A31-88712EE14BBE}) (Version: 5.0 - Roxio) Safari (HKLM-x32\...\{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}) (Version: 5.34.52.7 - Apple Inc.) Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC) Seagate Dashboard 2.0 (HKLM-x32\...\{43C423D9-E6D6-4607-ADC9-EBB54F690C57}) (Version: 2.0.29.0 - Seagate) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) TC (HKLM-x32\...\{9D244037-7E69-4D6E-9729-0797D9294831}) (Version: 1.00.000 - ) Track Builder 3 (HKLM-x32\...\{0D4999B8-3990-4026-A744-D842CE8C886A}) (Version: 3.1 - Signal Computer Consultants) Train Dispatcher 3 (HKLM-x32\...\{1306CFD5-28AE-486C-A298-90B50DA5DC5E}) (Version: 3.1 - Signal Computer Consultants) UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 31.0.2014.0 - BillP Studios) WOT for Internet Explorer (HKLM\...\{C0DA129B-1E45-494D-A362-5CD0109C306B}) (Version: 11.11.7.0 - WOT Services Oy) WOT for Internet Explorer (HKLM-x32\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version: 12.8.2.0 - WOT Services Oy) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= ATTENTION: System Restore is disabled. Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2012-04-21 19:42 - 00000098 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ? Task: C:\Windows\Tasks\hpwebreg_CN18IDM234.job => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HpWebReg.exe Task: C:\Windows\Tasks\hpwebreg_xxxxxxxxxx.job => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HpWebReg.exe Task: C:\Windows\Tasks\ReclaimerUpdateFiles_PWS.job => ? Task: C:\Windows\Tasks\ReclaimerUpdateXML_PWS.job => ? ==================== Loaded Modules (whitelisted) ============== 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2012-03-19 21:09 - 2012-03-19 21:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-809943335-2564626158-2276789416-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\PLF\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-809943335-2564626158-2276789416-500 - Administrator - Disabled) Guest (S-1-5-21-809943335-2564626158-2276789416-501 - Limited - Disabled) PLF (S-1-5-21-809943335-2564626158-2276789416-1001 - Limited - Enabled) => C:\Users\PLF PWS (S-1-5-21-809943335-2564626158-2276789416-1000 - Administrator - Enabled) => C:\Users\PWS ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second Error: (01/27/2015 10:03:55 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/27/2015 10:03:07 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (01/26/2015 08:09:48 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (02/08/2015 11:37:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Defender service terminated with the following error: %%126 Error: (02/08/2015 11:29:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Defender service terminated with the following error: %%126 Error: (02/08/2015 04:56:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Defender service terminated with the following error: %%126 Error: (02/08/2015 04:50:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Defender service terminated with the following error: %%126 Error: (02/08/2015 03:26:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Defender service terminated with the following error: %%126 Error: (02/08/2015 00:12:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Defender service terminated with the following error: %%126 Error: (02/07/2015 00:17:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Defender service terminated with the following error: %%126 Error: (02/05/2015 10:12:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Defender service terminated with the following error: %%126 Error: (02/04/2015 08:07:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Defender service terminated with the following error: %%126 Error: (02/03/2015 06:41:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Defender service terminated with the following error: %%126 Microsoft Office Sessions: ========================= Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second Error: (01/27/2015 10:03:55 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (01/27/2015 10:03:07 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{DDA3E863-CD90-4180-80A2-A1522ECC9531}\recordingmanager.exe Error: (01/26/2015 08:09:48 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe ==================== Memory info =========================== Processor: Intel® Core i5-2320 CPU @ 3.00GHz Percentage of memory in use: 18% Total physical RAM: 12199.23 MB Available physical RAM: 9962.18 MB Total Pagefile: 24396.64 MB Available Pagefile: 22129.37 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (WIN7) (Fixed) (Total:745.21 GB) (Free:651.79 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (DATA) (Fixed) (Total:1103.63 GB) (Free:700.75 GB) NTFS Drive e: (FS_DISC4) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ==================== End Of Log ============================

Gringo, The computer is working good, I don't see any other issues. Thank you very much again for your help! :-) A donation will be coming your way shortly.

Gringo, I ran the bat file and it worked without issues. I need to sign off for tonight but if its okay with you I'd like to just use the computer a little more tomorrow to see if I notice anything amiss. It seems to be working okay now but I want to be sure while we have the topic still open. I'll get back to you tomorrow afternoon :-)

I removed a few of the startup programs with Hijackthis. Below is the ESET log, it found some items. C:\Documents and Settings\USER\Local Settings\TempImages\AskInstallChecker-1.5.0.0.exe a variant of Win32/Bundled.Toolbar.Ask application C:\Documents and Settings\USER\Local Settings\TempImages\askToolbarInstaller-1.9.1.0.exe a variant of Win32/Bundled.Toolbar.Ask application C:\Documents and Settings\USER\Local Settings\TempImages\UpdateInstaller.exe a variant of Win32/Agent.SZW trojan C:\Documents and Settings\USER\My Documents\Downloads\FreeWAVToMP3ConverterSetup.exe multiple threats C:\TDSSKiller_Quarantine\05.10.2011_20.40.43\susp0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.CR trojan C:\TDSSKiller_Quarantine\13.10.2011_23.39.46\susp0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.CR trojan D:\Program Files\AOL Instant Messenger\AIM.exe Win32/Adware.WBug.A application

Computer is a bit slow on the internet and in general but I think it was that way even before the rootkit was on it :-) Logs below: Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.04.30.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 USER :: P4P800-SE [administrator] Protection: Enabled 4/30/2013 5:07:23 PM mbam-log-2013-04-30 (17-07-23).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 241132 Time elapsed: 10 minute(s), 3 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 5:19:00 PM, on 4/30/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Iomega\AutoDisk\ADUserMon.exe C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\program files\real\realplayer\update\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\USER\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\IPS\IPSBHO.DLL O2 - BHO: - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking10\Ereg.ini O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzU5MDE1MjEzLVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1831"&"mid=67217e50267847d19092547b91d34f9b-06ce4fc639803a2e3563922518183d8e94088cb9 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - https://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221295268468 O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 8123 bytes

CF log below. Upon running Combofix with the script, it again advised that Zeroaccess was on the machine and has corrupted the TCP/IP stack. It then again restarted the computer and gave a message of rootkit activity after the restart. Then proceeded with its scan (no restart after the scan). I'll be back online tomorrow afternoon. ComboFix 13-04-28.01 - USER 04/29/2013 23:54:17.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.496 [GMT -5:00] Running from: c:\documents and settings\USER\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\USER\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . . ((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-30 ))))))))))))))))))))))))))))))) . . 2013-04-30 03:48 . 2013-04-30 03:48 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-04-29 00:47 . 2013-03-02 02:06 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2013-04-29 00:45 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys 2013-04-29 00:45 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-04 19:50 . 2011-10-22 04:27 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-08 08:36 . 2003-03-31 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 01:32 . 2003-03-31 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 00:50 . 2002-08-29 01:04 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-02 02:06 . 2004-02-07 00:05 916480 ----a-w- c:\windows\system32\wininet.dll 2013-03-02 02:06 . 2003-03-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-02 02:06 . 2003-03-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-03-02 01:25 . 2003-03-31 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-03-02 01:08 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec 2013-02-27 07:56 . 2004-06-22 21:08 2067456 ----a-w- c:\windows\system32\mstscax.dll 2013-02-12 00:32 . 2004-08-04 06:04 12928 ------w- c:\windows\system32\drivers\usb8023x.sys 2013-02-12 00:32 . 2003-03-31 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2005-03-22 05:48 . 2005-03-22 05:46 877056 ----a-w- c:\program files\iview395.exe 2005-02-22 02:40 . 2005-02-22 01:28 7096170 ----a-w- c:\program files\WSFTP_ProT40_Install.exe 2005-02-17 23:13 . 2005-02-17 23:13 295120 ----a-w- c:\program files\NSSetup.exe 2004-11-04 01:17 . 2004-11-04 01:17 2636408 ----a-w- c:\program files\aawsepersonal.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ptipbmf"="ptipbmf.dll" [2003-06-20 118784] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528] "ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456] "Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 86016] "SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-02-16 221184] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-12-02 296056] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctNzU5MDE1MjEzLVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ∏=90&ver=2012.0.1831&mid=67217e50267847d19092547b91d34f9b-06ce4fc639803a2e3563922518183d8e94088cb9" [?] "Z1"="c:\documents and settings\USER\Desktop\mbar\mbar.exe" [2013-03-23 1398856] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^USER^Start Menu^Programs^Startup^TrueAssistant.lnk] path=c:\documents and settings\USER\Start Menu\Programs\Startup\TrueAssistant.lnk backup=c:\windows\pss\TrueAssistant.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2008-11-07 20:16 111936 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComcastAntispyClient] 2009-08-19 17:25 1589208 ----a-w- c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2] 2008-04-24 18:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Deskup] 2002-07-16 15:55 32768 ----a-w- c:\program files\Iomega\DriveIcons\deskup.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] 2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\AOL\1106098516\EE\aolsoftware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] 2002-09-23 14:50 36864 ----a-w- c:\program files\Scansoft\PaperPort\IndexSearch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2005-02-16 21:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-12-13 23:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2004-02-13 10:41 155648 ----a-r- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor] 2003-08-18 12:12 98304 ----a-w- c:\program files\Visioneer OneTouch\OneTouchMon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] 2002-09-23 14:25 45108 ----a-w- c:\program files\Scansoft\PaperPort\pptd40nt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic] 2004-04-05 21:33 99480 ----a-w- c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "_IOMEGA_ACTIVE_DISK_SERVICE_"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "sprtsvc_ddoctorv2"=2 (0x2) "MsMpSvc"=2 (0x2) "MDM"=2 (0x2) "ITMRTSVC"=2 (0x2) "iPod Service"=3 (0x3) "Iomega App Services"=2 (0x2) "gusvc"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "AOLService"=2 (0x2) "AOL TopSpeedMonitor"=2 (0x2) "AntiSpywareService"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Trainmaster\\TM4\\TM4.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\Common Files\\AOL\\1106098516\\EE\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\1106098516\\EE\\aolsoftware.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502020.003\symds.sys [1/1/2005 2:03 AM 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502020.003\symefa.sys [1/1/2005 2:03 AM 744568] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130412.001\BHDrvx86.sys [4/13/2013 12:09 AM 1000024] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502020.003\ironx86.sys [1/1/2005 2:03 AM 136312] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [4/27/2013 4:35 PM 418376] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/21/2011 11:27 PM 701512] R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe [1/1/2005 2:02 AM 130008] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/1/2005 2:01 AM 106656] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130430.001\IDSXpx86.sys [4/29/2013 11:31 PM 373728] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/21/2011 11:27 PM 22856] R3 PIBus;PIBus Device;c:\windows\system32\drivers\PIBus.sys [7/27/2004 12:22 PM 43004] R3 PIKbd;PI Virtual Keyboard;c:\windows\system32\drivers\PIKbd.sys [7/27/2004 12:22 PM 3878] S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2/2/2011 4:56 PM 23456] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/29/2013 10:48 PM 35144] S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [10/3/2011 1:45 AM 10112] S3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;c:\windows\system32\drivers\yukonx86.sys [7/23/2004 6:03 PM 176256] S4 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [6/17/2009 12:49 PM 616408] . Contents of the 'Scheduled Tasks' folder . 2011-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] . 2013-04-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1641216279-2740818761-1370937033-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 22:14] . 2011-12-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1641216279-2740818761-1370937033-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 22:14] . 2013-04-29 c:\windows\Tasks\ReclaimerUpdateFiles_USER.job - c:\documents and settings\USER\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-04-27 21:52] . 2013-04-29 c:\windows\Tasks\ReclaimerUpdateXML_USER.job - c:\documents and settings\USER\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-04-27 21:52] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mWindow Title = Windows Internet Explorer provided by Comcast uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxps://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab . - - - - ORPHANS REMOVED - - - - . SafeBoot-85673453.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-04-30 00:18 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2] "ImagePath"="\"\"" . Completion time: 2013-04-30 00:24:25 ComboFix-quarantined-files.txt 2013-04-30 05:24 ComboFix2.txt 2013-04-29 22:54 . Pre-Run: 7,348,576,256 bytes free Post-Run: 7,373,238,272 bytes free . - - End Of File - - 319F1BED994D43A7A92CCE4C41ED7A35

MBAR: Malwarebytes Anti-Rootkit BETA 1.05.0.1001 www.malwarebytes.org Database version: v2013.04.29.09 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 USER :: P4P800-SE [administrator] 4/29/2013 11:19:27 PM mbar-log-2013-04-29 (23-19-27).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 27896 Time elapsed: 30 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.05.0.1001 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.800000 GHz Memory total: 1073197056, free: 451878912 ------------ Kernel report ------------ 04/29/2013 22:48:03 ------------ Loaded modules ----------- \WINDOWS\system32\ntoskrnl.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll 04947186.sys ACPI.sys \WINDOWS\System32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys pciide.sys \WINDOWS\System32\DRIVERS\PCIIDEX.SYS MountMgr.sys ftdisk.sys dmload.sys dmio.sys PartMgr.sys VolSnap.sys atapi.sys \WINDOWS\System32\DRIVERS\SCSIPORT.SYS disk.sys \WINDOWS\System32\DRIVERS\CLASSPNP.SYS fltmgr.sys SYMDS.SYS sr.sys SYMEFA.SYS KSecDD.sys WudfPf.sys Ntfs.sys NDIS.sys Mup.sys agp440.sys iomdisk.sys \SystemRoot\System32\DRIVERS\intelppm.sys \SystemRoot\System32\DRIVERS\nv4_mini.sys \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS \SystemRoot\System32\DRIVERS\usbuhci.sys \SystemRoot\System32\DRIVERS\USBPORT.SYS \SystemRoot\System32\DRIVERS\usbehci.sys \SystemRoot\System32\DRIVERS\Intels51.sys \SystemRoot\System32\Drivers\Modem.SYS \SystemRoot\system32\DRIVERS\Rtnicxp.sys \SystemRoot\System32\DRIVERS\fdc.sys \SystemRoot\System32\DRIVERS\serial.sys \SystemRoot\System32\DRIVERS\serenum.sys \SystemRoot\System32\DRIVERS\parport.sys \SystemRoot\System32\DRIVERS\imapi.sys \SystemRoot\System32\DRIVERS\cdrom.sys \SystemRoot\System32\DRIVERS\redbook.sys \SystemRoot\System32\DRIVERS\ks.sys \SystemRoot\System32\Drivers\GEARAspiWDM.sys \SystemRoot\system32\drivers\ALCXWDM.SYS \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\DRIVERS\audstub.sys \SystemRoot\System32\DRIVERS\rasl2tp.sys \SystemRoot\System32\DRIVERS\ndistapi.sys \SystemRoot\System32\DRIVERS\ndiswan.sys \SystemRoot\System32\DRIVERS\raspppoe.sys \SystemRoot\System32\DRIVERS\raspptp.sys \SystemRoot\System32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\ptilink.sys \SystemRoot\System32\DRIVERS\raspti.sys \SystemRoot\System32\DRIVERS\PIBus.sys \SystemRoot\System32\DRIVERS\rdpdr.sys \SystemRoot\System32\DRIVERS\termdd.sys \SystemRoot\System32\DRIVERS\kbdclass.sys \SystemRoot\System32\DRIVERS\mouclass.sys \SystemRoot\System32\DRIVERS\swenum.sys \SystemRoot\System32\DRIVERS\update.sys \SystemRoot\System32\DRIVERS\mssmbios.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\System32\DRIVERS\PIKbd.sys \SystemRoot\System32\DRIVERS\HIDCLASS.SYS \SystemRoot\System32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\DRIVERS\kbdhid.sys \SystemRoot\System32\DRIVERS\usbhub.sys \SystemRoot\System32\DRIVERS\USBD.SYS \SystemRoot\system32\drivers\MODEMCSA.sys \SystemRoot\System32\DRIVERS\flpydisk.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\System32\DRIVERS\msgpc.sys \SystemRoot\System32\DRIVERS\tcpip.sys \SystemRoot\System32\DRIVERS\ipnat.sys \SystemRoot\System32\Drivers\N360\0502020.003\SYMTDI.SYS \SystemRoot\System32\DRIVERS\wanarp.sys \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130426.001\IDSxpx86.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\System32\drivers\ws2ifsl.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbios.sys \SystemRoot\system32\drivers\N360\0502020.003\Ironx86.SYS \SystemRoot\system32\drivers\N360\0502020.003\SRTSPX.SYS \SystemRoot\System32\DRIVERS\rdbss.sys \SystemRoot\System32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130412.001\BHDrvx86.sys \SystemRoot\System32\DRIVERS\hidusb.sys \SystemRoot\System32\DRIVERS\mouhid.sys \SystemRoot\System32\DRIVERS\USBSTOR.SYS \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\System32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_WMILIB.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\nv4_disp.dll \SystemRoot\System32\ATMFD.DLL \??\C:\WINDOWS\system32\drivers\mbam.sys \SystemRoot\System32\DRIVERS\ndisuio.sys \SystemRoot\System32\DRIVERS\mrxdav.sys \SystemRoot\System32\Drivers\ParVdm.SYS \SystemRoot\System32\Drivers\TBPanel.SYS \SystemRoot\System32\DRIVERS\HSF_FALL.sys \SystemRoot\System32\DRIVERS\HSF_FSKS.sys \SystemRoot\System32\DRIVERS\HSF_K56K.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\System32\DRIVERS\mdmxsdk.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\System32\DRIVERS\HSF_FAXX.sys \SystemRoot\System32\DRIVERS\HSF_TONE.sys \SystemRoot\System32\DRIVERS\HSF_V124.sys \SystemRoot\System32\Drivers\Fastfat.SYS \SystemRoot\System32\Drivers\N360\0502020.003\SRTSP.SYS \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130429.017\NAVEX15.SYS \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130429.017\NAVENG.SYS \SystemRoot\System32\DRIVERS\ipfltdrv.sys \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\system32\drivers\kmixer.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk5\DR8 Upper Device Object: 0xffffffff85e7f248 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000087\ Lower Device Object: 0xffffffff85dcc030 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR Initialization returned 0x0 Load Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk4\DR7 Upper Device Object: 0xffffffff85e72ab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000086\ Lower Device Object: 0xffffffff85e1e030 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk3\DR6 Upper Device Object: 0xffffffff85da3250 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000085\ Lower Device Object: 0xffffffff86083ea0 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk2\DR5 Upper Device Object: 0xffffffff85d6e250 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000084\ Lower Device Object: 0xffffffff85e59ea0 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xffffffff8736bab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T1L0-c\ Lower Device Object: 0xffffffff87316d98 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Load Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8736dab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-4\ Lower Device Object: 0xffffffff87365d98 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Downloaded database version: v2013.04.29.09 Downloaded database version: v2013.04.25.01 Initializing... Done! <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8736dab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8734fe08, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8736dab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8736eae0, DeviceName: Unknown, DriverName: \Driver\iomdisk\ DevicePointer: 0xffffffff87389510, DeviceName: \Device\00000072\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff87365d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-4\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xffffffffe1dfc318, 0xffffffff8736dab8, 0xffffffff84d43670 Lower DeviceData: 0xffffffffe1e445b0, 0xffffffff87365d98, 0xffffffff84d93cb0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\WINDOWS\system32\drivers... <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\alcxinit.dat" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ALCXSENS.SYS" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ASUSHWIO.SYS" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\HSF_AMOS.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\pciide.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\HSF_BSC2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mouhid.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\smsens.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\HSF_SAMP.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\HSF_SOAR.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\HSF_SPKP.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\IomDisk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1) Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 75257525 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 73738287 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 73738350 Numsec = 82558035 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 80026361856 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)... Physical Sector Size: 0 Drive: 1, DevicePointer: 0xffffffff8736bab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8736cb60, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8736bab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8736cd78, DeviceName: Unknown, DriverName: \Driver\iomdisk\ DevicePointer: 0xffffffff87366f18, DeviceName: \Device\00000073\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff87316d98, DeviceName: \Device\Ide\IdeDeviceP0T1L0-c\, DriverName: \Driver\atapi\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xffffffff85d6e250, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff86090b80, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff85d6e250, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff85e5e6e0, DeviceName: Unknown, DriverName: \Driver\iomdisk\ DevicePointer: 0xffffffff85e59ea0, DeviceName: \Device\00000084\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xffffffff85da3250, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff85ddc4a0, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff85da3250, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff85dd4310, DeviceName: Unknown, DriverName: \Driver\iomdisk\ DevicePointer: 0xffffffff86083ea0, DeviceName: \Device\00000085\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xffffffff85e72ab8, DeviceName: \Device\Harddisk4\DR7\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff86085db8, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff85e72ab8, DeviceName: \Device\Harddisk4\DR7\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff85fa5718, DeviceName: Unknown, DriverName: \Driver\iomdisk\ DevicePointer: 0xffffffff85e1e030, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xffffffff85e7f248, DeviceName: \Device\Harddisk5\DR8\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff85e399b8, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff85e7f248, DeviceName: \Device\Harddisk5\DR8\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff85dc08c0, DeviceName: Unknown, DriverName: \Driver\iomdisk\ DevicePointer: 0xffffffff85dcc030, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Done! Performing system, memory and registry scan... Read File: File "c:\Documents and Settings\Administrator\Application Data\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\appdata.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\gotoko.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.040902-0045.log" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\Hx.hxn" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\Hx_1033_MValidator.Lck" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.Dexplore.hxn" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.VSCC.2003_1033_MValidator.Lck" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.MSDNQTR.2003FEB.1033_1033_MValidator.Lck" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.NETFrameworkSDKv1.1_1033_MValidator.Lck" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.Dexplore_1033_MValidator.Lck" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Application Data\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1) Read File: File "c:\Documents and Settings\USER\Application Data\Help\editingtools.ANN" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1) Read File: File "c:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\$ncsp$.inf" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\pscript.sep" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\login.cmd" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\cmos.ram" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\l_except.nls" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\pcl.sep" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\ntuser.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\ntuser.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\explorer.scf" is compressed (flags = 1) Read File: File "c:\WINDOWS\system.new" is compressed (flags = 1) Read File: File "c:\WINDOWS\nsreg.dat" is compressed (flags = 1) Read File: File "c:\WINDOWS\smscfg.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\vb.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\vbaddin.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\RtlRack.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\CS_setup.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\EReg077.dat" is compressed (flags = 1) Read File: File "c:\WINDOWS\ahd4.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\Q321064.log" is compressed (flags = 1) Read File: File "c:\WINDOWS\TSDataEx.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\logfile.txt" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\EnvDTE\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\msddslmp\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\msddsp\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Office\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\SoapSudsCode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\TlbExpCode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\TlbImpCode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Compatibility\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Compatibility.Data\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VSHelp\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\accessib.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\conf.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\connect.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\update.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\windows.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\wmerr.htm" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.rtm.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\al.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet.mof.uninstall" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ieexec.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\l_except.nlp" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\XPThemes.manifest" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regasm.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\caspol.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU1.txt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU2.txt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ASP.NETClientFiles\SmartNav.htm" is compressed (flags = 1) Read File: File "c:\WINDOWS\Web\bullet.gif" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\USER\Local Settings\Application Data\MigWiz\locale.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\USER\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\USER\Local Settings\Application Data\MigWiz\locale.dat" is compressed (flags = 1) Done! Scan finished =======================================